Add filename and checksum ban creation and deletion from web interface

Related to issue #28
2025-09-06 11:46:24 -07:00 · 2022-09-15 22:50:45 -07:00 · 2022-09-15 22:50:45 -07:00 · bcad625368
commit bcad625368
parent 943c0f6221
4 changed files with 128 additions and 13 deletions
--- a/pkg/gcsql/filebans.go
+++ b/pkg/gcsql/filebans.go
@ -37,8 +37,8 @@ func GetFilenameBans(matchFilename string, exactMatch bool) ([]FilenameBan, erro

 // CreateFileNameBan creates a new ban on a filename. If boards is an empty string
 // or the resulting query = nil, the ban is global, whether or not allBoards is set
-func CreateFileNameBan(fileName string, isRegex bool, staffName string, permaban bool, staffNote, boardURI string) error {
-	const sql = `INSERT INTO DBPREFIXfilename_ban (board_id, staff_id, staff_note, filename, is_regex) VALUES board_id = ?, staff_id = ?, staff_note = ?, filename = ?, is_regex = ?`
+func CreateFileNameBan(fileName string, isRegex bool, staffName string, staffNote, boardURI string) error {
+	const sql = `INSERT INTO DBPREFIXfilename_ban (board_id, staff_id, staff_note, filename, is_regex) VALUES(?,?,?,?,?)`
 	staffID, err := getStaffID(staffName)
 	if err != nil {
 		return err
@ -51,6 +51,12 @@ func CreateFileNameBan(fileName string, isRegex bool, staffName string, permaban
 	return err
 }

+// DeleteFilenameBanByID deletes the ban, given the id column value
+func DeleteFilenameBanByID(id int) error {
+	_, err := ExecSQL("DELETE FROM DBPREFIXfilename_ban WHERE id = ?", id)
+	return err
+}
+
 func GetFileChecksumBans(matchChecksum string) ([]FileBan, error) {
 	query := `SELECT id,board_id,staff_id,staff_note,issued_at,checksum FROM DBPREFIXfile_ban`
 	if matchChecksum != "" {
@ -81,8 +87,8 @@ func GetFileChecksumBans(matchChecksum string) ([]FileBan, error) {
 }

 // CreateFileBan creates a new ban on a file. If boards = nil, the ban is global.
-func CreateFileBan(fileChecksum, staffName string, permaban bool, staffNote, boardURI string) error {
-	const sql = `INSERT INTO DBPREFIXfile_ban (board_id, staff_id, staff_note, checksum) VALUES board_id = ?, staff_id = ?, staff_note = ?, checksum = ?`
+func CreateFileBan(fileChecksum, staffName string, staffNote, boardURI string) error {
+	const sql = `INSERT INTO DBPREFIXfile_ban (board_id, staff_id, staff_note, checksum) VALUES(?,?,?,?)`
 	staffID, err := getStaffID(staffName)
 	if err != nil {
 		return err
@ -92,6 +98,12 @@ func CreateFileBan(fileChecksum, staffName string, permaban bool, staffNote, boa
 	return err
 }

+// DeleteFileBanByID deletes the ban, given the id column value
+func DeleteFileBanByID(id int) error {
+	_, err := ExecSQL("DELETE FROM DBPREFIXfile_ban WHERE id = ?", id)
+	return err
+}
+
 func checkFilenameBan(filename string) (*FilenameBan, error) {
 	const sql = `SELECT id, board_id, staff_id, staff_note, issued_at, filename, is_regex 
 	FROM DBPREFIXfilename_ban WHERE filename = ?`
--- a/pkg/gcsql/queries.go
+++ b/pkg/gcsql/queries.go
@ -324,7 +324,7 @@ func CheckBan(ip, name, filename, checksum string) (*BanInfo, error) {
 		return ban, nil
 	}

-	//TODO implement other types of bans or refactor banning code
+	// TODO implement other types of bans or refactor banning code
 	return nil, gcutil.ErrNotImplemented
 }

--- a/pkg/manage/actions.go
+++ b/pkg/manage/actions.go
@ -203,6 +203,101 @@ var actions = []Action{
 		Permissions: ModPerms,
 		JSONoutput:  OptionalJSON,
 		Callback: func(writer http.ResponseWriter, request *http.Request, staff *gcsql.Staff, wantsJSON bool) (interface{}, error) {
+			errorEv := gcutil.LogError(nil).
+				Str("action", "filebans").
+				Str("staff", staff.Username)
+			defer errorEv.Discard()
+			var err error
+			fileBanType := request.PostForm.Get("bantype")
+			delFnbStr := request.Form.Get("delfnb")
+			if delFnbStr != "" {
+				var delFilenameBanID int
+				if delFilenameBanID, err = strconv.Atoi(delFnbStr); err != nil {
+					errorEv.Err(err).
+						Str("delfnb", delFnbStr).Send()
+					return "", err
+				}
+				if err = gcsql.DeleteFilenameBanByID(delFilenameBanID); err != nil {
+					errorEv.Err(err).
+						Int("delfnb", delFilenameBanID).Send()
+					return "", err
+				}
+				gcutil.LogInfo().
+					Str("action", "filebans").
+					Str("staff", staff.Username).
+					Int("delFilenameBan", delFilenameBanID).Send()
+			}
+			delCsbStr := request.Form.Get("delcsb")
+			if delCsbStr != "" {
+				var delChecksumBanID int
+				if delChecksumBanID, err = strconv.Atoi(delCsbStr); err != nil {
+					errorEv.Err(err).
+						Str("delcsb", delCsbStr).Send()
+					return "", err
+				}
+				if err = gcsql.DeleteFileBanByID(delChecksumBanID); err != nil {
+					errorEv.Err(err).
+						Int("delcsb", delChecksumBanID).Send()
+					return "", err
+				}
+				gcutil.LogInfo().
+					Str("action", "filebans").
+					Str("staff", staff.Username).
+					Int("delChecksumBan", delChecksumBanID).Send()
+			}
+			switch fileBanType {
+			case "filename":
+				// filename form used
+				filename := request.PostForm.Get("filename")
+				isWildcard := request.PostForm.Get("iswildcard") == "on"
+				board := request.PostForm.Get("board")
+				staffNote := request.PostForm.Get("staffnote")
+				if filename == "" {
+					err = errors.New("missing filename field in filename ban creation")
+					errorEv.Err(err).Send()
+					return "", err
+				}
+				if err = gcsql.CreateFileNameBan(filename, isWildcard, staff.Username, staffNote, board); err != nil {
+					errorEv.Err(err).
+						Str("filename", filename).
+						Bool("iswildcard", isWildcard).
+						Str("board", board).
+						Str("staffnote", staffNote).Send()
+					return "", err
+				}
+				gcutil.LogInfo().
+					Str("action", "filebans").
+					Str("staff", staff.Username).
+					Str("newBanType", "filename").Send()
+			case "checksum":
+				// file checksum form used
+				checksum := request.PostForm.Get("checksum")
+				board := request.PostForm.Get("board")
+				staffNote := request.PostForm.Get("staffnote")
+				if checksum == "" {
+					err = errors.New("missing checksum field in filename ban creation")
+					errorEv.Err(err).Send()
+					return "", err
+				}
+				if err = gcsql.CreateFileBan(checksum, staff.Username, staffNote, board); err != nil {
+					errorEv.Err(err).
+						Str("checksum", checksum).
+						Str("board", board).
+						Str("staffnote", staffNote).Send()
+					return "", err
+				}
+				gcutil.LogInfo().
+					Str("action", "filebans").
+					Str("staff", staff.Username).
+					Str("newBanType", "checksum").Send()
+			case "":
+				// no POST data sent
+			default:
+				err = fmt.Errorf(`invalid bantype value %q, valid values are "filename" and "checksum"`, fileBanType)
+				errorEv.Err(err).Send()
+				return "", err
+			}
+
 			filenameBans, err := gcsql.GetFilenameBans("", false)
 			if err != nil {
 				return "", err
@ -217,6 +312,7 @@ var actions = []Action{
 					"checksumBans": checksumBans,
 				}, nil
 			}
+
 			boardURIs, err := gcsql.GetBoardUris()
 			if err != nil {
 				return "", err
@ -226,6 +322,7 @@ var actions = []Action{
 				"webroot":      config.GetSystemCriticalConfig().WebRoot,
 				"filenameBans": filenameBans,
 				"checksumBans": checksumBans,
+				"currentStaff": staff.Username,
 				"boardURIs":    boardURIs,
 			}, manageBansBuffer, "text/html"); err != nil {
 				gcutil.LogError(err).
@ -269,6 +366,7 @@ var actions = []Action{
 				permaban := (durationForm == "" || durationForm == "0" || durationForm == "forever")
 				duration, err := gcutil.ParseDurationString(durationForm)
 				if err != nil {
+					errorEv.Err(err).Send()
 					return "", err
 				}
 				expires := time.Now().Add(duration)
@ -278,10 +376,11 @@ var actions = []Action{
 				staffNote := html.EscapeString(request.FormValue("staffnote"))

 				if filename != "" {
-					err = gcsql.CreateFileNameBan(filename, nameIsRegex, staff.Username, permaban, staffNote, boards)
+					err = gcsql.CreateFileNameBan(filename, nameIsRegex, staff.Username, staffNote, boards)
 				}
 				if err != nil {
 					outputStr += err.Error()
+					errorEv.Err(err).Send()
 					err = nil
 				}
 				if name != "" {
@ -334,7 +433,7 @@ var actions = []Action{
 							Str("bannedFromBoards", boards).Send()
 					}
 					if request.FormValue("imageban") == "on" {
-						err = gcsql.CreateFileBan(checksum, staff.Username, permaban, staffNote, boards)
+						err = gcsql.CreateFileBan(checksum, staff.Username, staffNote, boards)
 						if err != nil {
 							errorEv.
 								Str("banType", "fileBan").
--- a/templates/manage_filebans.html
+++ b/templates/manage_filebans.html
@ -8,12 +8,14 @@
 <form id="filenamebanform" action="{{.webroot}}manage?action=filebans" method="POST">
 <input type="hidden" name="bantype" value="filename">
 	<table>
-		<tr><td>Filename</td><td><input type="text" name="filename" id="filename"></td></tr>
-		<tr><td>SQL wildcard<sup><a href="https://www.w3schools.com/sql/sql_wildcards.asp" target="_blank">?</a></sup></td><td><input type="checkbox" name="iswildcard" id="iswildcard"/></td></tr>
-		<tr><td>Board</td><td><select name="board">
+		<tr><td>Filename:</td><td><input type="text" name="filename" id="filename"></td></tr>
+		<tr><td>SQL wildcard:<sup><a href="https://www.w3schools.com/sql/sql_wildcards.asp" target="_blank">?</a></sup></td><td><input type="checkbox" name="iswildcard" id="iswildcard"/></td></tr>
+		<tr><td>Board:</td><td><select name="board">
 			<option value="">All boards (global ban)</option>
 			{{- range $b,$uri := .boardURIs -}}<option value="{{$uri}}">/{{$uri}}/</option>{{end -}}
 		</select></td></tr>
+		<tr><td>Staff:</td><td>{{.currentStaff}}</td></tr>
+		<tr><td>Staff note:</td><td><input type="text" name="staffnote"/></td></tr>
 	</table>
 	<input type="submit" name="dofilenameban" value="Create"/>
 	<input type="button" onclick="document.getElementById('filenamebanform').reset()" value="Cancel"/>
@ -37,14 +39,16 @@
 </div>
 <div id="checksum-bans">
 <h2>Create new file checksum ban</h2>
-<form id="checksumbanform" action="{{.webroot}}manage?action=filebans" method="POST">
+<form id="checksumbanform" action="{{.webroot}}manage?action=filebans#checksum-bans" method="POST">
 <input type="hidden" name="bantype" value="checksum">
 	<table>
-		<tr><td>Checksum</td><td><input type="text" name="filename" id="filename"></td></tr>
+		<tr><td>Checksum</td><td><input type="text" name="checksum"></td></tr>
 		<tr><td>Board</td><td><select name="board">
 			<option value="">All boards (global ban)</option>
 			{{- range $b,$uri := .boardURIs -}}<option value="{{$uri}}">/{{$uri}}/</option>{{end -}}
 		</select></td></tr>
+		<tr><td>Staff:</td><td>{{.currentStaff}}</td></tr>
+		<tr><td>Staff note:</td><td><input type="text" name="staffnote"/></td></tr>
 	</table>
 	<input type="submit" name="dochecksumban" value="Create"/>
 	<input type="button" onclick="document.getElementById('checksumbanform').reset()" value="Cancel"/>
@ -59,7 +63,7 @@
 		<td>{{$uri := $ban.BoardURI}}{{if eq $uri ""}}<i>All boards</i>{{else}}/{{$uri}}/{{end}}</td>
 		<td>{{$staff := $ban.StaffName}}{{if eq $staff ""}}<i>?</i>{{else}}{{$staff}}{{end}}</td>
 		<td>{{$ban.StaffNote}}</td>
-		<td><a href="{{$.webroot}}manage?action=filebans&delfb={{$ban.ID}}">Delete</a></td>
+		<td><a href="{{$.webroot}}manage?action=filebans&delcsb={{$ban.ID}}#checksum-bans">Delete</a></td>
 	</tr>
 {{- end -}}
 </table>