diff options
author | Erkin Alp Güney <erkinalp9035@gmail.com> | 2022-05-15 09:12:11 +0300 |
---|---|---|
committer | Erkin Alp Güney <erkinalp9035@gmail.com> | 2022-05-15 09:12:11 +0300 |
commit | d55828a9527e051db3e3eb2ce1724473c32b9ee6 (patch) | |
tree | bdc05dee447ac343ca6d7d370162532932ac8d10 /api/src | |
parent | messages before/after soundness check (diff) | |
parent | Update bulk-delete.ts (diff) | |
download | server-d55828a9527e051db3e3eb2ce1724473c32b9ee6.tar.xz |
Merge branch 'master' of https://github.com/fosscord/fosscord-server
Diffstat (limited to 'api/src')
-rw-r--r-- | api/src/routes/channels/#channel_id/messages/bulk-delete.ts | 20 | ||||
-rw-r--r-- | api/src/routes/channels/#channel_id/purge.ts | 6 |
2 files changed, 16 insertions, 10 deletions
diff --git a/api/src/routes/channels/#channel_id/messages/bulk-delete.ts b/api/src/routes/channels/#channel_id/messages/bulk-delete.ts index 7a711cb0..6eacf249 100644 --- a/api/src/routes/channels/#channel_id/messages/bulk-delete.ts +++ b/api/src/routes/channels/#channel_id/messages/bulk-delete.ts @@ -1,5 +1,5 @@ import { Router, Response, Request } from "express"; -import { Channel, Config, emitEvent, getPermission, MessageDeleteBulkEvent, Message } from "@fosscord/util"; +import { Channel, Config, emitEvent, getPermission, getRights, MessageDeleteBulkEvent, Message } from "@fosscord/util"; import { HTTPError } from "lambert-server"; import { route } from "@fosscord/api"; import { In } from "typeorm"; @@ -12,22 +12,28 @@ export interface BulkDeleteSchema { messages: string[]; } -// TODO: should users be able to bulk delete messages or only bots? -// TODO: should this request fail, if you provide messages older than 14 days/invalid ids? +// should users be able to bulk delete messages or only bots? ANSWER: all users +// should this request fail, if you provide messages older than 14 days/invalid ids? ANSWER: NO // https://discord.com/developers/docs/resources/channel#bulk-delete-messages router.post("/", route({ body: "BulkDeleteSchema" }), async (req: Request, res: Response) => { const { channel_id } = req.params; const channel = await Channel.findOneOrFail({ id: channel_id }); if (!channel.guild_id) throw new HTTPError("Can't bulk delete dm channel messages", 400); + const rights = await getRights(req.user_id); + rights.hasThrow("SELF_DELETE_MESSAGES"); + + let superuser = rights.has("MANAGE_MESSAGES"); const permission = await getPermission(req.user_id, channel?.guild_id, channel_id); - permission.hasThrow("MANAGE_MESSAGES"); - + const { maxBulkDelete } = Config.get().limits.message; const { messages } = req.body as { messages: string[] }; - if (messages.length < 2) throw new HTTPError("You must at least specify 2 messages to bulk delete"); - if (messages.length > maxBulkDelete) throw new HTTPError(`You cannot delete more than ${maxBulkDelete} messages`); + if (messages.length === 0) throw new HTTPError("You must specify messages to bulk delete"); + if (!superuser) { + permission.hasThrow("MANAGE_MESSAGES"); + if (messages.length > maxBulkDelete) throw new HTTPError(`You cannot delete more than ${maxBulkDelete} messages`); + } await Message.delete(messages.map((x) => ({ id: x }))); diff --git a/api/src/routes/channels/#channel_id/purge.ts b/api/src/routes/channels/#channel_id/purge.ts index 8a87c379..28b52b50 100644 --- a/api/src/routes/channels/#channel_id/purge.ts +++ b/api/src/routes/channels/#channel_id/purge.ts @@ -30,9 +30,9 @@ export interface PurgeSchema { after: string } -// TODO: should users be able to bulk delete messages or only bots? -// TODO: should this request fail, if you provide messages older than 14 days/invalid ids? -// https://discord.com/developers/docs/resources/channel#bulk-delete-messages +/** +TODO: apply the delete bit by bit to prevent client and database stress +**/ router.post("/", route({ /*body: "PurgeSchema",*/ }), async (req: Request, res: Response) => { const { channel_id } = req.params; const channel = await Channel.findOneOrFail({ id: channel_id }); |