Add web, discord and in-game reporting and safe server links. (#105)

* Implement Discord-based registration with Minecraft backed auth and user profiles. (#99)

* Delete message after filtering prohibited content.

* Fix spacing in network log messages.

* Make usernames more presentable in logs.

* Remove deleted channel field from being mentioned twice.

* Fixed issue where filter errors after response is sent.

* Changed from HEX to Colour

* Add /poll command.

* Add page descriptions to headers.

* Added keywords and SEO option to configuration.

* Add documentation badges for list and editors.

* Push mobile view changes for session views.

* Resolved mobile styling issues with dashboard views.

* Added a staffChannel config option and a /staffhelp command

* Resolve issues with cookie banner not showing on /register

* Made urgent change to hasPermission, allowing non-logged in users to view admin panel.

* Reformat all project files using Prettier. (#90)

* Commit not found.

* Prettify all JS and JSON files.

* Resolve issue with logout crashing.

* Separate redirect route into own file, add config option for kb and added issue tracker route.

* Change node engine to support node 18. (#92)

* Implementation of a Ranks/donation page. (#91)

* Commence work on /ranks page and Tebex integration.

* Transitioning back to JSON file, using catagory and packages

* Finish rank page implementation.

* Update perks.

* Implement a call to action button style instead and make mobile friendly.

* Made the server name look to site config for /ranks

* Change rank page descriptor.

* Commit start of rego process.

* Add more routes

* Implement 2fa interactive form element.

* Install packages for email integration

* Implement email template draft and smtp credentials.

* Commence more work on controller and tests for emails.

* Working on pathing.

* Fix pathing on email template.

* Add email header and footer and fix up routes.

* Add a rough template draft of registration

* Change registration gateway to discord, commence working on Minecraft link.

* Add user verification via /verify

* Remove all old rego code and mentions to passwords, remove email views and partials.

* Add token code expiry and draft a expiry cron task.

* Refactor getUser() into UserGetter

* Push user verification service.

* Commence drafting profiles and finalising login gateway

* Add coming soon alerts on profile features.

* Commit more profile work and db profile changes.

* Applied permissions to profile.

* Add example.env and config files.

* Added Minecraft login and chat audits, also added website login.

* Added discord voice and message audit events.

* Filled in fields for audit to complete feature development.

* Start work on profile editor.

* Start implementing social connections into editor.

* Finalise design for profile editor.

* Implemented all of the base work for API routes and controllers.

* Start on profile/display in editor and fix issue with Gravatar.

* Finalise Social Connections in display and editor.

* Fix permission node of everyone able to see dashboard, and open new tab for social connections.

* Audit: If no data, then display no data instead of invalid date

* Added profile stats for total logins and playtime.

* Add latest session with online and offline indicators.

* Add support for  verification server in /server

* Resolved issues with Server types displaying all instead of their type.

* Create dbupgrade.sql

Convert prior SCHEMA to the new schema. Use this script to upgrade from an already existing database. If creating a new database use the dbinit.sql

* Commence port to new schema.

* Fix result type return in user api and added 17 global images.

* Make unregistered failure link back to rego page.

* Set audit to skip for discord voice and chat if discord is not linked.

* Resolved issues with user api creation.

* Resolve issues with messages attempting to send to channels.

* Require the webhook package.

* Rollback to d70b343

* Changes to user route and troubleshooting discord login.

* Remove redirect returns.

* Add troubleshooting to callback.

* Push further troubleshooting.

* Add troubleshooting to isRegistered

* Add additional check and troubleshooting

* Commit

* Add a build command.

* Fix Discord oAuth (#98)

* Wrap in string for ID and secret.

* Add logging to callback.

* Add more logging.

* Add more testing

* got here marker.

* move marker.

* Move marker

* update marker

* marker 4, reveal session

* Add permission data log

* Fix issues with loading profile editor.

* On profile updates, redirect to profile.

* Add steam social and profanity filter to interests.

* Add ability for linked accounts to not trigger linking codes.

* Push profile command.

* Add ranks api to fetch by rank and user.

* Add debug for user permissions

---------

Co-authored-by: Aron Brown <webmaster@birdwingfx.com>
Co-authored-by: Ben Robson <ben@reliableit.net.au>

* Added rank permissions context into login sessions and clean up profile command. (#100)

* Start rank perms scope on user implementation

* Fix getUserPermissions to scope in rank permission nodes.

* Remove the zanderdev prefix from permissions lookup.

* Replace with amended getUserLastSession() to stop profiles from crashing.

* Refactor to stop nulls from crashing the API

* Removed all Craftatar discord side features due to traffic amplification attacks.

* Add ` in profile title username to keep formatting.

* Start work on report and locking behind login session.

* Added report support via in-game and web.

* Add discord /report command.

* Add feature blocks to apply, ranks and report. Fix staffhelp command.

* move reporting to true

* Get a timeout on db and refactor to CraftHead.

* Draft reports tab in profile.

* Finish reporting badge.

* Remove report log.

* Add safe server to features on home.

---------

Co-authored-by: Aron Brown <webmaster@birdwingfx.com>
Co-authored-by: Ben Robson <ben@reliableit.net.au>

api/common.js

@@ -220,20 +220,24 @@ export async function setBannerCookie(alertType, alertContent, res) {
     res.setCookie("alertType", alertType, {
       path: "/",
       expires: expiryTime,
+      httpOnly: true,
     });
 
     // Set Content Type
     res.setCookie("alertContent", alertContent, {
       path: "/",
       expires: expiryTime,
+      httpOnly: true,
     });
 
-    return true;
+    // Make sure to send the res
+    return res;
   } catch (error) {
     console.log(error);
   }
 }
 
+
 /*
     Sets two cookies (alertType and alertContent) with specified values and an expiration time of one second. 
     These cookies are set on the root path and are returned by the function.

api/internal_redirect/index.js

@@ -2,10 +2,12 @@ import applicationRedirectRoute from "./application";
 import serverRedirectRoute from "./server";
 import webRedirectRoute from "./web";
 import announcementsRedirectRoute from "./announcement";
+import reportRedirectRoute from "./report";
 
 export default (app, config, lang) => {
   applicationRedirectRoute(app, config, lang);
   serverRedirectRoute(app, config, lang);
+  reportRedirectRoute(app, config, lang);
   webRedirectRoute(app, config, lang);
   announcementsRedirectRoute(app, config, lang);
 };

api/internal_redirect/report.js

@@ -0,0 +1,20 @@
+import { hasPermission, postAPIRequest } from "../common";
+
+export default function reportRedirectRoute(app, config, lang) {
+  const baseEndpoint = "/redirect/report";
+
+  app.post(baseEndpoint + "/create", async function (req, res) {
+    req.body.reporterUser = req.session.user.username;
+
+    postAPIRequest(
+      `${process.env.siteAddress}/api/report/create`,
+      req.body,
+      `${process.env.siteAddress}/report`,
+      res
+    );
+
+    res.redirect(`${process.env.siteAddress}/`);
+
+    return res;
+  });
+}

api/routes/application.js

@@ -5,7 +5,7 @@ export default function applicationApiRoute(app, config, db, features, lang) {
 
   app.get(baseEndpoint + "/get", async function (req, res) {
     isFeatureEnabled(features.applications, res, lang);
-    const applicationId = optional(req.query, "applicationId");
+    const applicationId = optional(req.query, "id");
 
     try {
       function getApplications(dbQuery) {

api/routes/index.js

@@ -7,12 +7,14 @@ import userApiRoute from "./user";
 import webApiRoute from "./web";
 import filterApiRoute from "./filter";
 import rankApiRoute from "./ranks";
+import reportApiRoute from "./report";
 
 export default (app, client, moment, config, db, features, lang) => {
   announcementApiRoute(app, config, db, features, lang);
   applicationApiRoute(app, config, db, features, lang);
   discordApiRoute(app, client, config, db, features, lang);
   serverApiRoute(app, config, db, features, lang);
+  reportApiRoute(app, config, db, features, lang);
   sessionApiRoute(app, config, db, features, lang);
   userApiRoute(app, config, db, features, lang);
   webApiRoute(app, config, db, features, lang);

api/routes/report.js

@@ -0,0 +1,142 @@
+import { MessageBuilder, Webhook } from "discord-webhook-node";
+import { isFeatureEnabled, required, optional, generateLog, setBannerCookie } from "../common";
+import { Colors } from "discord.js";
+
+export default function reportApiRoute(app, config, db, features, lang) {
+  const baseEndpoint = "/api/report";
+
+  // TODO: Update docs
+  app.get(baseEndpoint + "/get", async function (req, res) {
+    isFeatureEnabled(features.report, res, lang);
+    const reporterId = optional(req.query, "reporterId");
+
+    try {
+      function getReports(dbQuery) {
+        return new Promise((resolve, reject) => {
+          db.query(dbQuery, function (error, results, fields) {
+            if (error) {
+              console.error(error);
+              reject(error);
+            } else {
+              if (!results.length) {
+                res.send({
+                  success: false,
+                  message: `There are no reports available.`,
+                });
+              } else {
+                res.send({
+                  success: true,
+                  data: results,
+                });
+              }
+              resolve();
+            }
+          });
+        });
+      }
+
+      // Get Reports that user has made
+      if (reporterId) {
+        let dbQuery = `SELECT * FROM reports WHERE reporterId=${reporterId};`;
+        await getReports(dbQuery);
+      }
+
+      // Return all reports by default
+      let dbQuery = `SELECT * FROM reports;`;
+      await getReports(dbQuery);
+    } catch (error) {
+      res.send({
+        success: false,
+        message: `${error}`,
+      });
+    }
+  });
+
+  app.post(baseEndpoint + "/create", async function (req, res) {
+    isFeatureEnabled(features.report, res, lang);
+
+    const reporterUser = required(req.body, "reporterUser", res);
+    const reportedUser = required(req.body, "reportedUser", res);
+    const reportReason = required(req.body, "reportReason", res);
+    const reportReasonEvidence = optional(
+      req.body,
+      "reportReasonEvidence",
+      res
+    );
+    const reportPlatform = required(req.body, "reportPlatform", res);
+
+    try {
+      db.query(
+        `
+        INSERT INTO 
+            reports
+        (
+            reporterId,
+            reportedUser,
+            reportReason,
+            reportReasonEvidence,
+            reportPlatform
+        ) VALUES ((SELECT userId FROM users WHERE username=?), ?, ?, ?, ?)`,
+        [
+          reporterUser,
+          reportedUser,
+          reportReason,
+          reportReasonEvidence,
+          reportPlatform,
+        ],
+        function (error, results, fields) {
+          console.log(req.body);
+
+          if (error) {
+            console.log(error);
+            console.log(results);
+
+            return res.send({
+              success: false,
+              message: `Report has failed, please try again later.`,
+            });
+          } else {
+            setBannerCookie("success", "Report has been sent.", res);
+
+            try {
+              const staffChannelHook = new Webhook(
+                config.discord.webhooks.staffChannel
+              );
+
+              const embed = new MessageBuilder()
+                .setTitle(`New Report: ${reportedUser}`)
+                .addField("Report Platform", reportPlatform, true)
+                .addField("Report By", reporterUser, true)
+                .addField("Report Reason", reportReason)
+                .setColor(Colors.Red)
+                .setTimestamp();
+
+              if (reportReasonEvidence) {
+                embed.addField("Report Evidence", reportReasonEvidence);
+              }
+
+              staffChannelHook.send(embed);
+            } catch (error) {
+              return res.send({
+                success: false,
+                message: `${error}`,
+              });
+            }
+
+            return res.send({
+              success: true,
+              message: `Thanks for your submission: ${reportedUser} for ${reportReason}.`,
+            });
+          }
+        }
+      );
+    } catch (error) {
+      return res.send({
+        success: false,
+        message: `${error}`,
+      });
+    }
+
+    return res;
+  });
+}

commands/apply.mjs

@@ -18,6 +18,20 @@ export class PolicyCommand extends Command {
   }
 
   async chatInputRun(interaction) {
+    if (!features.applications) {
+      const errorEmbed = new EmbedBuilder()
+        .setTitle("Feature Disabled")
+        .setDescription(
+          `This feature has been disabled by your System Administrator.`
+        )
+        .setColor(Colors.Red);
+
+      return interaction.reply({
+        embeds: [errorEmbed],
+        ephemeral: true,
+      });
+    }
+
     const embed = new EmbedBuilder()
       .setTitle("Network Applications")
       .setColor(Colors.Gold)

commands/profile.mjs

@@ -2,6 +2,7 @@ import { Command, RegisterBehavior } from "@sapphire/framework";
 import { Colors, EmbedBuilder } from "discord.js";
 import moment from "moment";
 import fetch from "node-fetch";
+import { getProfilePicture } from "../controllers/userController";
 
 export class ProfileCommand extends Command {
   constructor(context, options) {
@@ -45,11 +46,8 @@ export class ProfileCommand extends Command {
         empheral: false,
       });
     } else {
-      console.log(apiData.data);
-      console.log(`apiData.data.profilePicture`);
-      console.log(apiData.data.profilePicture);
-
       let isLinked = apiData.data.profileData.discordId;
+      let profilePicture = await getProfilePicture(apiData.data.profileData.username);
 
       const embed = new EmbedBuilder()
         if (isLinked) {
@@ -63,6 +61,7 @@ export class ProfileCommand extends Command {
             `Last Online ${apiData.data.profileSession.lastOnlineDiff} on ${apiData.data.profileSession.server}`
           )
           .setColor(Colors.Blurple)
+          .setThumbnail(profilePicture)
           .addFields(
             {
               name: "Date Joined",

commands/ranks.mjs

@@ -16,6 +16,20 @@ export class RanksCommand extends Command {
   }
 
   async chatInputRun(interaction) {
+    if (!features.ranks) {
+      const errorEmbed = new EmbedBuilder()
+        .setTitle("Feature Disabled")
+        .setDescription(
+          `This feature has been disabled by your System Administrator.`
+        )
+        .setColor(Colors.Red);
+
+      return interaction.reply({
+        embeds: [errorEmbed],
+        ephemeral: true,
+      });      
+    }
+
     const embed = new EmbedBuilder()
       .setTitle(`Ranks`)
       .setDescription(