From 4df200c6c0d42026defde7451394dae01c5d7c4c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20N=C3=A9grier?= Date: Mon, 18 Jan 2021 16:41:20 +0100 Subject: [PATCH] Switching ban by IP to be world specific --- pusher/src/Services/AdminApi.ts | 4 ++-- pusher/src/Services/JWTTokenManager.ts | 13 +++++++++++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/pusher/src/Services/AdminApi.ts b/pusher/src/Services/AdminApi.ts index 75977482..48e8a1a4 100644 --- a/pusher/src/Services/AdminApi.ts +++ b/pusher/src/Services/AdminApi.ts @@ -116,12 +116,12 @@ class AdminApi { }); } - async verifyBanUser(organizationMemberToken: string, ipAddress: string, room: string): Promise { + async verifyBanUser(organizationMemberToken: string, ipAddress: string, organization: string, world: string): Promise { if (!ADMIN_API_URL) { return Promise.reject('No admin backoffice set!'); } //todo: this call can fail if the corresponding world is not activated or if the token is invalid. Handle that case. - return Axios.get(ADMIN_API_URL + '/api/check-moderate-user/' + ipAddress + '/' + organizationMemberToken + '/room/' + room, + return Axios.get(ADMIN_API_URL + '/api/check-moderate-user/'+organization+'/'+world+'?ipAddress='+ipAddress+'&token='+organizationMemberToken, {headers: {"Authorization": `${ADMIN_API_TOKEN}`}} ).then((data) => { return data.data; diff --git a/pusher/src/Services/JWTTokenManager.ts b/pusher/src/Services/JWTTokenManager.ts index 6605ec4e..68d5488a 100644 --- a/pusher/src/Services/JWTTokenManager.ts +++ b/pusher/src/Services/JWTTokenManager.ts @@ -76,8 +76,17 @@ class JWTTokenManager { } private verifyBanUser(userUuid: string, ipAddress: string, room: string): Promise { - const world = room.split('/')[1]; //check by world - return adminApi.verifyBanUser(userUuid, ipAddress, world).then((data: AdminBannedData) => { + const parts = room.split('/'); + if (parts.length < 3 || parts[0] !== '@') { + return Promise.resolve({ + is_banned: false, + message: '' + }); + } + + const organization = parts[1]; + const world = parts[2]; + return adminApi.verifyBanUser(userUuid, ipAddress, organization, world).then((data: AdminBannedData) => { if (data && data.is_banned) { throw new Error('User was banned'); }