diff options
| author | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-04-24 16:09:38 +1000 |
|---|---|---|
| committer | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-04-24 16:09:38 +1000 |
| commit | fcc104d60ca509dbc2f31ff62987a5daedf1e7d3 (patch) | |
| tree | c0fd84445dc74e8a8d4e4e03c5646b2227248071 | |
| parent | Merge branch 'master' of https://github.com/fosscord/fosscord-server (diff) | |
| download | server-fcc104d60ca509dbc2f31ff62987a5daedf1e7d3.tar.xz | |
While backfilling, message ids must now be valid snowflakes, cannot be in the future, and cannot overwrite existing messages
| -rw-r--r-- | api/src/routes/channels/#channel_id/messages/#message_id/index.ts | 24 |
1 files changed, 19 insertions, 5 deletions
diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts index 6d2bf185..8d2bd5cb 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts +++ b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts @@ -16,6 +16,8 @@ import multer from "multer"; import { route } from "@fosscord/api"; import { handleMessage, postHandleMessage } from "@fosscord/api"; import { MessageCreateSchema } from "../index"; +import { Snowflake } from "@fosscord/util"; +import { HTTPError } from "lambert-server"; const router = Router(); // TODO: message content/embed string length limit @@ -91,6 +93,22 @@ router.put( var body = req.body as MessageCreateSchema; const attachments: Attachment[] = []; + // regex to check if message contains anything other than numerals ( also no decimals ) + if (!message_id.match(/^\+?\d+$/)) { + throw new HTTPError("Message IDs must be positive integers") + } + + const snowflake = Snowflake.deconstruct(message_id) + if (Date.now() < snowflake.timestamp) { + // message is in the future + throw new HTTPError("You cannot backfill messages in the future", 400); + } + + const exists = await Message.findOne({ where: { id: message_id, channel_id: channel_id }}); + if (exists) { + throw new HTTPError("Cannot backfill to message ID that already exists", 400); + } + if (req.file) { try { const file = await uploadFile(`/attachments/${req.params.channel_id}`, req.file); @@ -100,8 +118,6 @@ router.put( } } const channel = await Channel.findOneOrFail({ where: { id: channel_id }, relations: ["recipients", "recipients.user"] }); - - // TODO: check the ID is not from the future, to prevent future-faking of channel histories const embeds = body.embeds || []; if (body.embed) embeds.push(body.embed); @@ -115,11 +131,9 @@ router.put( channel_id, attachments, edited_timestamp: undefined, - timestamp: undefined, // FIXME: calculate timestamp from snowflake + timestamp: new Date(snowflake.timestamp), }); - channel.last_message_id = message.id; - //Fix for the client bug delete message.member |