From 2d252f2fa455613210a6041f5ba89e77751f0b95 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Thu, 15 Oct 2020 19:05:31 -0400
Subject: [PATCH] refactor: user bans to use api lib

---
 src/api/users.js               | 60 ++++++++++++++++++++++++
 src/controllers/write/users.js | 62 +------------------------
 src/socket.io/user/ban.js      | 85 +++-------------------------------
 3 files changed, 69 insertions(+), 138 deletions(-)

diff --git a/src/api/users.js b/src/api/users.js
index df816961e5..54b26d1845 100644
--- a/src/api/users.js
+++ b/src/api/users.js
@@ -1,5 +1,6 @@
 'use strict';
 
+const db = require('../database');
 const user = require('../user');
 const groups = require('../groups');
 const meta = require('../meta');
@@ -8,6 +9,8 @@ const privileges = require('../privileges');
 const notifications = require('../notifications');
 const plugins = require('../plugins');
 const events = require('../events');
+const translator = require('../translator');
+const sockets = require('../socket.io');
 
 const usersAPI = module.exports;
 
@@ -120,6 +123,63 @@ usersAPI.unfollow = async function (caller, data) {
 	});
 };
 
+usersAPI.ban = async function (caller, data) {
+	if (!await privileges.users.hasBanPrivilege(caller.uid)) {
+		throw new Error('[[error:no-privileges]]');
+	} else if (await user.isAdministrator(data.uid)) {
+		throw new Error('[[error:cant-ban-other-admins]]');
+	}
+
+	const banData = await user.bans.ban(data.uid, data.until, data.reason);
+	await db.setObjectField('uid:' + data.uid + ':ban:' + banData.timestamp, 'fromUid', caller.uid);
+
+	if (!data.reason) {
+		data.reason = await translator.translate('[[user:info.banned-no-reason]]');
+	}
+
+	sockets.in('uid_' + data.uid).emit('event:banned', {
+		until: data.until,
+		reason: data.reason,
+	});
+
+	await flags.resolveFlag('user', data.uid, caller.uid);
+	await flags.resolveUserPostFlags(data.uid, caller.uid);
+	await events.log({
+		type: 'user-ban',
+		uid: caller.uid,
+		targetUid: data.uid,
+		ip: caller.ip,
+		reason: data.reason || undefined,
+	});
+	plugins.fireHook('action:user.banned', {
+		callerUid: caller.uid,
+		ip: caller.ip,
+		uid: data.uid,
+		until: data.until > 0 ? data.until : undefined,
+		reason: data.reason || undefined,
+	});
+	await user.auth.revokeAllSessions(data.uid);
+};
+
+usersAPI.unban = async function (caller, data) {
+	if (!await privileges.users.hasBanPrivilege(caller.uid)) {
+		throw new Error('[[error:no-privileges]]');
+	}
+
+	await user.bans.unban(data.uid);
+	await events.log({
+		type: 'user-unban',
+		uid: caller.uid,
+		targetUid: data.uid,
+		ip: caller.ip,
+	});
+	plugins.fireHook('action:user.unbanned', {
+		callerUid: caller.uid,
+		ip: caller.ip,
+		uid: data.uid,
+	});
+};
+
 async function processDeletion(uid, caller) {
 	const isTargetAdmin = await user.isAdministrator(uid);
 	const isSelf = parseInt(uid, 10) === caller.uid;
diff --git a/src/controllers/write/users.js b/src/controllers/write/users.js
index c74b823497..c76a6d0b5b 100644
--- a/src/controllers/write/users.js
+++ b/src/controllers/write/users.js
@@ -1,18 +1,10 @@
 'use strict';
 
 const api = require('../../api');
-const user = require('../../user');
-const plugins = require('../../plugins');
-const privileges = require('../../privileges');
-const flags = require('../../flags');
 const meta = require('../../meta');
-const events = require('../../events');
-const translator = require('../../translator');
 const utils = require('../../utils');
 
-const db = require('../../database');
 const helpers = require('../helpers');
-const sockets = require('../../socket.io');
 
 const Users = module.exports;
 
@@ -52,62 +44,12 @@ Users.unfollow = async (req, res) => {
 };
 
 Users.ban = async (req, res) => {
-	if (!await privileges.users.hasBanPrivilege(req.user.uid)) {
-		return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
-	} else if (await user.isAdministrator(req.params.uid)) {
-		return helpers.formatApiResponse(403, res, new Error('[[error:cant-ban-other-admins]]'));
-	}
-
-	const banData = await user.bans.ban(req.params.uid, req.body.until, req.body.reason);
-	await db.setObjectField('uid:' + req.params.uid + ':ban:' + banData.timestamp, 'fromUid', req.user.uid);
-
-	if (!req.body.reason) {
-		req.body.reason = await translator.translate('[[user:info.banned-no-reason]]');
-	}
-
-	sockets.in('uid_' + req.params.uid).emit('event:banned', {
-		until: req.body.until,
-		reason: req.body.reason,
-	});
-
-	await flags.resolveFlag('user', req.params.uid, req.user.uid);
-	await events.log({
-		type: 'user-ban',
-		uid: req.user.uid,
-		targetUid: req.params.uid,
-		ip: req.ip,
-		reason: req.body.reason || undefined,
-	});
-	plugins.fireHook('action:user.banned', {
-		callerUid: req.user.uid,
-		ip: req.ip,
-		uid: req.params.uid,
-		until: req.body.until > 0 ? req.body.until : undefined,
-		reason: req.body.reason || undefined,
-	});
-	await user.auth.revokeAllSessions(req.params.uid);
-
+	await api.users.ban(req, { ...req.body, uid: req.params.uid });
 	helpers.formatApiResponse(200, res);
 };
 
 Users.unban = async (req, res) => {
-	if (!await privileges.users.hasBanPrivilege(req.user.uid)) {
-		return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
-	}
-
-	await user.bans.unban(req.params.uid);
-	await events.log({
-		type: 'user-unban',
-		uid: req.user.uid,
-		targetUid: req.params.uid,
-		ip: req.ip,
-	});
-	plugins.fireHook('action:user.unbanned', {
-		callerUid: req.user.uid,
-		ip: req.ip,
-		uid: req.params.uid,
-	});
-
+	await api.users.unban(req, { ...req.body, uid: req.params.uid });
 	helpers.formatApiResponse(200, res);
 };
 
diff --git a/src/socket.io/user/ban.js b/src/socket.io/user/ban.js
index 8f021cb258..f2a5b447a6 100644
--- a/src/socket.io/user/ban.js
+++ b/src/socket.io/user/ban.js
@@ -1,91 +1,20 @@
 'use strict';
 
-const db = require('../../database');
-const user = require('../../user');
+const api = require('../../api');
 const websockets = require('../index');
-const events = require('../../events');
-const privileges = require('../../privileges');
-const plugins = require('../../plugins');
-const translator = require('../../translator');
-const flags = require('../../flags');
 
 module.exports = function (SocketUser) {
 	SocketUser.banUsers = async function (socket, data) {
 		websockets.warnDeprecated(socket, 'PUT /api/v3/users/:uid/ban');
-
-		if (!data || !Array.isArray(data.uids)) {
-			throw new Error('[[error:invalid-data]]');
-		}
-
-		await toggleBan(socket.uid, data.uids, async function (uid) {
-			await banUser(socket.uid, uid, data.until || 0, data.reason || '');
-			await flags.resolveFlag('user', uid, socket.uid);
-			await flags.resolveUserPostFlags(uid, socket.uid);
-			await events.log({
-				type: 'user-ban',
-				uid: socket.uid,
-				targetUid: uid,
-				ip: socket.ip,
-				reason: data.reason || undefined,
-			});
-			plugins.fireHook('action:user.banned', {
-				callerUid: socket.uid,
-				ip: socket.ip,
-				uid: uid,
-				until: data.until > 0 ? data.until : undefined,
-				reason: data.reason || undefined,
-			});
-			await user.auth.revokeAllSessions(uid);
-		});
+		await Promise.all(data.uids.map(async (uid) => {
+			await api.users.ban(socket, { uid });
+		}));
 	};
 
 	SocketUser.unbanUsers = async function (socket, uids) {
 		websockets.warnDeprecated(socket, 'DELETE /api/v3/users/:uid/ban');
-
-		await toggleBan(socket.uid, uids, async function (uid) {
-			await user.bans.unban(uid);
-			await events.log({
-				type: 'user-unban',
-				uid: socket.uid,
-				targetUid: uid,
-				ip: socket.ip,
-			});
-			plugins.fireHook('action:user.unbanned', {
-				callerUid: socket.uid,
-				ip: socket.ip,
-				uid: uid,
-			});
-		});
+		await Promise.all(uids.map(async (uid) => {
+			await api.users.unban(socket, { uid });
+		}));
 	};
-
-	async function toggleBan(uid, uids, method) {
-		if (!Array.isArray(uids)) {
-			throw new Error('[[error:invalid-data]]');
-		}
-		const hasBanPrivilege = await privileges.users.hasBanPrivilege(uid);
-		if (!hasBanPrivilege) {
-			throw new Error('[[error:no-privileges]]');
-		}
-
-		await Promise.all(uids.map(uid => method(uid)));
-	}
-
-	async function banUser(callerUid, uid, until, reason) {
-		const isAdmin = await user.isAdministrator(uid);
-		if (isAdmin) {
-			throw new Error('[[error:cant-ban-other-admins]]');
-		}
-
-		const banData = await user.bans.ban(uid, until, reason);
-		await db.setObjectField('uid:' + uid + ':ban:' + banData.timestamp, 'fromUid', callerUid);
-
-		if (!reason) {
-			reason = await translator.translate('[[user:info.banned-no-reason]]');
-		}
-
-		websockets.in('uid_' + uid).emit('event:banned', {
-			until: until,
-			reason: reason,
-		});
-	}
 };