Merge remote-tracking branch 'upstream/staging' into fix/categoryNames

author: Madeline <46743919+MaddyUnderStars@users.noreply.github.com> 2022-08-22 22:12:00 +1000
committer: Madeline <46743919+MaddyUnderStars@users.noreply.github.com> 2022-08-22 22:12:00 +1000
commit: afefa5d64bd6cde7d6efa3a9a5a3ec67a6ca29a8 (patch)
tree: 07779150eba77c27bf75bc0c7890f4a3f976716e /src/api/routes/channels/#channel_id/messages
parent: removed char joiners as they are actually useful, added page break (diff)
parent: Merge remote-tracking branch 'Puyodead1/patch/prettier-config' into staging (diff)
download: server-afefa5d64bd6cde7d6efa3a9a5a3ec67a6ca29a8.tar.xz
6 files changed, 120 insertions, 109 deletions
diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts b/src/api/routes/channels/#channel_id/messages/#message_id/ack.ts
index 885c5eca..041f4d5e 100644
--- a/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts
+++ b/src/api/routes/channels/#channel_id/messages/#message_id/ack.ts
@@ -1,26 +1,18 @@
 import { emitEvent, getPermission, MessageAckEvent, ReadState, Snowflake } from "@fosscord/util";
 import { Request, Response, Router } from "express";
 import { route } from "@fosscord/api";
+import { OrmUtils } from "@fosscord/util";
 
 const router = Router();
 
-// TODO: public read receipts & privacy scoping
-// TODO: send read state event to all channel members
-// TODO: advance-only notification cursor
-
-export interface MessageAcknowledgeSchema {
-	manual?: boolean;
-	mention_count?: number;
-}
-
 router.post("/", route({ body: "MessageAcknowledgeSchema" }), async (req: Request, res: Response) => {
 	const { channel_id, message_id } = req.params;
 
 	const permission = await getPermission(req.user_id, undefined, channel_id);
 	permission.hasThrow("VIEW_CHANNEL");
 
-	let read_state = await ReadState.findOne({ user_id: req.user_id, channel_id });
-	if (!read_state) read_state = new ReadState({ user_id: req.user_id, channel_id });
+	let read_state = await ReadState.findOne({ where: { user_id: req.user_id, channel_id } });
+	if (!read_state) read_state = OrmUtils.mergeDeep(new ReadState(), { user_id: req.user_id, channel_id }) as ReadState;
 	read_state.last_message_id = message_id;
 
 	await read_state.save();
diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/crosspost.ts b/src/api/routes/channels/#channel_id/messages/#message_id/crosspost.ts
index b2cb6763..b2cb6763 100644
--- a/api/src/routes/channels/#channel_id/messages/#message_id/crosspost.ts
+++ b/src/api/routes/channels/#channel_id/messages/#message_id/crosspost.ts
diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts b/src/api/routes/channels/#channel_id/messages/#message_id/index.ts
index 6d2bf185..d7e27062 100644
--- a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts
+++ b/src/api/routes/channels/#channel_id/messages/#message_id/index.ts
@@ -2,20 +2,24 @@ import {
 	Attachment,
 	Channel,
 	Embed,
+	DiscordApiErrors,
 	emitEvent,
+	FosscordApiErrors,
 	getPermission,
 	getRights,
  	Message,
 	MessageCreateEvent,
 	MessageDeleteEvent,
 	MessageUpdateEvent,
-	uploadFile 
+	Snowflake,
+	uploadFile, 
+	MessageCreateSchema
 } from "@fosscord/util";
 import { Router, Response, Request } from "express";
 import multer from "multer";
 import { route } from "@fosscord/api";
 import { handleMessage, postHandleMessage } from "@fosscord/api";
-import { MessageCreateSchema } from "../index";
+import { HTTPError } from "@fosscord/util";
 
 const router = Router();
 // TODO: message content/embed string length limit
@@ -31,7 +35,7 @@ const messageUpload = multer({
 
 router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES", right: "SEND_MESSAGES" }), async (req: Request, res: Response) => {
 	const { message_id, channel_id } = req.params;
-	var body = req.body as MessageCreateSchema;
+	let body = req.body as MessageCreateSchema;
 
 	const message = await Message.findOneOrFail({ where: { id: message_id, channel_id }, relations: ["attachments"] });
 
@@ -88,20 +92,37 @@ router.put(
 	route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES", right: "SEND_BACKDATED_EVENTS" }),
 	async (req: Request, res: Response) => {
 		const { channel_id, message_id } = req.params;
-		var body = req.body as MessageCreateSchema;
+		let body = req.body as MessageCreateSchema;
 		const attachments: Attachment[] = [];
+		
+		const rights = await getRights(req.user_id);
+		rights.hasThrow("SEND_MESSAGES");
+
+		// regex to check if message contains anything other than numerals ( also no decimals )
+		if (!message_id.match(/^\+?\d+$/)) {
+			throw new HTTPError("Message IDs must be positive integers", 400);
+		}
+
+		const snowflake = Snowflake.deconstruct(message_id)
+		if (Date.now() < snowflake.timestamp) {
+			// message is in the future
+			throw FosscordApiErrors.CANNOT_BACKFILL_TO_THE_FUTURE;
+		}
+
+		const exists = await Message.findOne({ where: { id: message_id, channel_id: channel_id }});
+		if (exists) {
+			throw FosscordApiErrors.CANNOT_REPLACE_BY_BACKFILL;
+		}
 
 		if (req.file) {
 			try {
-				const file = await uploadFile(`/attachments/${req.params.channel_id}`, req.file);
+				const file: any = await uploadFile(`/attachments/${req.params.channel_id}`, req.file);
 				attachments.push({ ...file, proxy_url: file.url });
 			} catch (error) {
 				return res.status(400).json(error);
 			}
 		}
 		const channel = await Channel.findOneOrFail({ where: { id: channel_id }, relations: ["recipients", "recipients.user"] });
-		
-		// TODO: check the ID is not from the future, to prevent future-faking of channel histories
 
 		const embeds = body.embeds || [];
 		if (body.embed) embeds.push(body.embed);
@@ -115,11 +136,9 @@ router.put(
 			channel_id,
 			attachments,
 			edited_timestamp: undefined,
-			timestamp: undefined, // FIXME: calculate timestamp from snowflake
+			timestamp: new Date(snowflake.timestamp),
 		});
 
-		channel.last_message_id = message.id;
-
 		//Fix for the client bug
 		delete message.member
 		
@@ -150,8 +169,8 @@ router.get("/", route({ permission: "VIEW_CHANNEL" }), async (req: Request, res:
 router.delete("/", route({}), async (req: Request, res: Response) => {
 	const { message_id, channel_id } = req.params;
 
-	const channel = await Channel.findOneOrFail({ id: channel_id });
-	const message = await Message.findOneOrFail({ id: message_id });
+	const channel = await Channel.findOneOrFail({ where: { id: channel_id } });
+	const message = await Message.findOneOrFail({ where: { id: message_id } });
 	
 	const rights = await getRights(req.user_id);
 
diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts b/src/api/routes/channels/#channel_id/messages/#message_id/reactions.ts
index d93cf70f..d0ab35bb 100644
--- a/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts
+++ b/src/api/routes/channels/#channel_id/messages/#message_id/reactions.ts
@@ -15,7 +15,7 @@ import {
 } from "@fosscord/util";
 import { route } from "@fosscord/api";
 import { Router, Response, Request } from "express";
-import { HTTPError } from "lambert-server";
+import { HTTPError } from "@fosscord/util";
 import { In } from "typeorm";
 
 const router = Router();
@@ -39,7 +39,7 @@ function getEmoji(emoji: string): PartialEmoji {
 router.delete("/", route({ permission: "MANAGE_MESSAGES" }), async (req: Request, res: Response) => {
 	const { message_id, channel_id } = req.params;
 
-	const channel = await Channel.findOneOrFail({ id: channel_id });
+	const channel = await Channel.findOneOrFail({ where: { id: channel_id } });
 
 	await Message.update({ id: message_id, channel_id }, { reactions: [] });
 
@@ -60,7 +60,7 @@ router.delete("/:emoji", route({ permission: "MANAGE_MESSAGES" }), async (req: R
 	const { message_id, channel_id } = req.params;
 	const emoji = getEmoji(req.params.emoji);
 
-	const message = await Message.findOneOrFail({ id: message_id, channel_id });
+	const message = await Message.findOneOrFail({ where: { id: message_id, channel_id } });
 
 	const already_added = message.reactions.find((x) => (x.emoji.id === emoji.id && emoji.id) || x.emoji.name === emoji.name);
 	if (!already_added) throw new HTTPError("Reaction not found", 404);
@@ -87,7 +87,7 @@ router.get("/:emoji", route({ permission: "VIEW_CHANNEL" }), async (req: Request
 	const { message_id, channel_id } = req.params;
 	const emoji = getEmoji(req.params.emoji);
 
-	const message = await Message.findOneOrFail({ id: message_id, channel_id });
+	const message = await Message.findOneOrFail({ where: { id: message_id, channel_id } });
 	const reaction = message.reactions.find((x) => (x.emoji.id === emoji.id && emoji.id) || x.emoji.name === emoji.name);
 	if (!reaction) throw new HTTPError("Reaction not found", 404);
 
@@ -106,14 +106,14 @@ router.put("/:emoji/:user_id", route({ permission: "READ_MESSAGE_HISTORY", right
 	if (user_id !== "@me") throw new HTTPError("Invalid user");
 	const emoji = getEmoji(req.params.emoji);
 
-	const channel = await Channel.findOneOrFail({ id: channel_id });
-	const message = await Message.findOneOrFail({ id: message_id, channel_id });
+	const channel = await Channel.findOneOrFail({ where: { id: channel_id } });
+	const message = await Message.findOneOrFail({ where: { id: message_id, channel_id } });
 	const already_added = message.reactions.find((x) => (x.emoji.id === emoji.id && emoji.id) || x.emoji.name === emoji.name);
 
 	if (!already_added) req.permission!.hasThrow("ADD_REACTIONS");
 
 	if (emoji.id) {
-		const external_emoji = await Emoji.findOneOrFail({ id: emoji.id });
+		const external_emoji = await Emoji.findOneOrFail({ where: { id: emoji.id } });
 		if (!already_added) req.permission!.hasThrow("USE_EXTERNAL_EMOJIS");
 		emoji.animated = external_emoji.animated;
 		emoji.name = external_emoji.name;
@@ -126,7 +126,7 @@ router.put("/:emoji/:user_id", route({ permission: "READ_MESSAGE_HISTORY", right
 
 	await message.save();
 
-	const member = channel.guild_id && (await Member.findOneOrFail({ id: req.user_id }));
+	const member = channel.guild_id && (await Member.findOneOrFail({ where: { id: req.user_id } }));
 
 	await emitEvent({
 		event: "MESSAGE_REACTION_ADD",
@@ -145,12 +145,12 @@ router.put("/:emoji/:user_id", route({ permission: "READ_MESSAGE_HISTORY", right
 });
 
 router.delete("/:emoji/:user_id", route({}), async (req: Request, res: Response) => {
-	var { message_id, channel_id, user_id } = req.params;
+	let { message_id, channel_id, user_id } = req.params;
 
 	const emoji = getEmoji(req.params.emoji);
 
-	const channel = await Channel.findOneOrFail({ id: channel_id });
-	const message = await Message.findOneOrFail({ id: message_id, channel_id });
+	const channel = await Channel.findOneOrFail({ where: { id: channel_id } });
+	const message = await Message.findOneOrFail({ where: { id: message_id, channel_id } });
 
 	if (user_id === "@me") user_id = req.user_id;
 	else {
diff --git a/api/src/routes/channels/#channel_id/messages/bulk-delete.ts b/src/api/routes/channels/#channel_id/messages/bulk-delete.ts
index 7a711cb0..af44b522 100644
--- a/api/src/routes/channels/#channel_id/messages/bulk-delete.ts
+++ b/src/api/routes/channels/#channel_id/messages/bulk-delete.ts
@@ -1,6 +1,6 @@
 import { Router, Response, Request } from "express";
-import { Channel, Config, emitEvent, getPermission, MessageDeleteBulkEvent, Message } from "@fosscord/util";
-import { HTTPError } from "lambert-server";
+import { Channel, Config, emitEvent, getPermission, getRights, MessageDeleteBulkEvent, Message } from "@fosscord/util";
+import { HTTPError } from "@fosscord/util";
 import { route } from "@fosscord/api";
 import { In } from "typeorm";
 
@@ -8,28 +8,30 @@ const router: Router = Router();
 
 export default router;
 
-export interface BulkDeleteSchema {
-	messages: string[];
-}
-
-// TODO: should users be able to bulk delete messages or only bots?
-// TODO: should this request fail, if you provide messages older than 14 days/invalid ids?
+// should users be able to bulk delete messages or only bots? ANSWER: all users
+// should this request fail, if you provide messages older than 14 days/invalid ids? ANSWER: NO
 // https://discord.com/developers/docs/resources/channel#bulk-delete-messages
 router.post("/", route({ body: "BulkDeleteSchema" }), async (req: Request, res: Response) => {
 	const { channel_id } = req.params;
-	const channel = await Channel.findOneOrFail({ id: channel_id });
+	const channel = await Channel.findOneOrFail({where:{ id: channel_id} });
 	if (!channel.guild_id) throw new HTTPError("Can't bulk delete dm channel messages", 400);
 
+	const rights = await getRights(req.user_id);
+	rights.hasThrow("SELF_DELETE_MESSAGES");
+
+	let superuser = rights.has("MANAGE_MESSAGES");
 	const permission = await getPermission(req.user_id, channel?.guild_id, channel_id);
-	permission.hasThrow("MANAGE_MESSAGES");
 
 	const { maxBulkDelete } = Config.get().limits.message;
 
 	const { messages } = req.body as { messages: string[] };
-	if (messages.length < 2) throw new HTTPError("You must at least specify 2 messages to bulk delete");
-	if (messages.length > maxBulkDelete) throw new HTTPError(`You cannot delete more than ${maxBulkDelete} messages`);
+	if (messages.length === 0) throw new HTTPError("You must specify messages to bulk delete");
+	if (!superuser) {
+		permission.hasThrow("MANAGE_MESSAGES");
+		if (messages.length > maxBulkDelete) throw new HTTPError(`You cannot delete more than ${maxBulkDelete} messages`);
+	}
 
-	await Message.delete(messages.map((x) => ({ id: x })));
+	await Message.delete({ id: In(messages) });
 
 	await emitEvent({
 		event: "MESSAGE_DELETE_BULK",
diff --git a/api/src/routes/channels/#channel_id/messages/index.ts b/src/api/routes/channels/#channel_id/messages/index.ts
index 34cc5ff8..9ab0d97d 100644
--- a/api/src/routes/channels/#channel_id/messages/index.ts
+++ b/src/api/routes/channels/#channel_id/messages/index.ts
@@ -5,16 +5,17 @@ import {
 	ChannelType,
 	Config,
 	DmChannelDTO,
-	Embed,
 	emitEvent,
 	getPermission,
 	getRights,
 	Message,
 	MessageCreateEvent,
+	Snowflake,
 	uploadFile,
-	Member
+	Member,
+	MessageCreateSchema
 } from "@fosscord/util";
-import { HTTPError } from "lambert-server";
+import { HTTPError } from "@fosscord/util";
 import { handleMessage, postHandleMessage, route } from "@fosscord/api";
 import multer from "multer";
 import { FindManyOptions, LessThan, MoreThan } from "typeorm";
@@ -30,6 +31,8 @@ export function isTextChannel(type: ChannelType): boolean {
 		case ChannelType.GUILD_VOICE:
 		case ChannelType.GUILD_STAGE_VOICE:
 		case ChannelType.GUILD_CATEGORY:
+		case ChannelType.GUILD_FORUM:
+		case ChannelType.DIRECTORY:
 			throw new HTTPError("not a text channel", 400);
 		case ChannelType.DM:
 		case ChannelType.GROUP_DM:
@@ -46,37 +49,11 @@ export function isTextChannel(type: ChannelType): boolean {
 	}
 }
 
-export interface MessageCreateSchema {
-	content?: string;
-	nonce?: string;
-	tts?: boolean;
-	flags?: string;
-	embeds?: Embed[];
-	embed?: Embed;
-	// TODO: ^ embed is deprecated in favor of embeds (https://discord.com/developers/docs/resources/channel#message-object)
-	allowed_mentions?: {
-		parse?: string[];
-		roles?: string[];
-		users?: string[];
-		replied_user?: boolean;
-	};
-	message_reference?: {
-		message_id: string;
-		channel_id: string;
-		guild_id?: string;
-		fail_if_not_exists?: boolean;
-	};
-	payload_json?: string;
-	file?: any;
-	attachments?: any[]; //TODO we should create an interface for attachments
-	sticker_ids?: string[];
-}
-
 // https://discord.com/developers/docs/resources/channel#create-message
 // get messages
 router.get("/", async (req: Request, res: Response) => {
 	const channel_id = req.params.channel_id;
-	const channel = await Channel.findOneOrFail({ id: channel_id });
+	const channel = await Channel.findOneOrFail({ where: { id: channel_id } });
 	if (!channel) throw new HTTPError("Channel not found", 404);
 
 	isTextChannel(channel.type);
@@ -84,23 +61,30 @@ router.get("/", async (req: Request, res: Response) => {
 	const before = req.query.before ? `${req.query.before}` : undefined;
 	const after = req.query.after ? `${req.query.after}` : undefined;
 	const limit = Number(req.query.limit) || 50;
-	if (limit < 1 || limit > 100) throw new HTTPError("limit must be between 1 and 100");
+	if (limit < 1 || limit > 100) throw new HTTPError("limit must be between 1 and 100", 422);
 
-	var halfLimit = Math.floor(limit / 2);
+	let halfLimit = Math.floor(limit / 2);
 
 	const permissions = await getPermission(req.user_id, channel.guild_id, channel_id);
 	permissions.hasThrow("VIEW_CHANNEL");
 	if (!permissions.has("READ_MESSAGE_HISTORY")) return res.json([]);
 
-	var query: FindManyOptions<Message> & { where: { id?: any; }; } = {
+	let query: FindManyOptions<Message> & { where: { id?: any; }; } = {
 		order: { id: "DESC" },
 		take: limit,
 		where: { channel_id },
 		relations: ["author", "webhook", "application", "mentions", "mention_roles", "mention_channels", "sticker_items", "attachments"]
 	};
+	
 
-	if (after) query.where.id = MoreThan(after);
-	else if (before) query.where.id = LessThan(before);
+	if (after) {
+		if (after > new Snowflake()) return res.status(422);
+		query.where.id = MoreThan(after);
+	}
+	else if (before) { 
+		if (before < req.params.channel_id) return res.status(422);
+		query.where.id = LessThan(before);
+	}
 	else if (around) {
 		query.where.id = [
 			MoreThan((BigInt(around) - BigInt(halfLimit)).toString()),
@@ -126,10 +110,13 @@ router.get("/", async (req: Request, res: Response) => {
 				const uri = y.proxy_url.startsWith("http") ? y.proxy_url : `https://example.org${y.proxy_url}`;
 				y.proxy_url = `${endpoint == null ? "" : endpoint}${new URL(uri).pathname}`;
 			});
-
-			//Some clients ( discord.js ) only check if a property exists within the response,
-			//which causes erorrs when, say, the `application` property is `null`.
-			for (var curr in x) {
+			
+			/**
+			Some clients ( discord.js ) only check if a property exists within the response,
+			which causes erorrs when, say, the `application` property is `null`.
+			**/
+			
+			for (let curr in x) {
 				if (x[curr] === null)
 					delete x[curr];
 			}
@@ -144,23 +131,22 @@ const messageUpload = multer({
 	limits: {
 		fileSize: 1024 * 1024 * 100,
 		fields: 10,
-		files: 1
+		// files: 1
 	},
 	storage: multer.memoryStorage()
 }); // max upload 50 mb
-
-// TODO: dynamically change limit of MessageCreateSchema with config
-// TODO: check: sum of all characters in an embed structure must not exceed instance limits
-
-// https://discord.com/developers/docs/resources/channel#create-message
-// TODO: text channel slowdown
-// TODO: trim and replace message content and every embed field
-// TODO: check allowed_mentions
-
+/**
+ TODO: dynamically change limit of MessageCreateSchema with config
+
+ https://discord.com/developers/docs/resources/channel#create-message
+ TODO: text channel slowdown (per-user and across-users)
+ Q: trim and replace message content and every embed field A: NO, given this cannot be implemented in E2EE channels
+ TODO: only dispatch notifications for mentions denoted in allowed_mentions
+**/
 // Send message
 router.post(
 	"/",
-	messageUpload.single("file"),
+	messageUpload.any(),
 	async (req, res, next) => {
 		if (req.body.payload_json) {
 			req.body = JSON.parse(req.body.payload_json);
@@ -171,21 +157,24 @@ router.post(
 	route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES", right: "SEND_MESSAGES" }),
 	async (req: Request, res: Response) => {
 		const { channel_id } = req.params;
-		var body = req.body as MessageCreateSchema;
+		let body = req.body as MessageCreateSchema;
 		const attachments: Attachment[] = [];
 
-		if (req.file) {
+		const channel = await Channel.findOneOrFail({ where: { id: channel_id }, relations: ["recipients", "recipients.user"] });
+		if (!channel.isWritable()) {
+			throw new HTTPError(`Cannot send messages to channel of type ${channel.type}`, 400)
+		}
+
+		const files = req.files as Express.Multer.File[] ?? [];
+		for (let currFile of files) {
 			try {
-				const file = await uploadFile(`/attachments/${req.params.channel_id}`, req.file);
+				const file: any = await uploadFile(`/attachments/${channel.id}`, currFile);
 				attachments.push({ ...file, proxy_url: file.url });
-			} catch (error) {
+			}
+			catch (error) {
 				return res.status(400).json(error);
 			}
 		}
-		const channel = await Channel.findOneOrFail({ where: { id: channel_id }, relations: ["recipients", "recipients.user"] });
-		if (!channel.isWritable()) {
-			throw new HTTPError(`Cannot send messages to channel of type ${channel.type}`, 400)
-		}
 
 		const embeds = body.embeds || [];
 		if (body.embed) embeds.push(body.embed);
@@ -223,11 +212,19 @@ router.post(
 				})
 			);
 		}
-
-
 	
-		//Fix for the client bug
-		delete message.member
+	    //Defining member fields
+		var member = await Member.findOneOrFail({ where: { id: req.user_id }, relations: ["roles"] });
+		// TODO: This doesn't work either
+        // member.roles = member.roles.filter((role) => {
+		// 	return role.id !== role.guild_id;
+		// }).map((role) => {
+		// 	return role.id;
+		// });
+		message.member = member;
+		// TODO: Figure this out
+		// delete message.member.last_message_id;
+		// delete message.member.index;
 		
 		await Promise.all([
 			message.save(),
@@ -241,3 +238,4 @@ router.post(
 		return res.json(message);
 	}
 );
+
author	Madeline <46743919+MaddyUnderStars@users.noreply.github.com>	2022-08-22 22:12:00 +1000
committer	Madeline <46743919+MaddyUnderStars@users.noreply.github.com>	2022-08-22 22:12:00 +1000
commit	afefa5d64bd6cde7d6efa3a9a5a3ec67a6ca29a8 (patch)
tree	07779150eba77c27bf75bc0c7890f4a3f976716e /src/api/routes/channels/#channel_id/messages
parent	removed char joiners as they are actually useful, added page break (diff)
parent	Merge remote-tracking branch 'Puyodead1/patch/prettier-config' into staging (diff)
download	server-afefa5d64bd6cde7d6efa3a9a5a3ec67a6ca29a8.tar.xz