diff options
| author | Erkin Alp Güney <erkinalp9035@gmail.com> | 2022-04-27 23:09:39 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-04-27 23:09:39 +0300 |
| commit | 3854af587c09e5e774779123db33da3e9e207c44 (patch) | |
| tree | dedfd431af79572757de59de751298c90a3dd0c7 | |
| parent | Hotfix for workspace (#739) (diff) | |
| parent | use return codes to allow for automation (diff) | |
| download | server-3854af587c09e5e774779123db33da3e9e207c44.tar.xz | |
Merge pull request #736 from MaddyUnderStars/backfilling
Backfilling sanitation etc
| -rw-r--r-- | api/src/routes/channels/#channel_id/messages/#message_id/index.ts | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts index 6d2bf185..958954b6 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts +++ b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts @@ -2,13 +2,16 @@ import { Attachment, Channel, Embed, + DiscordApiErrors, emitEvent, + FosscordApiErrors, getPermission, getRights, Message, MessageCreateEvent, MessageDeleteEvent, MessageUpdateEvent, + Snowflake, uploadFile } from "@fosscord/util"; import { Router, Response, Request } from "express"; @@ -16,6 +19,7 @@ import multer from "multer"; import { route } from "@fosscord/api"; import { handleMessage, postHandleMessage } from "@fosscord/api"; import { MessageCreateSchema } from "../index"; +import { HTTPError } from "lambert-server"; const router = Router(); // TODO: message content/embed string length limit @@ -90,6 +94,25 @@ router.put( const { channel_id, message_id } = req.params; var body = req.body as MessageCreateSchema; const attachments: Attachment[] = []; + + const rights = getRights(req.user_id); + rights.hasThrow("SEND_MESSAGES"); + + // regex to check if message contains anything other than numerals ( also no decimals ) + if (!message_id.match(/^\+?\d+$/)) { + throw new HTTPError("Message IDs must be positive integers", 400); + } + + const snowflake = Snowflake.deconstruct(message_id) + if (Date.now() < snowflake.timestamp) { + // message is in the future + throw FosscordApiErrors.CANNOT_BACKFILL_TO_THE_FUTURE; + } + + const exists = await Message.findOne({ where: { id: message_id, channel_id: channel_id }}); + if (exists) { + throw FosscordApiErrors.CANNOT_REPLACE_BY_BACKFILL; + } if (req.file) { try { @@ -100,8 +123,6 @@ router.put( } } const channel = await Channel.findOneOrFail({ where: { id: channel_id }, relations: ["recipients", "recipients.user"] }); - - // TODO: check the ID is not from the future, to prevent future-faking of channel histories const embeds = body.embeds || []; if (body.embed) embeds.push(body.embed); @@ -115,11 +136,9 @@ router.put( channel_id, attachments, edited_timestamp: undefined, - timestamp: undefined, // FIXME: calculate timestamp from snowflake + timestamp: new Date(snowflake.timestamp), }); - channel.last_message_id = message.id; - //Fix for the client bug delete message.member |