Added Moderation Tools, Captcha & Trollthrottle

2025-08-19 06:18:38 +00:00 · 2017-03-13 16:04:00 +01:00
parent 69b0d20825
commit 4177901714
33 changed files with 9696 additions and 261 deletions
--- a/http/admin/handler.go
+++ b/http/admin/handler.go
@@ -2,6 +2,7 @@ package admin

 import (
 	"bytes"
+	"fmt"
 	"github.com/GeertJohan/go.rice"
 	"github.com/icza/session"
 	"github.com/pressly/chi"
@@ -11,6 +12,7 @@ import (
 	"go.rls.moe/nyx/resources"
 	"html/template"
 	"net/http"
+	"strconv"
 	"time"
 )

@@ -43,7 +45,7 @@ func init() {

 // Router sets up the Administration Panel
 // It **must** be setup on the /admin/ basepath
-func Router(r chi.Router) {
+func AdminRouter(r chi.Router) {
 	r.Get("/", serveLogin)
 	r.Get("/index.html", serveLogin)
 	r.Get("/panel.html", servePanel)
@@ -52,6 +54,73 @@ func Router(r chi.Router) {
 	r.Post("/logout.sh", handleLogout)
 }

+// Router sets up moderation functions
+// It **must** be setup on the /mod/ basepath
+func ModRouter(r chi.Router) {
+	r.Post("/del_reply.sh", handleDelPost)
+}
+
+func handleDelPost(w http.ResponseWriter, r *http.Request) {
+	sess := middle.GetSession(r)
+	if sess == nil {
+		w.WriteHeader(http.StatusUnauthorized)
+		w.Write([]byte("Unauthorized"))
+		return
+	}
+	if sess.CAttr("mode") != "admin" && sess.CAttr("mode") != "mod" {
+		w.WriteHeader(http.StatusUnauthorized)
+		w.Write([]byte("Unauthorized"))
+		return
+	}
+
+	err := r.ParseForm()
+	if err != nil {
+		errw.ErrorWriter(err, w, r)
+		return
+	}
+
+	rid, err := strconv.Atoi(r.FormValue("reply_id"))
+	if err != nil {
+		errw.ErrorWriter(err, w, r)
+		return
+	}
+	trid, err := strconv.Atoi(r.FormValue("thread_id"))
+	if err != nil {
+		errw.ErrorWriter(err, w, r)
+		return
+	}
+	board := r.FormValue("board")
+
+	if sess.CAttr("mode") == "mod" && sess.CAttr("board") != board {
+		w.WriteHeader(http.StatusUnauthorized)
+		w.Write([]byte("Not on this board"))
+		return
+	}
+
+	db := middle.GetDB(r)
+
+	err = db.Update(func(tx *buntdb.Tx) error {
+		reply, err := resources.GetReply(tx, r.Host, board, trid, rid)
+		if err != nil {
+			return err
+		}
+		reply.Text = "[deleted]"
+		reply.Metadata["deleted"] = "yes"
+		err = resources.UpdateReply(tx, r.Host, board, reply)
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+
+	if err != nil {
+		errw.ErrorWriter(err, w, r)
+		return
+	}
+
+	http.Redirect(w, r, fmt.Sprintf("/%s/%d/thread.html", board, trid), http.StatusSeeOther)
+}
+
 func serveLogin(w http.ResponseWriter, r *http.Request) {
 	dat := bytes.NewBuffer([]byte{})
 	err := loginTmpl.Execute(dat, middle.GetBaseCtx(r))
--- a/http/admin/newboard.go
+++ b/http/admin/newboard.go
@@ -25,6 +25,7 @@ func handleNewBoard(w http.ResponseWriter, r *http.Request) {
 	err := r.ParseForm()
 	if err != nil {
 		errw.ErrorWriter(err, w, r)
+		return
 	}
 	db := middle.GetDB(r)

@@ -38,7 +39,7 @@ func handleNewBoard(w http.ResponseWriter, r *http.Request) {
 		return
 	}

-	if board.ShortName == "admin" && board.ShortName == "@" {
+	if board.ShortName == "admin" || board.ShortName == "@" || board.ShortName == "mod"{
 		errw.ErrorWriter(errors.New("No"), w, r)
 	}

--- a/http/admin/res/panel.html
+++ b/http/admin/res/panel.html
@@ -31,27 +31,47 @@
        <input type="reset" value="Reset" />
    </form>
 </div>
-<div class="panel remover post">
-    <form method="POST" action="/admin/rem_post.sh">
-        <input
-                type="hidden"
-                name="csrf_token"
-                value="{{ .CSRFToken }}" />
-        <input type="text" placeholder="post id" name="post id"/>
-        <input type="submit" value="Remove Post" />
-        <input type="reset" value="Reset" />
-    </form>
-</div>
-<div class="panel remover thread">
-    <form method="POST" action="/admin/rem_thread.sh">
-        <input
-                type="hidden"
-                name="csrf_token"
-                value="{{ .CSRFToken }}" />
-        <input type="text" placeholder="thread id" name="thread id"/>
-        <input type="submit" value="Remove thread" />
-        <input type="reset" value="Reset" />
+<div class="postarea">
+    <form id="postform1" action="/admin/new_admin.sh" method="POST">
+        <table>
+            <tbody>
+            <tr>
+                <td class="postblock">
+                    Action
+                </td>
+                <td>
+                    New Administrator
+                    <input
+                            type="hidden"
+                            name="csrf_token"
+                            value="{{ .CSRFToken }}" />
+                </td>
+            </tr>
+            <tr>
+                <td class="postblock">
+                    ID
+                </td>
+                <td>
+                    <input type="text"
+                           minlength="8"
+                           name="id" />
+                </td>
+            </tr>
+            <tr>
+                <td class="postblock">
+                    Password
+                </td>
+                <td>
+                    <input type="password"
+                           minlength="12"
+                           maxlength="255"
+                           name="id" />
+                </td>
+            </tr>
+            </tbody>
+        </table>
    </form>
 </div>
+<br clear="left" /><hr />
 </body>
 </html>