diff options
author | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-08-22 22:12:00 +1000 |
---|---|---|
committer | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-08-22 22:12:00 +1000 |
commit | afefa5d64bd6cde7d6efa3a9a5a3ec67a6ca29a8 (patch) | |
tree | 07779150eba77c27bf75bc0c7890f4a3f976716e /src/api/routes/channels/#channel_id/messages | |
parent | removed char joiners as they are actually useful, added page break (diff) | |
parent | Merge remote-tracking branch 'Puyodead1/patch/prettier-config' into staging (diff) | |
download | server-afefa5d64bd6cde7d6efa3a9a5a3ec67a6ca29a8.tar.xz |
Merge remote-tracking branch 'upstream/staging' into fix/categoryNames
Diffstat (limited to '')
-rw-r--r-- | src/api/routes/channels/#channel_id/messages/#message_id/ack.ts (renamed from api/src/routes/channels/#channel_id/messages/#message_id/ack.ts) | 14 | ||||
-rw-r--r-- | src/api/routes/channels/#channel_id/messages/#message_id/crosspost.ts (renamed from api/src/routes/channels/#channel_id/messages/#message_id/crosspost.ts) | 0 | ||||
-rw-r--r-- | src/api/routes/channels/#channel_id/messages/#message_id/index.ts (renamed from api/src/routes/channels/#channel_id/messages/#message_id/index.ts) | 43 | ||||
-rw-r--r-- | src/api/routes/channels/#channel_id/messages/#message_id/reactions.ts (renamed from api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts) | 22 | ||||
-rw-r--r-- | src/api/routes/channels/#channel_id/messages/bulk-delete.ts (renamed from api/src/routes/channels/#channel_id/messages/bulk-delete.ts) | 28 | ||||
-rw-r--r-- | src/api/routes/channels/#channel_id/messages/index.ts (renamed from api/src/routes/channels/#channel_id/messages/index.ts) | 122 |
6 files changed, 120 insertions, 109 deletions
diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts b/src/api/routes/channels/#channel_id/messages/#message_id/ack.ts index 885c5eca..041f4d5e 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts +++ b/src/api/routes/channels/#channel_id/messages/#message_id/ack.ts @@ -1,26 +1,18 @@ import { emitEvent, getPermission, MessageAckEvent, ReadState, Snowflake } from "@fosscord/util"; import { Request, Response, Router } from "express"; import { route } from "@fosscord/api"; +import { OrmUtils } from "@fosscord/util"; const router = Router(); -// TODO: public read receipts & privacy scoping -// TODO: send read state event to all channel members -// TODO: advance-only notification cursor - -export interface MessageAcknowledgeSchema { - manual?: boolean; - mention_count?: number; -} - router.post("/", route({ body: "MessageAcknowledgeSchema" }), async (req: Request, res: Response) => { const { channel_id, message_id } = req.params; const permission = await getPermission(req.user_id, undefined, channel_id); permission.hasThrow("VIEW_CHANNEL"); - let read_state = await ReadState.findOne({ user_id: req.user_id, channel_id }); - if (!read_state) read_state = new ReadState({ user_id: req.user_id, channel_id }); + let read_state = await ReadState.findOne({ where: { user_id: req.user_id, channel_id } }); + if (!read_state) read_state = OrmUtils.mergeDeep(new ReadState(), { user_id: req.user_id, channel_id }) as ReadState; read_state.last_message_id = message_id; await read_state.save(); diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/crosspost.ts b/src/api/routes/channels/#channel_id/messages/#message_id/crosspost.ts index b2cb6763..b2cb6763 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/crosspost.ts +++ b/src/api/routes/channels/#channel_id/messages/#message_id/crosspost.ts diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts b/src/api/routes/channels/#channel_id/messages/#message_id/index.ts index 6d2bf185..d7e27062 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts +++ b/src/api/routes/channels/#channel_id/messages/#message_id/index.ts @@ -2,20 +2,24 @@ import { Attachment, Channel, Embed, + DiscordApiErrors, emitEvent, + FosscordApiErrors, getPermission, getRights, Message, MessageCreateEvent, MessageDeleteEvent, MessageUpdateEvent, - uploadFile + Snowflake, + uploadFile, + MessageCreateSchema } from "@fosscord/util"; import { Router, Response, Request } from "express"; import multer from "multer"; import { route } from "@fosscord/api"; import { handleMessage, postHandleMessage } from "@fosscord/api"; -import { MessageCreateSchema } from "../index"; +import { HTTPError } from "@fosscord/util"; const router = Router(); // TODO: message content/embed string length limit @@ -31,7 +35,7 @@ const messageUpload = multer({ router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES", right: "SEND_MESSAGES" }), async (req: Request, res: Response) => { const { message_id, channel_id } = req.params; - var body = req.body as MessageCreateSchema; + let body = req.body as MessageCreateSchema; const message = await Message.findOneOrFail({ where: { id: message_id, channel_id }, relations: ["attachments"] }); @@ -88,20 +92,37 @@ router.put( route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES", right: "SEND_BACKDATED_EVENTS" }), async (req: Request, res: Response) => { const { channel_id, message_id } = req.params; - var body = req.body as MessageCreateSchema; + let body = req.body as MessageCreateSchema; const attachments: Attachment[] = []; + + const rights = await getRights(req.user_id); + rights.hasThrow("SEND_MESSAGES"); + + // regex to check if message contains anything other than numerals ( also no decimals ) + if (!message_id.match(/^\+?\d+$/)) { + throw new HTTPError("Message IDs must be positive integers", 400); + } + + const snowflake = Snowflake.deconstruct(message_id) + if (Date.now() < snowflake.timestamp) { + // message is in the future + throw FosscordApiErrors.CANNOT_BACKFILL_TO_THE_FUTURE; + } + + const exists = await Message.findOne({ where: { id: message_id, channel_id: channel_id }}); + if (exists) { + throw FosscordApiErrors.CANNOT_REPLACE_BY_BACKFILL; + } if (req.file) { try { - const file = await uploadFile(`/attachments/${req.params.channel_id}`, req.file); + const file: any = await uploadFile(`/attachments/${req.params.channel_id}`, req.file); attachments.push({ ...file, proxy_url: file.url }); } catch (error) { return res.status(400).json(error); } } const channel = await Channel.findOneOrFail({ where: { id: channel_id }, relations: ["recipients", "recipients.user"] }); - - // TODO: check the ID is not from the future, to prevent future-faking of channel histories const embeds = body.embeds || []; if (body.embed) embeds.push(body.embed); @@ -115,11 +136,9 @@ router.put( channel_id, attachments, edited_timestamp: undefined, - timestamp: undefined, // FIXME: calculate timestamp from snowflake + timestamp: new Date(snowflake.timestamp), }); - channel.last_message_id = message.id; - //Fix for the client bug delete message.member @@ -150,8 +169,8 @@ router.get("/", route({ permission: "VIEW_CHANNEL" }), async (req: Request, res: router.delete("/", route({}), async (req: Request, res: Response) => { const { message_id, channel_id } = req.params; - const channel = await Channel.findOneOrFail({ id: channel_id }); - const message = await Message.findOneOrFail({ id: message_id }); + const channel = await Channel.findOneOrFail({ where: { id: channel_id } }); + const message = await Message.findOneOrFail({ where: { id: message_id } }); const rights = await getRights(req.user_id); diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts b/src/api/routes/channels/#channel_id/messages/#message_id/reactions.ts index d93cf70f..d0ab35bb 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts +++ b/src/api/routes/channels/#channel_id/messages/#message_id/reactions.ts @@ -15,7 +15,7 @@ import { } from "@fosscord/util"; import { route } from "@fosscord/api"; import { Router, Response, Request } from "express"; -import { HTTPError } from "lambert-server"; +import { HTTPError } from "@fosscord/util"; import { In } from "typeorm"; const router = Router(); @@ -39,7 +39,7 @@ function getEmoji(emoji: string): PartialEmoji { router.delete("/", route({ permission: "MANAGE_MESSAGES" }), async (req: Request, res: Response) => { const { message_id, channel_id } = req.params; - const channel = await Channel.findOneOrFail({ id: channel_id }); + const channel = await Channel.findOneOrFail({ where: { id: channel_id } }); await Message.update({ id: message_id, channel_id }, { reactions: [] }); @@ -60,7 +60,7 @@ router.delete("/:emoji", route({ permission: "MANAGE_MESSAGES" }), async (req: R const { message_id, channel_id } = req.params; const emoji = getEmoji(req.params.emoji); - const message = await Message.findOneOrFail({ id: message_id, channel_id }); + const message = await Message.findOneOrFail({ where: { id: message_id, channel_id } }); const already_added = message.reactions.find((x) => (x.emoji.id === emoji.id && emoji.id) || x.emoji.name === emoji.name); if (!already_added) throw new HTTPError("Reaction not found", 404); @@ -87,7 +87,7 @@ router.get("/:emoji", route({ permission: "VIEW_CHANNEL" }), async (req: Request const { message_id, channel_id } = req.params; const emoji = getEmoji(req.params.emoji); - const message = await Message.findOneOrFail({ id: message_id, channel_id }); + const message = await Message.findOneOrFail({ where: { id: message_id, channel_id } }); const reaction = message.reactions.find((x) => (x.emoji.id === emoji.id && emoji.id) || x.emoji.name === emoji.name); if (!reaction) throw new HTTPError("Reaction not found", 404); @@ -106,14 +106,14 @@ router.put("/:emoji/:user_id", route({ permission: "READ_MESSAGE_HISTORY", right if (user_id !== "@me") throw new HTTPError("Invalid user"); const emoji = getEmoji(req.params.emoji); - const channel = await Channel.findOneOrFail({ id: channel_id }); - const message = await Message.findOneOrFail({ id: message_id, channel_id }); + const channel = await Channel.findOneOrFail({ where: { id: channel_id } }); + const message = await Message.findOneOrFail({ where: { id: message_id, channel_id } }); const already_added = message.reactions.find((x) => (x.emoji.id === emoji.id && emoji.id) || x.emoji.name === emoji.name); if (!already_added) req.permission!.hasThrow("ADD_REACTIONS"); if (emoji.id) { - const external_emoji = await Emoji.findOneOrFail({ id: emoji.id }); + const external_emoji = await Emoji.findOneOrFail({ where: { id: emoji.id } }); if (!already_added) req.permission!.hasThrow("USE_EXTERNAL_EMOJIS"); emoji.animated = external_emoji.animated; emoji.name = external_emoji.name; @@ -126,7 +126,7 @@ router.put("/:emoji/:user_id", route({ permission: "READ_MESSAGE_HISTORY", right await message.save(); - const member = channel.guild_id && (await Member.findOneOrFail({ id: req.user_id })); + const member = channel.guild_id && (await Member.findOneOrFail({ where: { id: req.user_id } })); await emitEvent({ event: "MESSAGE_REACTION_ADD", @@ -145,12 +145,12 @@ router.put("/:emoji/:user_id", route({ permission: "READ_MESSAGE_HISTORY", right }); router.delete("/:emoji/:user_id", route({}), async (req: Request, res: Response) => { - var { message_id, channel_id, user_id } = req.params; + let { message_id, channel_id, user_id } = req.params; const emoji = getEmoji(req.params.emoji); - const channel = await Channel.findOneOrFail({ id: channel_id }); - const message = await Message.findOneOrFail({ id: message_id, channel_id }); + const channel = await Channel.findOneOrFail({ where: { id: channel_id } }); + const message = await Message.findOneOrFail({ where: { id: message_id, channel_id } }); if (user_id === "@me") user_id = req.user_id; else { diff --git a/api/src/routes/channels/#channel_id/messages/bulk-delete.ts b/src/api/routes/channels/#channel_id/messages/bulk-delete.ts index 7a711cb0..af44b522 100644 --- a/api/src/routes/channels/#channel_id/messages/bulk-delete.ts +++ b/src/api/routes/channels/#channel_id/messages/bulk-delete.ts @@ -1,6 +1,6 @@ import { Router, Response, Request } from "express"; -import { Channel, Config, emitEvent, getPermission, MessageDeleteBulkEvent, Message } from "@fosscord/util"; -import { HTTPError } from "lambert-server"; +import { Channel, Config, emitEvent, getPermission, getRights, MessageDeleteBulkEvent, Message } from "@fosscord/util"; +import { HTTPError } from "@fosscord/util"; import { route } from "@fosscord/api"; import { In } from "typeorm"; @@ -8,28 +8,30 @@ const router: Router = Router(); export default router; -export interface BulkDeleteSchema { - messages: string[]; -} - -// TODO: should users be able to bulk delete messages or only bots? -// TODO: should this request fail, if you provide messages older than 14 days/invalid ids? +// should users be able to bulk delete messages or only bots? ANSWER: all users +// should this request fail, if you provide messages older than 14 days/invalid ids? ANSWER: NO // https://discord.com/developers/docs/resources/channel#bulk-delete-messages router.post("/", route({ body: "BulkDeleteSchema" }), async (req: Request, res: Response) => { const { channel_id } = req.params; - const channel = await Channel.findOneOrFail({ id: channel_id }); + const channel = await Channel.findOneOrFail({where:{ id: channel_id} }); if (!channel.guild_id) throw new HTTPError("Can't bulk delete dm channel messages", 400); + const rights = await getRights(req.user_id); + rights.hasThrow("SELF_DELETE_MESSAGES"); + + let superuser = rights.has("MANAGE_MESSAGES"); const permission = await getPermission(req.user_id, channel?.guild_id, channel_id); - permission.hasThrow("MANAGE_MESSAGES"); const { maxBulkDelete } = Config.get().limits.message; const { messages } = req.body as { messages: string[] }; - if (messages.length < 2) throw new HTTPError("You must at least specify 2 messages to bulk delete"); - if (messages.length > maxBulkDelete) throw new HTTPError(`You cannot delete more than ${maxBulkDelete} messages`); + if (messages.length === 0) throw new HTTPError("You must specify messages to bulk delete"); + if (!superuser) { + permission.hasThrow("MANAGE_MESSAGES"); + if (messages.length > maxBulkDelete) throw new HTTPError(`You cannot delete more than ${maxBulkDelete} messages`); + } - await Message.delete(messages.map((x) => ({ id: x }))); + await Message.delete({ id: In(messages) }); await emitEvent({ event: "MESSAGE_DELETE_BULK", diff --git a/api/src/routes/channels/#channel_id/messages/index.ts b/src/api/routes/channels/#channel_id/messages/index.ts index 34cc5ff8..9ab0d97d 100644 --- a/api/src/routes/channels/#channel_id/messages/index.ts +++ b/src/api/routes/channels/#channel_id/messages/index.ts @@ -5,16 +5,17 @@ import { ChannelType, Config, DmChannelDTO, - Embed, emitEvent, getPermission, getRights, Message, MessageCreateEvent, + Snowflake, uploadFile, - Member + Member, + MessageCreateSchema } from "@fosscord/util"; -import { HTTPError } from "lambert-server"; +import { HTTPError } from "@fosscord/util"; import { handleMessage, postHandleMessage, route } from "@fosscord/api"; import multer from "multer"; import { FindManyOptions, LessThan, MoreThan } from "typeorm"; @@ -30,6 +31,8 @@ export function isTextChannel(type: ChannelType): boolean { case ChannelType.GUILD_VOICE: case ChannelType.GUILD_STAGE_VOICE: case ChannelType.GUILD_CATEGORY: + case ChannelType.GUILD_FORUM: + case ChannelType.DIRECTORY: throw new HTTPError("not a text channel", 400); case ChannelType.DM: case ChannelType.GROUP_DM: @@ -46,37 +49,11 @@ export function isTextChannel(type: ChannelType): boolean { } } -export interface MessageCreateSchema { - content?: string; - nonce?: string; - tts?: boolean; - flags?: string; - embeds?: Embed[]; - embed?: Embed; - // TODO: ^ embed is deprecated in favor of embeds (https://discord.com/developers/docs/resources/channel#message-object) - allowed_mentions?: { - parse?: string[]; - roles?: string[]; - users?: string[]; - replied_user?: boolean; - }; - message_reference?: { - message_id: string; - channel_id: string; - guild_id?: string; - fail_if_not_exists?: boolean; - }; - payload_json?: string; - file?: any; - attachments?: any[]; //TODO we should create an interface for attachments - sticker_ids?: string[]; -} - // https://discord.com/developers/docs/resources/channel#create-message // get messages router.get("/", async (req: Request, res: Response) => { const channel_id = req.params.channel_id; - const channel = await Channel.findOneOrFail({ id: channel_id }); + const channel = await Channel.findOneOrFail({ where: { id: channel_id } }); if (!channel) throw new HTTPError("Channel not found", 404); isTextChannel(channel.type); @@ -84,23 +61,30 @@ router.get("/", async (req: Request, res: Response) => { const before = req.query.before ? `${req.query.before}` : undefined; const after = req.query.after ? `${req.query.after}` : undefined; const limit = Number(req.query.limit) || 50; - if (limit < 1 || limit > 100) throw new HTTPError("limit must be between 1 and 100"); + if (limit < 1 || limit > 100) throw new HTTPError("limit must be between 1 and 100", 422); - var halfLimit = Math.floor(limit / 2); + let halfLimit = Math.floor(limit / 2); const permissions = await getPermission(req.user_id, channel.guild_id, channel_id); permissions.hasThrow("VIEW_CHANNEL"); if (!permissions.has("READ_MESSAGE_HISTORY")) return res.json([]); - var query: FindManyOptions<Message> & { where: { id?: any; }; } = { + let query: FindManyOptions<Message> & { where: { id?: any; }; } = { order: { id: "DESC" }, take: limit, where: { channel_id }, relations: ["author", "webhook", "application", "mentions", "mention_roles", "mention_channels", "sticker_items", "attachments"] }; + - if (after) query.where.id = MoreThan(after); - else if (before) query.where.id = LessThan(before); + if (after) { + if (after > new Snowflake()) return res.status(422); + query.where.id = MoreThan(after); + } + else if (before) { + if (before < req.params.channel_id) return res.status(422); + query.where.id = LessThan(before); + } else if (around) { query.where.id = [ MoreThan((BigInt(around) - BigInt(halfLimit)).toString()), @@ -126,10 +110,13 @@ router.get("/", async (req: Request, res: Response) => { const uri = y.proxy_url.startsWith("http") ? y.proxy_url : `https://example.org${y.proxy_url}`; y.proxy_url = `${endpoint == null ? "" : endpoint}${new URL(uri).pathname}`; }); - - //Some clients ( discord.js ) only check if a property exists within the response, - //which causes erorrs when, say, the `application` property is `null`. - for (var curr in x) { + + /** + Some clients ( discord.js ) only check if a property exists within the response, + which causes erorrs when, say, the `application` property is `null`. + **/ + + for (let curr in x) { if (x[curr] === null) delete x[curr]; } @@ -144,23 +131,22 @@ const messageUpload = multer({ limits: { fileSize: 1024 * 1024 * 100, fields: 10, - files: 1 + // files: 1 }, storage: multer.memoryStorage() }); // max upload 50 mb - -// TODO: dynamically change limit of MessageCreateSchema with config -// TODO: check: sum of all characters in an embed structure must not exceed instance limits - -// https://discord.com/developers/docs/resources/channel#create-message -// TODO: text channel slowdown -// TODO: trim and replace message content and every embed field -// TODO: check allowed_mentions - +/** + TODO: dynamically change limit of MessageCreateSchema with config + + https://discord.com/developers/docs/resources/channel#create-message + TODO: text channel slowdown (per-user and across-users) + Q: trim and replace message content and every embed field A: NO, given this cannot be implemented in E2EE channels + TODO: only dispatch notifications for mentions denoted in allowed_mentions +**/ // Send message router.post( "/", - messageUpload.single("file"), + messageUpload.any(), async (req, res, next) => { if (req.body.payload_json) { req.body = JSON.parse(req.body.payload_json); @@ -171,21 +157,24 @@ router.post( route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES", right: "SEND_MESSAGES" }), async (req: Request, res: Response) => { const { channel_id } = req.params; - var body = req.body as MessageCreateSchema; + let body = req.body as MessageCreateSchema; const attachments: Attachment[] = []; - if (req.file) { + const channel = await Channel.findOneOrFail({ where: { id: channel_id }, relations: ["recipients", "recipients.user"] }); + if (!channel.isWritable()) { + throw new HTTPError(`Cannot send messages to channel of type ${channel.type}`, 400) + } + + const files = req.files as Express.Multer.File[] ?? []; + for (let currFile of files) { try { - const file = await uploadFile(`/attachments/${req.params.channel_id}`, req.file); + const file: any = await uploadFile(`/attachments/${channel.id}`, currFile); attachments.push({ ...file, proxy_url: file.url }); - } catch (error) { + } + catch (error) { return res.status(400).json(error); } } - const channel = await Channel.findOneOrFail({ where: { id: channel_id }, relations: ["recipients", "recipients.user"] }); - if (!channel.isWritable()) { - throw new HTTPError(`Cannot send messages to channel of type ${channel.type}`, 400) - } const embeds = body.embeds || []; if (body.embed) embeds.push(body.embed); @@ -223,11 +212,19 @@ router.post( }) ); } - - - //Fix for the client bug - delete message.member + //Defining member fields + var member = await Member.findOneOrFail({ where: { id: req.user_id }, relations: ["roles"] }); + // TODO: This doesn't work either + // member.roles = member.roles.filter((role) => { + // return role.id !== role.guild_id; + // }).map((role) => { + // return role.id; + // }); + message.member = member; + // TODO: Figure this out + // delete message.member.last_message_id; + // delete message.member.index; await Promise.all([ message.save(), @@ -241,3 +238,4 @@ router.post( return res.json(message); } ); + |