check only isOper can ban/kick on server side

2026-05-07 02:27:16 +02:00 · 2017-05-13 13:08:26 +08:00
parent e5d0590b68
commit a9a5fde404
2 changed files with 44 additions and 22 deletions
--- a/config/lib/socket.io.js
+++ b/config/lib/socket.io.js
@@ -9,6 +9,7 @@ var config = require('../config'),
  cookieParser = require('cookie-parser'),
  passport = require('passport'),
  socketio = require('socket.io'),
+  moment = require('moment'),
  session = require('express-session'),
  MongoStore = require('connect-mongo')(session);

@@ -101,6 +102,9 @@ module.exports = function (app, db) {
              var logined = false;
              var banned = false;

+              //init user
+              initUser(socket.request.user);
+
              // check user already login
              io.chatClients.forEach(function (s) {
                if (s.request.user.username === socket.request.user.username) {
@@ -140,6 +144,23 @@ module.exports = function (app, db) {
    });
  });

+  // init user isOper/isAdmin/isVip
+  function initUser(user) {
+    user.isVip = false;
+
+    if (!user.vip_start_at || !user.vip_end_at) {
+      user.isVip = false;
+    } else if (moment(Date.now()) > moment(user.vip_end_at)) {
+      user.isVip = false;
+    } else {
+      user.isVip = true;
+    }
+
+    user.isOper = (user.roles[0] === 'oper' || user.roles[0] === 'admin');
+    user.isAdmin = (user.roles[0] === 'admin');
+
+  }
+
  // Add an event listener to the 'connection' event
  io.on('connection', function (socket) {
    config.files.server.sockets.forEach(function (socketConfiguration) {
--- a/modules/chat/server/sockets/chat.server.socket.config.js
+++ b/modules/chat/server/sockets/chat.server.socket.config.js
@@ -40,30 +40,31 @@ module.exports = function (io, socket) {

  // Send a chat messages to all connected sockets when a message is received
  socket.on('ban', function (message) {
-    io.chatClients.forEach(function (bsocket) {
-      if (bsocket.request.user.username === message.username) {
-        message.type = 'status';
-        message.created = Date.now();
-        message.user = bsocket.request.user;
-        message.text = message.by.reason || 'you are not grateful';
+    if (socket.request.user.isOper) {
+      io.chatClients.forEach(function (bsocket) {
+        if (bsocket.request.user.username === message.username) {
+          message.type = 'status';
+          message.created = Date.now();
+          message.user = bsocket.request.user;
+          message.text = message.by.reason || 'you are not grateful';

-        message.by.user = socket.request.user;
-        // Emit the 'chatMessage' event
-        io.emit('ban', message);
+          message.by.user = socket.request.user;
+          // Emit the 'chatMessage' event
+          io.emit('ban', message);

-        //add to ban list
-        var address = bsocket.handshake.address;
-        var buser = {
-          user: bsocket.request.user,
-          ip: address,
-          expires: Date.now() + parseInt((message.by.expires || 60 * 60 * 1000 * 1), 10)
-        };
-        console.log(buser);
-        io.banClients.push(buser);
-        //disconnect user
-        bsocket.disconnect();
-      }
-    });
+          //add to ban list
+          var address = bsocket.handshake.address;
+          var buser = {
+            user: bsocket.request.user,
+            ip: address,
+            expires: Date.now() + parseInt((message.by.expires || 60 * 60 * 1000 * 1), 10)
+          };
+          io.banClients.push(buser);
+          //disconnect user
+          bsocket.disconnect();
+        }
+      });
+    }
  });

  // When socket disconnects, remove it from the list