invaliduser/knightrider
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fixed issues check pachage.json note (untested)

Browse source
This commit is contained in:
404invalid-user 2021-08-28 22:02:02 +01:00
parent f7f64473e6
commit 425c617f23
11 changed files with 119 additions and 125 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.vscode/settings.json vendored
View file

@ -1,3 +0,0 @@
{
"git.ignoreLimitWarning": true
}

4
package.json
View file

@ -1,8 +1,8 @@
{ {
"name": "knightrider", "name": "knightrider",
"version": "4.8.420", "version": "4.8.434",
"description": "a bot for a private discord server", "description": "a bot for a private discord server",
"updatenote": "major update: now using a database, fixed exploit that allowed users to add the bot to their server give themself the Staff role and edit staff only options in CWH11's Hangout Crew, multiple server support, a better dashboard and now opensource.", "updatenote": "small update (untested): fixed non staff from accessing dashboard by doing to domain/server/:server-id",
"main": "./src/knightrider.js", "main": "./src/knightrider.js",
"scripts": { "scripts": {
"start": "node ./src/knightrider.js", "start": "node ./src/knightrider.js",

2
src/express/get/dashboard/dashboard.js
View file

@ -81,7 +81,7 @@ module.exports = {
if (userGuild.owner == true) { if (userGuild.owner == true) {
guilds.push({ id: userGuild.id, name: userGuild.name, icon: `https://cdn.discordapp.com/icons/${userGuild.id}/${userGuild.icon}.webp`, mutual: true, userPermission: 'owner' }); guilds.push({ id: userGuild.id, name: userGuild.name, icon: `https://cdn.discordapp.com/icons/${userGuild.id}/${userGuild.icon}.webp`, mutual: true, userPermission: 'owner' });
} else { } else {
if (client.guilds.cache.get(currentServer.id).members.find(userInfo.id).roles.cache.find(r => currentServer.staffRoles.includes(r.name))) { if (client.guilds.cache.get(currentServer.id).members.cache.get(userInfo.id).roles.cache.find(r => currentServer.staffRoles.includes(r.name))) {
guilds.push({ id: userGuild.id, name: userGuild.name, icon: `https://cdn.discordapp.com/icons/${userGuild.id}/${userGuild.icon}.webp`, mutual: true, userPermission: 'staffrole' }); guilds.push({ id: userGuild.id, name: userGuild.name, icon: `https://cdn.discordapp.com/icons/${userGuild.id}/${userGuild.icon}.webp`, mutual: true, userPermission: 'staffrole' });
} else { } else {
currentServer.staff.forEach(userid => { currentServer.staff.forEach(userid => {

12
src/express/get/dashboard/filter.js
View file

@ -15,13 +15,9 @@ module.exports = {
let currentUser = await Userdashboard.findOne({ userId: res.locals.cookie.id }) let currentUser = await Userdashboard.findOne({ userId: res.locals.cookie.id })
let currentServer = await Server.findOne({ id: req.params.serverid }) let currentServer = await Server.findOne({ id: req.params.serverid })
if (currentServer == null) return res.render('404.ejs') if (currentServer == null) return res.render('404.ejs')
let hasAccess = false; let guild = await currentUser.guilds[currentServer.id];
await currentUser.guilds.forEach(guild => { if (guild.userPermission == 'owner' || guild.userPermission == 'MANAGE_GUILD' || currentServer.staff.includes(currentUser.userId)) {
if (guild.userPermission == 'owner' || guild.userPermission == 'MANAGE_GUILD' || currentServer.staff.includes(currentUser.userId)) { let hasAccess = false;
hasAccess = true;
};
});
if (hasAccess == true) {
await currentUser.accessCodes.forEach(async(userCode) => { await currentUser.accessCodes.forEach(async(userCode) => {
if (res.locals.cookie.accesscode == userCode.code) { if (res.locals.cookie.accesscode == userCode.code) {
@ -33,7 +29,7 @@ module.exports = {
if (hasAccess == false) return res.redirect('/login?ninvalidcode'); if (hasAccess == false) return res.redirect('/login?ninvalidcode');
} else { } else {
await res.status(401).render('error.ejs', { errorMessage: null, error: "you do not have access to the admin dashboard if you are a member of staff fill out http://knightrider.rf.gd/er/admin.php", userInfo: { id: req.query.userid, username: req.query.userame, avatar: req.query.userAvatar } }) await res.status(401).render('error.ejs', { errorMessage: null, error: "you do not have access to the admin dashboard if you are a member of staff tell the bot owner", userInfo: { id: req.query.userid, username: req.query.userame, avatar: req.query.userAvatar } })
} }
} catch (error) { } catch (error) {
console.log(error) console.log(error)

12
src/express/get/dashboard/reactionroles.js
View file

@ -16,13 +16,9 @@ module.exports = {
if (currentUser == null) return res.render('404.ejs') if (currentUser == null) return res.render('404.ejs')
let currentServer = await Server.findOne({ id: req.params.serverid }) let currentServer = await Server.findOne({ id: req.params.serverid })
if (currentServer == null) return res.render('404.ejs') if (currentServer == null) return res.render('404.ejs')
let hasAccess = false; let guild = await currentUser.guilds[currentServer.id];
await currentUser.guilds.forEach(guild => { if (guild.userPermission == 'owner' || guild.userPermission == 'MANAGE_GUILD' || currentServer.staff.includes(currentUser.userId)) {
if (guild.userPermission == 'owner' || guild.userPermission == 'MANAGE_GUILD' || currentServer.staff.includes(currentUser.userId)) { let hasAccess = false;
hasAccess = true;
};
});
if (hasAccess == true) {
let listedRoles = []; let listedRoles = [];
let listedChannels = []; let listedChannels = [];
let server = await client.guilds.cache.get(currentServer.id); let server = await client.guilds.cache.get(currentServer.id);
@ -41,7 +37,7 @@ module.exports = {
}); });
if (hasAccess == false) return res.redirect('/login?ninvalidcode'); if (hasAccess == false) return res.redirect('/login?ninvalidcode');
} else { } else {
await res.status(401).render('error.ejs', { errorMessage: null, error: "you do not have access to the admin dashboard if you are a member of staff fill out http://knightrider.rf.gd/er/admin.php", userInfo: { id: req.query.userid, username: req.query.userame, avatar: req.query.userAvatar } }) await res.status(401).render('error.ejs', { errorMessage: null, error: "you do not have access to the admin dashboard if you are a member of staff tell the bot owner", userInfo: { id: req.query.userid, username: req.query.userame, avatar: req.query.userAvatar } })
} }
} catch (error) { } catch (error) {
console.log(error) console.log(error)

14
src/express/get/dashboard/server.js
View file

@ -16,13 +16,9 @@ module.exports = {
if (currentUser == null) return res.redirect('/login'); if (currentUser == null) return res.redirect('/login');
let currentServer = await Server.findOne({ id: req.params.serverid }) let currentServer = await Server.findOne({ id: req.params.serverid })
if (currentServer == null) return res.render('404.ejs'); if (currentServer == null) return res.render('404.ejs');
let hasAccess = false; let guild = await currentUser.guilds[currentServer.id];
await currentUser.guilds.forEach(guild => { if (guild.userPermission == 'owner' || guild.userPermission == 'MANAGE_GUILD' || currentServer.staff.includes(currentUser.userId)) {
if (guild.userPermission == 'owner' || guild.userPermission == 'MANAGE_GUILD' || currentServer.staff.includes(currentUser.userId)) { let hasAccess = false;
hasAccess = true;
};
});
if (hasAccess == true) {
await currentUser.accessCodes.forEach(async(userCode) => { await currentUser.accessCodes.forEach(async(userCode) => {
if (res.locals.cookie.accesscode == userCode.code) { if (res.locals.cookie.accesscode == userCode.code) {
hasAccess = true; hasAccess = true;
@ -32,8 +28,8 @@ module.exports = {
}); });
if (hasAccess == false) return res.redirect('/login?ninvalidcode'); if (hasAccess == false) return res.redirect('/login?ninvalidcode');
} else { } else {
await res.status(401).render('error.ejs', { errorMessage: null, error: "you do not have access to the admin dashboard if you are a member of staff fill out http://knightrider.rf.gd/er/admin.php", userInfo: { id: req.query.userid, username: req.query.userame, avatar: req.query.userAvatar } }) await res.status(401).render('error.ejs', { errorMessage: null, error: "you do not have access to the admin dashboard if you are a member of staff tell the bot owner", userInfo: { id: req.query.userid, username: req.query.userame, avatar: req.query.userAvatar } })
}; }
} catch (error) { } catch (error) {
console.log(error) console.log(error)

25
src/express/post/api/updatefilter.js
View file

@ -13,17 +13,22 @@ module.exports = {
if (currentUser == null) return res.status(404).json({ error: "404 - cant find you in the db" }); if (currentUser == null) return res.status(404).json({ error: "404 - cant find you in the db" });
let currentServer = await Server.findOne({ id: req.body.server.id }); let currentServer = await Server.findOne({ id: req.body.server.id });
if (currentServer == null) return res.status(404).json({ error: "404 - cant find that server in the db" }); if (currentServer == null) return res.status(404).json({ error: "404 - cant find that server in the db" });
let guild = await currentUser.guilds[currentServer.id];
if (guild.userPermission == 'owner' || guild.userPermission == 'MANAGE_GUILD' || currentServer.staff.includes(currentUser.userId)) {
let hasAccess = false; let hasAccess = false;
await currentUser.accessCodes.forEach(async(userCode) => { await currentUser.accessCodes.forEach(async(userCode) => {
if (req.body.user.accesscode == userCode.code) { if (req.body.user.accesscode == userCode.code) {
hasAccess = true; hasAccess = true;
currentServer.filter.normal = await req.body.normalFilter; currentServer.filter.normal = await req.body.normalFilter;
currentServer.filter.safe = await req.body.safeFilter; currentServer.filter.safe = await req.body.safeFilter;
currentServer.save(); currentServer.save();
return res.status(200).json({ error: "no", message: "filters have been updates" }); return res.status(200).json({ error: "no", message: "filters have been updates" });
}; };
}); });
} else {
return res.status(401).json({ error: "401 - unauthorised", info: "your user does not own the server or have a staff role or pi is listed as a staff member" });
};
if (hasAccess == false) return res.status(401).json({ error: "401 - unauthorised", info: "please include your accesscode and user id to use this api more info in the docs " + conf.domain + '/docs' }); if (hasAccess == false) return res.status(401).json({ error: "401 - unauthorised", info: "please include your accesscode and user id to use this api more info in the docs " + conf.domain + '/docs' });

37
src/express/post/api/updateoverview.js
View file

@ -13,23 +13,28 @@ module.exports = {
if (currentUser == null) return res.status(404).json({ error: "404 - cant find you in the db", message: "that user id cant be found" }); if (currentUser == null) return res.status(404).json({ error: "404 - cant find you in the db", message: "that user id cant be found" });
let currentServer = await Server.findOne({ id: req.body.server.id }); let currentServer = await Server.findOne({ id: req.body.server.id });
if (currentServer == null) return res.status(404).json({ error: "404 - cant find that server in the db", message: "that server id cant be found" }); if (currentServer == null) return res.status(404).json({ error: "404 - cant find that server in the db", message: "that server id cant be found" });
let guild = await currentUser.guilds[currentServer.id];
if (guild.userPermission == 'owner' || guild.userPermission == 'MANAGE_GUILD' || currentServer.staff.includes(currentUser.userId)) {
let hasAccess = false; let hasAccess = false;
await currentUser.accessCodes.forEach(async(userCode) => { await currentUser.accessCodes.forEach(async(userCode) => {
if (req.body.user.accesscode == userCode.code) { if (req.body.user.accesscode == userCode.code) {
hasAccess = true; hasAccess = true;
//apply all data from the req to the db (probabbly a better way to do this) //apply all data from the req to the db (probabbly a better way to do this)
currentServer.prefix = req.body.prefix || prefix; currentServer.prefix = req.body.prefix || prefix;
currentServer.staff = req.body.staffids || []; currentServer.staff = req.body.staffids || [];
currentServer.staffRoles = req.body.staffRoles || []; currentServer.staffRoles = req.body.staffRoles || [];
currentServer.channels.modLogs = req.body.channels.modlogs || ' '; currentServer.channels.modLogs = req.body.channels.modlogs || ' ';
currentServer.channels.announcments = req.body.channels.announcments || ' '; currentServer.channels.announcments = req.body.channels.announcments || ' ';
currentServer.channels.townhall = req.body.channels.townhall || ' '; currentServer.channels.townhall = req.body.channels.townhall || ' ';
currentServer.channels.townhallLogs = req.body.channels.townhallLogs || ' '; currentServer.channels.townhallLogs = req.body.channels.townhallLogs || ' ';
currentServer.save(); currentServer.save();
return res.status(200); return res.status(200);
}; };
}); });
} else {
return res.status(401).json({ error: "401 - unauthorised", info: "your user does not own the server or have a staff role or pi is listed as a staff member" });
};
if (hasAccess == false) return res.status(401).JSON({ error: "401 - unauthorised", info: "please include your accesscode and user id to use this api more info in the docs " + conf.domain + '/docs' }); if (hasAccess == false) return res.status(401).JSON({ error: "401 - unauthorised", info: "please include your accesscode and user id to use this api more info in the docs " + conf.domain + '/docs' });

110
src/express/post/api/updatereactionroles.js
View file

@ -12,63 +12,67 @@ module.exports = {
if (currentUser == null) return res.status(404).json({ error: "404 - cant find you in the db" }); if (currentUser == null) return res.status(404).json({ error: "404 - cant find you in the db" });
let currentServer = await Server.findOne({ id: req.body.server.id }); let currentServer = await Server.findOne({ id: req.body.server.id });
if (currentServer == null) return res.status(404).json({ error: "404 - cant find that server in the db" }); if (currentServer == null) return res.status(404).json({ error: "404 - cant find that server in the db" });
let guild = await currentUser.guilds[currentServer.id];
let hasAccess = false; if (guild.userPermission == 'owner' || guild.userPermission == 'MANAGE_GUILD' || currentServer.staff.includes(currentUser.userId)) {
await currentUser.accessCodes.forEach(async(userCode) => { let hasAccess = false;
if (req.body.user.accesscode == userCode.code) { await currentUser.accessCodes.forEach(async(userCode) => {
hasAccess = true; if (req.body.user.accesscode == userCode.code) {
currentServer.reactionRoles = await req.body.reactionRoles; hasAccess = true;
currentServer.save(); currentServer.reactionRoles = await req.body.reactionRoles;
let eachChannelRoles = {}; currentServer.save();
await currentServer.reactionRoles.forEach(role => { let eachChannelRoles = {};
if (!eachChannelRoles[role.channelID]) { await currentServer.reactionRoles.forEach(role => {
eachChannelRoles[role.channelID] = [{ if (!eachChannelRoles[role.channelID]) {
roleID: role.roleID, eachChannelRoles[role.channelID] = [{
emoji: role.emoji roleID: role.roleID,
}]; emoji: role.emoji
} else { }];
eachChannelRoles[role.channelID].push({ } else {
roleID: role.roleID, eachChannelRoles[role.channelID].push({
emoji: role.emoji roleID: role.roleID,
}); emoji: role.emoji
}; });
}); };
for (let i in eachChannelRoles) {
let rolesEmbed = {
color: conf.colour.ok,
title: 'ReactionRoles',
url: conf.domain,
author: {
name: conf.bot.name,
icon_url: conf.bot.logo,
url: conf.bot.url,
},
description: 'react with the appropriate emoji to get your role',
fields: [],
timestamp: new Date(),
footer: {
text: currentServer.name,
},
};
await eachChannelRoles[i].forEach(role => {
rolesEmbed.fields.push({
name: '\u200B',
value: '<@&' + role.roleID + '> - ' + role.emoji,
});
}); });
const channel = client.guilds.cache.get(currentServer.id).channels.cache.get(i) for (let i in eachChannelRoles) {
if (channel !== undefined) { let rolesEmbed = {
const msg = await channel.send({ embed: rolesEmbed }); color: conf.colour.ok,
eachChannelRoles[i].forEach(role => { title: 'ReactionRoles',
msg.react(role.emoji); url: conf.domain,
author: {
name: conf.bot.name,
icon_url: conf.bot.logo,
url: conf.bot.url,
},
description: 'react with the appropriate emoji to get your role',
fields: [],
timestamp: new Date(),
footer: {
text: currentServer.name,
},
};
await eachChannelRoles[i].forEach(role => {
rolesEmbed.fields.push({
name: '\u200B',
value: '<@&' + role.roleID + '> - ' + role.emoji,
});
}); });
const channel = client.guilds.cache.get(currentServer.id).channels.cache.get(i)
if (channel !== undefined) {
const msg = await channel.send({ embed: rolesEmbed });
eachChannelRoles[i].forEach(role => {
msg.react(role.emoji);
});
};
}; };
return res.status(200).json({ error: "no", message: "reactionroles have been updates" });
}; };
return res.status(200).json({ error: "no", message: "reactionroles have been updates" }); });
}; } else {
}); return res.status(401).json({ error: "401 - unauthorised", info: "your user does not own the server or have a staff role or pi is listed as a staff member" });
}
if (hasAccess == false) return res.status(401).json({ error: "401 - unauthorised", info: "please include your accesscode and user id to use this api more info in the docs " + conf.domain + '/docs' }); if (hasAccess == false) return res.status(401).json({ error: "401 - unauthorised", info: "please include your accesscode and user id to use this api more info in the docs " + conf.domain + '/docs' });
} catch (error) { } catch (error) {
console.log(error); console.log(error);

22
src/express/www/static/js/reactionroles.js
View file

@ -16,18 +16,13 @@ function loadroles() {
document.getElementById("ReactionRoles").innerHTML = rrstr; document.getElementById("ReactionRoles").innerHTML = rrstr;
} }
async function addReactionRole() { async function addReactionRole() {
document.getElementById("info").innerHTML = '' document.getElementById("info").innerHTML = ''
var channel = document.getElementById('ReactionRoleChannel').value.toLowerCase().replace(' ', '') var channel = document.getElementById('ReactionRoleChannel').value.toLowerCase().replace(' ', '')
var role = document.getElementById('ReactionRole').value.toLowerCase().replace(' ', ''); var role = document.getElementById('ReactionRole').value.toLowerCase().replace(' ', '');
var emoji = document.getElementById('ReactionRoleEmoji').value; var emoji = document.getElementById('ReactionRoleEmoji').value;
await reactionRoles.push({ channelID: channel, roleID: role, emoji: emoji }); await reactionRoles.push({ channelID: channel, roleID: role, emoji: emoji });
loadroles() loadroles()
document.getElementById('ReactionRoleChannel').value = '';
document.getElementById('ReactionRole').value = ''; document.getElementById('ReactionRole').value = '';
document.getElementById('ReactionRoleEmoji').value = ''; document.getElementById('ReactionRoleEmoji').value = '';
} }
@ -35,18 +30,17 @@ async function addReactionRole() {
async function removeReactionRole() { async function removeReactionRole() {
document.getElementById("info").innerHTML = '' document.getElementById("info").innerHTML = ''
var role = document.getElementById('ReactionRole').value.toLowerCase().replace(' ', ''); var role = document.getElementById('ReactionRole').value.toLowerCase().replace(' ', '');
var channel = document.getElementById('ReactionRoleChannel').value.toLowerCase().replace(' ', '') var channel = document.getElementById('ReactionRoleChannel').value.toLowerCase().replace(' ', '');
var emoji = document.getElementById('ReactionRoleEmoji').value;
for (let i = 0; i < reactionRoles.length; i++) { for (let i = 0; i < reactionRoles.length; i++) {
if (reactionRoles[i].channelID == channel) { if (reactionRoles[i].channelID == channel) {
if (reactionRoles[i].roleID == role) { if (reactionRoles[i].roleID == role) {
reactionRoles.splice(i, 1); if (reactionRoles[i].emoji == emoji) {
loadroles() reactionRoles.splice(i, 1);
document.getElementById('ReactionRoleChannel').value = ''; loadroles()
document.getElementById('ReactionRole').value = ''; document.getElementById('ReactionRole').value = '';
document.getElementById('ReactionRoleEmoji').value = ''; document.getElementById('ReactionRoleEmoji').value = '';
};
}; };
}; };
}; };

3
src/funcs/otr.js
View file

@ -2,8 +2,9 @@
* licence https://github.com/404invalid-user/knightrider/blob/main/LICENCE * licence https://github.com/404invalid-user/knightrider/blob/main/LICENCE
*/ */
const getServer = require('../funcs/getserver'); const getServer = require('../funcs/getserver');
const conf = require('../conf/conf.json')
module.exports = { module.exports = {
otrCommand: async function(message, args, Discord, client) { otrCommand: async function(message, args, Discord, server, messageUser, client) {
if (message.author.id == conf.cwh11) { if (message.author.id == conf.cwh11) {
let server = getServer(message); let server = getServer(message);
if (server == null) return message.channel.send("this server isnt in the db"); if (server == null) return message.channel.send("this server isnt in the db");