summary refs log tree commit diff
path: root/api/src
diff options
context:
space:
mode:
authorErkin Alp Güney <erkinalp9035@gmail.com>2022-05-15 09:12:11 +0300
committerErkin Alp Güney <erkinalp9035@gmail.com>2022-05-15 09:12:11 +0300
commitd55828a9527e051db3e3eb2ce1724473c32b9ee6 (patch)
treebdc05dee447ac343ca6d7d370162532932ac8d10 /api/src
parentmessages before/after soundness check (diff)
parentUpdate bulk-delete.ts (diff)
downloadserver-d55828a9527e051db3e3eb2ce1724473c32b9ee6.tar.xz
Merge branch 'master' of https://github.com/fosscord/fosscord-server
Diffstat (limited to 'api/src')
-rw-r--r--api/src/routes/channels/#channel_id/messages/bulk-delete.ts20
-rw-r--r--api/src/routes/channels/#channel_id/purge.ts6
2 files changed, 16 insertions, 10 deletions
diff --git a/api/src/routes/channels/#channel_id/messages/bulk-delete.ts b/api/src/routes/channels/#channel_id/messages/bulk-delete.ts
index 7a711cb0..6eacf249 100644
--- a/api/src/routes/channels/#channel_id/messages/bulk-delete.ts
+++ b/api/src/routes/channels/#channel_id/messages/bulk-delete.ts
@@ -1,5 +1,5 @@
 import { Router, Response, Request } from "express";
-import { Channel, Config, emitEvent, getPermission, MessageDeleteBulkEvent, Message } from "@fosscord/util";
+import { Channel, Config, emitEvent, getPermission, getRights, MessageDeleteBulkEvent, Message } from "@fosscord/util";
 import { HTTPError } from "lambert-server";
 import { route } from "@fosscord/api";
 import { In } from "typeorm";
@@ -12,22 +12,28 @@ export interface BulkDeleteSchema {
 	messages: string[];
 }
 
-// TODO: should users be able to bulk delete messages or only bots?
-// TODO: should this request fail, if you provide messages older than 14 days/invalid ids?
+// should users be able to bulk delete messages or only bots? ANSWER: all users
+// should this request fail, if you provide messages older than 14 days/invalid ids? ANSWER: NO
 // https://discord.com/developers/docs/resources/channel#bulk-delete-messages
 router.post("/", route({ body: "BulkDeleteSchema" }), async (req: Request, res: Response) => {
 	const { channel_id } = req.params;
 	const channel = await Channel.findOneOrFail({ id: channel_id });
 	if (!channel.guild_id) throw new HTTPError("Can't bulk delete dm channel messages", 400);
 
+	const rights = await getRights(req.user_id);
+	rights.hasThrow("SELF_DELETE_MESSAGES");
+	
+	let superuser = rights.has("MANAGE_MESSAGES");
 	const permission = await getPermission(req.user_id, channel?.guild_id, channel_id);
-	permission.hasThrow("MANAGE_MESSAGES");
-
+		
 	const { maxBulkDelete } = Config.get().limits.message;
 
 	const { messages } = req.body as { messages: string[] };
-	if (messages.length < 2) throw new HTTPError("You must at least specify 2 messages to bulk delete");
-	if (messages.length > maxBulkDelete) throw new HTTPError(`You cannot delete more than ${maxBulkDelete} messages`);
+	if (messages.length === 0) throw new HTTPError("You must specify messages to bulk delete");
+	if (!superuser) {
+		permission.hasThrow("MANAGE_MESSAGES");
+		if (messages.length > maxBulkDelete) throw new HTTPError(`You cannot delete more than ${maxBulkDelete} messages`);
+	}
 
 	await Message.delete(messages.map((x) => ({ id: x })));
 
diff --git a/api/src/routes/channels/#channel_id/purge.ts b/api/src/routes/channels/#channel_id/purge.ts
index 8a87c379..28b52b50 100644
--- a/api/src/routes/channels/#channel_id/purge.ts
+++ b/api/src/routes/channels/#channel_id/purge.ts
@@ -30,9 +30,9 @@ export interface PurgeSchema {
 	after: string
 }
 
-// TODO: should users be able to bulk delete messages or only bots?
-// TODO: should this request fail, if you provide messages older than 14 days/invalid ids?
-// https://discord.com/developers/docs/resources/channel#bulk-delete-messages
+/**
+TODO: apply the delete bit by bit to prevent client and database stress
+**/
 router.post("/", route({ /*body: "PurgeSchema",*/ }), async (req: Request, res: Response) => {
 	const { channel_id } = req.params;
 	const channel = await Channel.findOneOrFail({ id: channel_id });