Only allow specific server features to be edited

2 files changed, 27 insertions, 0 deletions

diff --git a/src/api/routes/guilds/#guild_id/index.ts b/src/api/routes/guilds/#guild_id/index.ts
index fb3589cb..1e976293 100644
--- a/src/api/routes/guilds/#guild_id/index.ts
+++ b/src/api/routes/guilds/#guild_id/index.ts
@@ -9,6 +9,7 @@ import {
 	handleFile,
 	Member,
 	GuildUpdateSchema,
+	FosscordApiErrors,
 } from "@fosscord/util";
 import { HTTPError } from "lambert-server";
 import { route } from "@fosscord/api";
@@ -74,6 +75,27 @@ router.patch(
 				body.discovery_splash,
 			);
 
+		if (body.features) {
+			const diff = guild.features.filter(x => !body.features?.includes(x))
+				.concat(body.features.filter(x => !guild.features.includes(x)));
+
+			// TODO move these
+			const MUTABLE_FEATURES = [
+				"COMMUNITY",
+				"INVITES_DISABLED",
+				"DISCOVERABLE",
+			];
+
+			for (var feature of diff) {
+				if (MUTABLE_FEATURES.includes(feature)) continue;
+
+				throw FosscordApiErrors.FEATURE_IS_IMMUTABLE.withParams(feature);
+			}
+
+			// for some reason, they don't update in the assign.
+			guild.features = body.features;
+		}
+
 		// TODO: check if body ids are valid
 		guild.assign(body);
 
diff --git a/src/util/util/Constants.ts b/src/util/util/Constants.ts
index 46cf2e4f..b84a8178 100644
--- a/src/util/util/Constants.ts
+++ b/src/util/util/Constants.ts
@@ -1043,6 +1043,11 @@ export const FosscordApiErrors = {
 		45006,
 		501,
 	),
+	FEATURE_IS_IMMUTABLE : new ApiError(
+		"The feature ({}) cannot be edited.",
+		45007,
+		403,
+	),
 	MISSING_RIGHTS: new ApiError(
 		"You lack rights to perform that action ({})",
 		50013,