diff options
author | uurgothat <cckhmck@gmail.com> | 2021-10-24 19:49:32 +0300 |
---|---|---|
committer | uurgothat <cckhmck@gmail.com> | 2021-10-24 19:49:32 +0300 |
commit | f45d1d579d7c6e845f296f7db1df983fb3170c8b (patch) | |
tree | 424d04cbf22afcac5e2be15cf8ce46165c20004b /api | |
parent | Merge branch 'master' of https://github.com/fosscord/fosscord-server (diff) | |
download | server-f45d1d579d7c6e845f296f7db1df983fb3170c8b.tar.xz |
make templates configurable + authorization
Diffstat (limited to 'api')
-rw-r--r-- | api/src/middlewares/Authentication.ts | 1 | ||||
-rw-r--r-- | api/src/routes/guilds/templates/index.ts | 48 |
2 files changed, 14 insertions, 35 deletions
diff --git a/api/src/middlewares/Authentication.ts b/api/src/middlewares/Authentication.ts index 59a181e6..a69b29a6 100644 --- a/api/src/middlewares/Authentication.ts +++ b/api/src/middlewares/Authentication.ts @@ -11,6 +11,7 @@ export const NO_AUTHORIZATION_ROUTES = [ "/experiments", "/-/readyz", "/-/healthz", + "/guilds/templates", /\/guilds\/\d+\/widget\.(json|png)/ ]; diff --git a/api/src/routes/guilds/templates/index.ts b/api/src/routes/guilds/templates/index.ts index b82fb102..dd906198 100644 --- a/api/src/routes/guilds/templates/index.ts +++ b/api/src/routes/guilds/templates/index.ts @@ -1,68 +1,46 @@ import { Request, Response, Router } from "express"; const router: Router = Router(); import { Template, Guild, Role, Snowflake, Config, User, Member } from "@fosscord/util"; +const { enabled, allowTemplateCreation, allowDiscordTemplates, allowRaws } = Config.get().templates; import { route } from "@fosscord/api"; import { DiscordApiErrors } from "@fosscord/util"; import fetch from "node-fetch"; -const { enabled, allowTemplateCreation, allowDiscordTemplates, allowOtherInstancesTemplates, allowExternalRaws } = Config.get().templates; + export interface GuildTemplateCreateSchema { name: string; avatar?: string | null; } router.get("/:code", route({}), async (req: Request, res: Response) => { - if (enabled == false) return res.json({ code: 403, message: "Templates are disabled on this instance." }).sendStatus(403); + if (!enabled) res.json({ code: 403, message: "Template creation & usage is disabled on this instance." }).sendStatus(403); + const { code } = req.params; if (code.startsWith("discord:")) { - if (allowDiscordTemplates == false) - return res.json({ code: 403, message: "Discord templates are disabled on this instance." }).sendStatus(403); + if (!allowDiscordTemplates) return res.json({ code: 403, message: "Discord templates cannot be used on this instance." }).sendStatus(403); const discordTemplateID = code.split("discord:", 2)[1]; const discordTemplateData = await fetch(`https://discord.com/api/v9/guilds/templates/${discordTemplateID}`, { method: "get", headers: { "Content-Type": "application/json" } }); + return res.json(await discordTemplateData.json()); + } - res.json(await discordTemplateData.json()); - }; - - if (code.startsWith("fosscord:")) { - if (allowOtherInstancesTemplates == false) - return res.json({ code: 403, message: "Other instance templates are disabled on this instance." }).sendStatus(403); - //TODO: TBD when federation came out - res.json({}).sendStatus(200); - }; - - //TODO: Validation if (code.startsWith("external:")) { - if (allowExternalRaws == false) - return res.json({ code: 403, message: "Importing templates from raws is disabled on this instance." }).sendStatus(403); - const url = code.split("external:", 2)[1]; - - const rawTemplateData = - (await fetch(`${url}`, { - method: "get", - headers: { "Content-Type": "application/json" } - })) || null; - - res.json( - rawTemplateData !== null - ? await rawTemplateData.json() - : { code: 500, message: "An error occurred while trying to fetch the raw." } - ); - }; + if (!allowRaws) return res.json({ code: 403, message: "Importing raws is disabled on this instance." }).sendStatus(403); - const template = await Template.findOneOrFail({ code: code }); + return res.json(code.split("external:", 2)[1]); + } + const template = await Template.findOneOrFail({ code: code }); res.json(template); }); router.post("/:code", route({ body: "GuildTemplateCreateSchema" }), async (req: Request, res: Response) => { - if (enabled == false) return res.json({ code: 403, message: "Templates are disabled on this instance." }).sendStatus(403); - if (allowTemplateCreation == false) - return res.json({ code: 403, message: "Template creation is disabled on this instance." }).sendStatus(403); + if (!enabled) return res.json({ code: 403, message: "Template creation & usage is disabled on this instance." }).sendStatus(403); + if (!allowTemplateCreation) return res.json({ code: 403, message: "Template creation is disabled on this instance." }).sendStatus(403); const { code } = req.params; const body = req.body as GuildTemplateCreateSchema; |