소스 검색

Fixed reports security flaw and other small issues.

KrisVos130 8 년 전
부모
커밋
5c1c48c44d

+ 8 - 5
backend/logic/actions/reports.js

@@ -4,6 +4,7 @@ const async = require('async');
 
 
 const db = require('../db');
 const db = require('../db');
 const hooks = require('./hooks');
 const hooks = require('./hooks');
+const songs = require('../songs');
 
 
 module.exports = {
 module.exports = {
 
 
@@ -25,14 +26,14 @@ module.exports = {
 		});
 		});
 	}),
 	}),
 
 
-	create: hooks.loginRequired((session, data, cb) => {
+	create: hooks.loginRequired((session, data, cb, userId) => {
 		async.waterfall([
 		async.waterfall([
 
 
 			(next) => {
 			(next) => {
-				db.models.report.find({ createdBy: data.createdBy, createdAt: data.createdAt }).exec((err, report) => {
-					if (err) console.error(err);
-					if (report) return cb({ status: 'failure', message: 'Report already exists' });
-					else next();
+				songs.getSong(data.songId, (err, song) => {
+					if (err) return next(err);
+					if (!song) return next('Song does not exist in our Database.');
+					next();
 				});
 				});
 			},
 			},
 
 
@@ -93,6 +94,8 @@ module.exports = {
 			},
 			},
 
 
 			(next) => {
 			(next) => {
+				data.createdBy = userId;
+				data.createdAt = Date.now();
 				db.models.report.create(data, next);
 				db.models.report.create(data, next);
 			}
 			}
 
 

+ 5 - 1
backend/logic/actions/stations.js

@@ -13,8 +13,11 @@ const stations = require('../stations');
 const songs = require('../songs');
 const songs = require('../songs');
 const hooks = require('./hooks');
 const hooks = require('./hooks');
 
 
+cache.sub('station.updatePartyMode', data => {
+	utils.emitToRoom(`station.${data.stationId}`, "event:partyMode.updated", data.partyMode);
+});
+
 cache.sub('privatePlaylist.selected', data => {
 cache.sub('privatePlaylist.selected', data => {
-	console.log(data);
 	utils.emitToRoom(`station.${data.stationId}`, "event:privatePlaylist.selected", data.playlistId);
 	utils.emitToRoom(`station.${data.stationId}`, "event:privatePlaylist.selected", data.playlistId);
 });
 });
 
 
@@ -340,6 +343,7 @@ module.exports = {
 				if (err) return cb({ status: 'failure', message: 'Something went wrong when saving the station.' });
 				if (err) return cb({ status: 'failure', message: 'Something went wrong when saving the station.' });
 				stations.updateStation(stationId, () => {
 				stations.updateStation(stationId, () => {
 					//TODO Pub/sub for privacy change
 					//TODO Pub/sub for privacy change
+					cache.pub('station.updatePartyMode', {stationId: stationId, partyMode: newPartyMode});
 					stations.skipStation(stationId)();
 					stations.skipStation(stationId)();
 					cb({ status: 'success', message: 'Successfully updated the party mode.' });
 					cb({ status: 'success', message: 'Successfully updated the party mode.' });
 				})
 				})

+ 1 - 1
backend/logic/db/schemas/report.js

@@ -1,7 +1,7 @@
 module.exports = {
 module.exports = {
 	resolved: { type: Boolean, default: false, required: true },
 	resolved: { type: Boolean, default: false, required: true },
 	songId: { type: String, required: true },
 	songId: { type: String, required: true },
-	description: { type: String, required: true },
+	description: { type: String },
 	issues: [{
 	issues: [{
 		name: String,
 		name: String,
 		reasons: Array
 		reasons: Array

+ 6 - 7
frontend/components/Modals/Report.vue

@@ -8,7 +8,7 @@
 			</header>
 			</header>
 			<section class='modal-card-body'>
 			<section class='modal-card-body'>
 				<div class='columns song-types'>
 				<div class='columns song-types'>
-					<div class='column song-type' v-if='$parent.previousSong !== null'>
+					<div class='column song-type' v-if='$parent.previousSong !== null && $parent.previousSong.likes !== -1 && $parent.previousSong.dislikes !== -1'>
 						<div class='card is-fullwidth' :class="{ 'is-highlight-active': isPreviousSongActive }" @click="highlight('previousSong')">
 						<div class='card is-fullwidth' :class="{ 'is-highlight-active': isPreviousSongActive }" @click="highlight('previousSong')">
 							<header class='card-header'>
 							<header class='card-header'>
 								<p class='card-header-title'>
 								<p class='card-header-title'>
@@ -35,7 +35,7 @@
 							</div>
 							</div>
 						</div>
 						</div>
 					</div>
 					</div>
-					<div class='column song-type' v-if='$parent.currentSong !== null'>
+					<div class='column song-type' v-if='$parent.currentSong !== null && $parent.currentSong.likes !== -1 && $parent.currentSong.dislikes !== -1'>
 						<div class='card is-fullwidth'  :class="{ 'is-highlight-active': isCurrentSongActive }" @click="highlight('currentSong')">
 						<div class='card is-fullwidth'  :class="{ 'is-highlight-active': isCurrentSongActive }" @click="highlight('currentSong')">
 							<header class='card-header'>
 							<header class='card-header'>
 								<p class='card-header-title'>
 								<p class='card-header-title'>
@@ -63,7 +63,8 @@
 						</div>
 						</div>
 					</div>
 					</div>
 				</div>
 				</div>
-				<div class='edit-report-wrapper'>
+				<h4 v-if='($parent.currentSong === null || ($parent.currentSong.likes === -1 && $parent.currentSong.dislikes === -1)) && ($parent.previousSong === null || ($parent.previousSong.likes === -1 || $parent.previousSong.dislikes === -1))'>There are currently no songs to report.</h4>
+				<div class='edit-report-wrapper' v-else>
 					<div class='columns is-multiline'>
 					<div class='columns is-multiline'>
 						<div class='column is-half' v-for='issue in issues'>
 						<div class='column is-half' v-for='issue in issues'>
 							<label class='label'>{{ issue.name }}</label>
 							<label class='label'>{{ issue.name }}</label>
@@ -83,7 +84,7 @@
 				</div>
 				</div>
 			</section>
 			</section>
 			<footer class='modal-card-foot'>
 			<footer class='modal-card-foot'>
-				<a class='button is-success' @click='create()'>
+				<a class='button is-success' @click='create()' v-if='!(($parent.currentSong === null || ($parent.currentSong.likes === -1 && $parent.currentSong.dislikes === -1)) && ($parent.previousSong === null || ($parent.previousSong.likes === -1 || $parent.previousSong.dislikes === -1)))'>
 					<i class='material-icons save-changes'>done</i>
 					<i class='material-icons save-changes'>done</i>
 					<span>&nbsp;Create</span>
 					<span>&nbsp;Create</span>
 				</a>
 				</a>
@@ -115,9 +116,7 @@
 						{ name: 'Duration', reasons: [] },
 						{ name: 'Duration', reasons: [] },
 						{ name: 'Artists', reasons: [] },
 						{ name: 'Artists', reasons: [] },
 						{ name: 'Thumbnail', reasons: [] }
 						{ name: 'Thumbnail', reasons: [] }
-					],
-					createdBy: this.$parent.$parent.userId,
-					createdAt: Date.now()
+					]
 				},
 				},
 				issues: [
 				issues: [
 					{
 					{

+ 7 - 1
frontend/components/Station/Station.vue

@@ -376,7 +376,7 @@
 				});
 				});
 
 
 				_this.socket.on('event:songs.next', data => {
 				_this.socket.on('event:songs.next', data => {
-					_this.previousSong = _this.currentSong;
+					_this.previousSong = (_this.currentSong._id) ? _this.currentSong : null;
 					_this.currentSong = (data.currentSong) ? data.currentSong : {};
 					_this.currentSong = (data.currentSong) ? data.currentSong : {};
 					_this.startedAt = data.startedAt;
 					_this.startedAt = data.startedAt;
 					_this.paused = data.paused;
 					_this.paused = data.paused;
@@ -468,6 +468,12 @@
 						this.station.privatePlaylist = playlistId;
 						this.station.privatePlaylist = playlistId;
 					}
 					}
 				});
 				});
+
+				_this.socket.on('event:partyMode.updated', (partyMode) => {
+					if (this.type === 'community') {
+						this.station.partyMode = partyMode;
+					}
+				});
 			});
 			});
 
 
 			let volume = parseInt(localStorage.getItem("volume"));
 			let volume = parseInt(localStorage.getItem("volume"));