nhcarrigan/hikari
9
0
Fork 0
generated from nhcarrigan/template
Code Issues 2 Pull Requests 3 Actions Releases Activity

feat: add ability to log and display sanctions

Browse Source
This commit is contained in:
Naomi Carrigan
2025-08-25 15:55:48 -07:00
parent a9126ec826
commit 908f22d6aa
17 changed files with 19018 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/routes/sanction.ts
+132
View File
@@ -0,0 +1,132 @@
/**
* @copyright nhcarrigan
* @license Naomi's Public License
* @author Naomi Carrigan
*/
import { blockedIps } from "../cache/blockedIps.js";
import { database } from "../db/database.js";
import { getIpFromRequest } from "../modules/getIpFromRequest.js";
import { getSanctionComponents } from "../modules/getSanctionComponents.js";
import { isValidString } from "../utils/isValidString.js";
import type { FastifyPluginAsync } from "fastify";
const oneDay = 24 * 60 * 60 * 1000;
/**
* Mounts the entry routes for the application. These routes
* should not require CORS, as they are used by external services
* such as our uptime monitor.
* @param server - The Fastify server instance.
*/
export const sanctionRoutes: FastifyPluginAsync = async(server) => {
server.get("/sanctions", async(_request, reply) => {
const sanctions = await database.getInstance().sanctions.findMany({
orderBy: {
createdAt: "desc",
},
take: 100,
});
return await reply.status(200).type("application/json").
send(sanctions.map((sanction) => {
return {
number: sanction.number,
platform: sanction.platform,
reason: sanction.reason,
type: sanction.type,
username: sanction.username,
uuid: sanction.uuid,
};
}));
});
// eslint-disable-next-line @typescript-eslint/naming-convention -- Fastify requires Body instead of body.
server.post<{ Body: { platform: string;
uuid: string;
username: string;
type: string;
reason: string; }; }>(
"/sanction",
async(request, reply) => {
const token = request.headers.authorization;
if (token === undefined || token !== process.env.ANNOUNCEMENT_TOKEN) {
blockedIps.push({
ip: getIpFromRequest(request),
ttl: new Date(Date.now() + oneDay),
});
return await reply.status(401).send({
error:
// eslint-disable-next-line stylistic/max-len -- Big boi string.
"This endpoint requires a special auth token. If you believe you should have access, please contact Naomi. To protect our services, your IP has been blocked from all routes for 24 hours.",
});
}
const { platform, uuid, username, type, reason } = request.body;
if (
[ platform, uuid, username, type, reason ].some((value) => {
return !isValidString(value);
})
) {
return await reply.status(400).send({
error: "Missing required fields.",
});
}
if (![
"warning",
"kick",
"mute",
"ban",
].includes(type)) {
return await reply.status(400).send({
error: "Invalid type. Choose from warning, kick, mute, ban.",
});
}
const count = await database.getInstance().sanctions.count();
const number = count + 1;
await database.getInstance().sanctions.create({
data: {
number,
platform,
reason,
type,
username,
uuid,
},
});
const components = getSanctionComponents(
{
number,
platform,
reason,
type,
username,
uuid,
},
);
await fetch(
`${process.env.SANCTION_WEBHOOK ?? ""}?with_components=true`,
{
body: JSON.stringify({
components: components,
flags: 32_768,
}),
headers: {
// eslint-disable-next-line @typescript-eslint/naming-convention -- headers.
"content-type": "application/json",
},
method: "POST",
},
);
return await reply.status(201).send({
message: `Sanction ${number.toString()} has been logged!`,
});
},
);
};