fix(config/scripts): Enhance User Creation and Ban Handling, Standardize Imports (#1144)

* chore: use relative imports for scripts * fix(create-user): newUser.save() now properly awaited, double-check user creation, use relative imports, catch exception * fix(ban-user): catch exception, handle case where IP is undefined, proper check of user ban on login
2025-12-16 16:30:15 +01:00 · 2023-11-06 09:19:43 -05:00 · 2023-11-06 09:19:43 -05:00 · 5f3ecef575
commit 5f3ecef575
parent a2ee57568a
7 changed files with 102 additions and 27 deletions
--- a/api/server/middleware/checkBan.js
+++ b/api/server/middleware/checkBan.js
@ -1,9 +1,10 @@
 const Keyv = require('keyv');
 const uap = require('ua-parser-js');
-const { getLogStores } = require('../../cache');
 const denyRequest = require('./denyRequest');
+const { getLogStores } = require('../../cache');
 const { isEnabled, removePorts } = require('../utils');
 const keyvRedis = require('../../cache/keyvRedis');
+const User = require('../../models/User');

 const banCache = isEnabled(process.env.USE_REDIS)
  ? new Keyv({ store: keyvRedis })
@ -52,12 +53,33 @@ const checkBan = async (req, res, next = () => {}) => {
  }

  req.ip = removePorts(req);
-  const userId = req.user?.id ?? req.user?._id ?? null;
-  const ipKey = isEnabled(process.env.USE_REDIS) ? `ban_cache:ip:${req.ip}` : req.ip;
-  const userKey = isEnabled(process.env.USE_REDIS) ? `ban_cache:user:${userId}` : userId;
+  let userId = req.user?.id ?? req.user?._id ?? null;
+
+  if (!userId && req?.body?.email) {
+    const user = await User.findOne({ email: req.body.email }, '_id').lean();
+    userId = user?._id ? user._id.toString() : userId;
+  }
+
+  if (!userId && !req.ip) {
+    return next();
+  }
+
+  let cachedIPBan;
+  let cachedUserBan;
+
+  let ipKey = '';
+  let userKey = '';
+
+  if (req.ip) {
+    ipKey = isEnabled(process.env.USE_REDIS) ? `ban_cache:ip:${req.ip}` : req.ip;
+    cachedIPBan = await banCache.get(ipKey);
+  }
+
+  if (userId) {
+    userKey = isEnabled(process.env.USE_REDIS) ? `ban_cache:user:${userId}` : userId;
+    cachedUserBan = await banCache.get(userKey);
+  }

-  const cachedIPBan = await banCache.get(ipKey);
-  const cachedUserBan = await banCache.get(userKey);
  const cachedBan = cachedIPBan || cachedUserBan;

  if (cachedBan) {
@ -72,9 +94,18 @@ const checkBan = async (req, res, next = () => {}) => {
    return next();
  }

-  const ipBan = await banLogs.get(req.ip);
-  const userBan = await banLogs.get(userId);
-  const isBanned = ipBan || userBan;
+  let ipBan;
+  let userBan;
+
+  if (req.ip) {
+    ipBan = await banLogs.get(req.ip);
+  }
+
+  if (userId) {
+    userBan = await banLogs.get(userId);
+  }
+
+  const isBanned = !!(ipBan || userBan);

  if (!isBanned) {
    return next();
@ -82,14 +113,23 @@ const checkBan = async (req, res, next = () => {}) => {

  const timeLeft = Number(isBanned.expiresAt) - Date.now();

-  if (timeLeft <= 0) {
+  if (timeLeft <= 0 && ipKey) {
    await banLogs.delete(ipKey);
+  }
+
+  if (timeLeft <= 0 && userKey) {
    await banLogs.delete(userKey);
    return next();
  }

-  banCache.set(ipKey, isBanned, timeLeft);
-  banCache.set(userKey, isBanned, timeLeft);
+  if (ipKey) {
+    banCache.set(ipKey, isBanned, timeLeft);
+  }
+
+  if (userKey) {
+    banCache.set(userKey, isBanned, timeLeft);
+  }
+
  req.banned = true;
  return await banResponse(req, res);
 };