diff options
| author | Erkin Alp Güney <erkinalp9035@gmail.com> | 2022-04-30 00:39:44 +0300 |
|---|---|---|
| committer | Erkin Alp Güney <erkinalp9035@gmail.com> | 2022-04-30 00:39:44 +0300 |
| commit | 9d908e0877d20f2c2814f2c10b13c31558bf5372 (patch) | |
| tree | 27a0ab03e71834e5f152daa7ce14bcd7a11ef38e | |
| parent | introduce the purge endpoint (diff) | |
| download | server-9d908e0877d20f2c2814f2c10b13c31558bf5372.tar.xz | |
patch for missing router schema, and also add purge route self-deletion checks
| -rw-r--r-- | api/src/routes/channels/#channel_id/purge.ts | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/api/src/routes/channels/#channel_id/purge.ts b/api/src/routes/channels/#channel_id/purge.ts index e66034e4..8a87c379 100644 --- a/api/src/routes/channels/#channel_id/purge.ts +++ b/api/src/routes/channels/#channel_id/purge.ts @@ -1,7 +1,7 @@ import { HTTPError } from "lambert-server"; import { route } from "@fosscord/api"; import { isTextChannel } from "./messages"; -import { FindManyOptions, Between } from "typeorm"; +import { FindManyOptions, Between, Not } from "typeorm"; import { Attachment, Channel, @@ -33,7 +33,7 @@ export interface PurgeSchema { // TODO: should users be able to bulk delete messages or only bots? // TODO: should this request fail, if you provide messages older than 14 days/invalid ids? // https://discord.com/developers/docs/resources/channel#bulk-delete-messages -router.post("/", route({ body: "PurgeSchema", right: "SELF_DELETE_MESSAGES" }), async (req: Request, res: Response) => { +router.post("/", route({ /*body: "PurgeSchema",*/ }), async (req: Request, res: Response) => { const { channel_id } = req.params; const channel = await Channel.findOneOrFail({ id: channel_id }); @@ -50,18 +50,27 @@ router.post("/", route({ body: "PurgeSchema", right: "SELF_DELETE_MESSAGES" }), const { before, after } = req.body as PurgeSchema; // TODO: send the deletion event bite-by-bite to prevent client stress + var query: FindManyOptions<Message> & { where: { id?: any; }; } = { order: { id: "ASC" }, // take: limit, where: { channel_id, id: Between(after, before), // the right way around + author_id: rights.has("SELF_DELETE_MESSAGES") ? undefined : Not(req.user_id) + // if you lack the right of self-deletion, you can't delete your own messages, even in purges }, relations: ["author", "webhook", "application", "mentions", "mention_roles", "mention_channels", "sticker_items", "attachments"] }; + const messages = await Message.find(query); const endpoint = Config.get().cdn.endpointPublic; + + if (messages.length == 0) { + res.sendStatus(304); + return; + } await Message.delete(messages.map((x) => ({ id: x }))); |