diff options
author | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-09-25 18:24:21 +1000 |
---|---|---|
committer | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-09-25 23:35:18 +1000 |
commit | f44f5d7ac2d24ff836c2e1d4b2fa58da04b13052 (patch) | |
tree | a6655c41bb3db79c30fd876b06ee60fe9cf70c9b /src/api/routes/guilds/#guild_id/bans.ts | |
parent | Allow edited_timestamp to passthrough in handleMessage (diff) | |
download | server-f44f5d7ac2d24ff836c2e1d4b2fa58da04b13052.tar.xz |
Refactor to mono-repo + upgrade packages
Diffstat (limited to 'src/api/routes/guilds/#guild_id/bans.ts')
-rw-r--r-- | src/api/routes/guilds/#guild_id/bans.ts | 178 |
1 files changed, 178 insertions, 0 deletions
diff --git a/src/api/routes/guilds/#guild_id/bans.ts b/src/api/routes/guilds/#guild_id/bans.ts new file mode 100644 index 00000000..51d3ca67 --- /dev/null +++ b/src/api/routes/guilds/#guild_id/bans.ts @@ -0,0 +1,178 @@ +import { Request, Response, Router } from "express"; +import { DiscordApiErrors, emitEvent, GuildBanAddEvent, GuildBanRemoveEvent, Ban, User, Member } from "@fosscord/util"; +import { HTTPError } from "lambert-server"; +import { getIpAdress, route } from "@fosscord/api"; + +export interface BanCreateSchema { + delete_message_days?: string; + reason?: string; +}; + +export interface BanRegistrySchema { + id: string; + user_id: string; + guild_id: string; + executor_id: string; + ip?: string; + reason?: string | undefined; +}; + +export interface BanModeratorSchema { + id: string; + user_id: string; + guild_id: string; + executor_id: string; + reason?: string | undefined; +}; + +const router: Router = Router(); + +/* TODO: Deleting the secrets is just a temporary go-around. Views should be implemented for both safety and better handling. */ + +router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => { + const { guild_id } = req.params; + + let bans = await Ban.find({ where: { guild_id: guild_id } }); + let promisesToAwait: object[] = []; + const bansObj: object[] = []; + + bans.filter((ban) => ban.user_id !== ban.executor_id); // pretend self-bans don't exist to prevent victim chasing + + bans.forEach((ban) => { + promisesToAwait.push(User.getPublicUser(ban.user_id)); + }); + + const bannedUsers: object[] = await Promise.all(promisesToAwait); + + bans.forEach((ban, index) => { + const user = bannedUsers[index] as User; + bansObj.push({ + reason: ban.reason, + user: { + username: user.username, + discriminator: user.discriminator, + id: user.id, + avatar: user.avatar, + public_flags: user.public_flags + } + }); + }); + + return res.json(bansObj); +}); + +router.get("/:user", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => { + const { guild_id } = req.params; + const user_id = req.params.ban; + + let ban = await Ban.findOneOrFail({ where: { guild_id: guild_id, user_id: user_id } }) as BanRegistrySchema; + + if (ban.user_id === ban.executor_id) throw DiscordApiErrors.UNKNOWN_BAN; + // pretend self-bans don't exist to prevent victim chasing + + /* Filter secret from registry. */ + + ban = ban as BanModeratorSchema; + + delete ban.ip; + + return res.json(ban); +}); + +router.put("/:user_id", route({ body: "BanCreateSchema", permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => { + const { guild_id } = req.params; + const banned_user_id = req.params.user_id; + + if ((req.user_id === banned_user_id) && (banned_user_id === req.permission!.cache.guild?.owner_id)) + throw new HTTPError("You are the guild owner, hence can't ban yourself", 403); + + if (req.permission!.cache.guild?.owner_id === banned_user_id) throw new HTTPError("You can't ban the owner", 400); + + const banned_user = await User.getPublicUser(banned_user_id); + + const ban = Ban.create({ + user_id: banned_user_id, + guild_id: guild_id, + ip: getIpAdress(req), + executor_id: req.user_id, + reason: req.body.reason // || otherwise empty + }); + + await Promise.all([ + Member.removeFromGuild(banned_user_id, guild_id), + ban.save(), + emitEvent({ + event: "GUILD_BAN_ADD", + data: { + guild_id: guild_id, + user: banned_user + }, + guild_id: guild_id + } as GuildBanAddEvent) + ]); + + return res.json(ban); +}); + +router.put("/@me", route({ body: "BanCreateSchema" }), async (req: Request, res: Response) => { + const { guild_id } = req.params; + + const banned_user = await User.getPublicUser(req.params.user_id); + + if (req.permission!.cache.guild?.owner_id === req.params.user_id) + throw new HTTPError("You are the guild owner, hence can't ban yourself", 403); + + const ban = Ban.create({ + user_id: req.params.user_id, + guild_id: guild_id, + ip: getIpAdress(req), + executor_id: req.params.user_id, + reason: req.body.reason // || otherwise empty + }); + + await Promise.all([ + Member.removeFromGuild(req.user_id, guild_id), + ban.save(), + emitEvent({ + event: "GUILD_BAN_ADD", + data: { + guild_id: guild_id, + user: banned_user + }, + guild_id: guild_id + } as GuildBanAddEvent) + ]); + + return res.json(ban); +}); + +router.delete("/:user_id", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => { + const { guild_id, user_id } = req.params; + + let ban = await Ban.findOneOrFail({ where: { guild_id: guild_id, user_id: user_id } }); + + if (ban.user_id === ban.executor_id) throw DiscordApiErrors.UNKNOWN_BAN; + // make self-bans irreversible and hide them from view to avoid victim chasing + + const banned_user = await User.getPublicUser(user_id); + + await Promise.all([ + Ban.delete({ + user_id: user_id, + guild_id + }), + + emitEvent({ + event: "GUILD_BAN_REMOVE", + data: { + guild_id, + user: banned_user + }, + guild_id + } as GuildBanRemoveEvent) + ]); + + return res.status(204).send(); +}); + +export default router; |