diff options
author | Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> | 2021-04-23 00:15:38 +0200 |
---|---|---|
committer | Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> | 2021-04-23 00:15:38 +0200 |
commit | 3e6d1103bcb121390116ed9d2b200806da0f85d9 (patch) | |
tree | a9f47de28dc6dac984a6079451796de3975cabe3 /src/routes | |
parent | :bug: fix wrong permission in delete invite (diff) | |
download | server-3e6d1103bcb121390116ed9d2b200806da0f85d9.tar.xz |
:art: clean up permission checks to use .hasThrow()
Diffstat (limited to 'src/routes')
10 files changed, 30 insertions, 19 deletions
diff --git a/src/routes/channels/#channel_id/followers.ts b/src/routes/channels/#channel_id/followers.ts index 9a4e81fa..25165356 100644 --- a/src/routes/channels/#channel_id/followers.ts +++ b/src/routes/channels/#channel_id/followers.ts @@ -2,3 +2,12 @@ import { Router } from "express"; const router: Router = Router(); export default router; + +/** + * + * @param {"webhook_channel_id":"754001514330062952"} + * + * Creates a WebHook in the channel and returns the id of it + * + * @returns {"channel_id": "816382962056560690", "webhook_id": "834910735095037962"} + */ diff --git a/src/routes/channels/#channel_id/invites.ts b/src/routes/channels/#channel_id/invites.ts index 5ec5163a..10d6ae3f 100644 --- a/src/routes/channels/#channel_id/invites.ts +++ b/src/routes/channels/#channel_id/invites.ts @@ -22,10 +22,7 @@ router.post("/", check(InviteCreateSchema), async (req: Request, res: Response) const { guild_id } = channel; const permission = await getPermission(user_id, guild_id); - - if (!permission.has("CREATE_INSTANT_INVITE")) { - throw new HTTPError("You aren't authorised to access this endpoint", 401); - } + permission.hasThrow("CREATE_INSTANT_INVITE"); const invite = { code: random(), @@ -55,10 +52,7 @@ router.get("/", async (req: Request, res: Response) => { } const { guild_id } = channel; const permission = await getPermission(user_id, guild_id); - - if (!permission.has("MANAGE_CHANNELS")) { - throw new HTTPError("You aren't authorised to access this endpoint", 401); - } + permission.hasThrow("MANAGE_CHANNELS"); const invites = await InviteModel.find({ guild_id }).exec(); diff --git a/src/routes/channels/#channel_id/messages/:message_id/crosspost.ts b/src/routes/channels/#channel_id/messages/:message_id/crosspost.ts new file mode 100644 index 00000000..17f36396 --- /dev/null +++ b/src/routes/channels/#channel_id/messages/:message_id/crosspost.ts @@ -0,0 +1,8 @@ +import { Router } from "express"; + +const router = Router(); + +// TODO: +// router.post("/", (req, res) => {}); + +export default router; diff --git a/src/routes/channels/#channel_id/messages/:message_id/index.ts b/src/routes/channels/#channel_id/messages/:message_id/index.ts new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/src/routes/channels/#channel_id/messages/:message_id/index.ts diff --git a/src/routes/channels/#channel_id/messages/:message_id/reactions.ts b/src/routes/channels/#channel_id/messages/:message_id/reactions.ts new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/src/routes/channels/#channel_id/messages/:message_id/reactions.ts diff --git a/src/routes/channels/#channel_id/messages/bulk-delete.ts b/src/routes/channels/#channel_id/messages/bulk-delete.ts index 13aea8a1..ff1324d7 100644 --- a/src/routes/channels/#channel_id/messages/bulk-delete.ts +++ b/src/routes/channels/#channel_id/messages/bulk-delete.ts @@ -18,7 +18,7 @@ router.post("/", check({ messages: [String] }), async (req, res) => { if (!channel?.guild_id) throw new HTTPError("Can't bulk delete dm channel messages", 400); const permission = await getPermission(req.user_id, channel?.guild_id, channel_id, { channel }); - if (!permission.has("MANAGE_MESSAGES")) throw new HTTPError("You are missing the MANAGE_MESSAGES permissions"); + permission.hasThrow("MANAGE_MESSAGES"); const { maxBulkDelete } = Config.get().limits.message; diff --git a/src/routes/channels/#channel_id/messages/index.ts b/src/routes/channels/#channel_id/messages/index.ts index 91298326..689f6733 100644 --- a/src/routes/channels/#channel_id/messages/index.ts +++ b/src/routes/channels/#channel_id/messages/index.ts @@ -62,7 +62,8 @@ router.get("/", async (req, res) => { if (channel.guild_id) { const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel }); - if (!permissions.has("VIEW_CHANNEL")) throw new HTTPError("You don't have permission to view this channel", 401); + permissions.hasThrow("VIEW_CHANNEL"); + if (!permissions.has("READ_MESSAGE_HISTORY")) return res.json([]); } else if (channel.recipients) { // group/dm channel @@ -106,11 +107,10 @@ router.post("/", check(MessageCreateSchema), async (req, res) => { if (channel.guild_id) { const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel }); - if (!permissions.has("SEND_MESSAGES")) throw new HTTPError("You don't have the SEND_MESSAGES permission"); - if (body.tts && !permissions.has("SEND_TTS_MESSAGES")) throw new HTTPError("You are missing the SEND_TTS_MESSAGES permission"); + permissions.hasThrow("SEND_MESSAGES"); + if (body.tts) permissions.hasThrow("SEND_TTS_MESSAGES"); if (body.message_reference) { - if (!permissions.has("READ_MESSAGE_HISTORY")) - throw new HTTPError("You are missing the READ_MESSAGE_HISTORY permission to reply"); + permissions.hasThrow("READ_MESSAGE_HISTORY"); if (body.message_reference.guild_id !== channel.guild_id) throw new HTTPError("You can only reference messages from this guild"); } diff --git a/src/routes/channels/#channel_id/webhooks.ts b/src/routes/channels/#channel_id/webhooks.ts index 9a4e81fa..a7a5df95 100644 --- a/src/routes/channels/#channel_id/webhooks.ts +++ b/src/routes/channels/#channel_id/webhooks.ts @@ -1,4 +1,6 @@ import { Router } from "express"; const router: Router = Router(); +router.post("/", (req, res) => {}); + export default router; diff --git a/src/routes/guilds/#guild_id/bans.ts b/src/routes/guilds/#guild_id/bans.ts index f0e3804a..f84950f9 100644 --- a/src/routes/guilds/#guild_id/bans.ts +++ b/src/routes/guilds/#guild_id/bans.ts @@ -35,7 +35,7 @@ router.post("/:user_id", check(BanCreateSchema), async (req: Request, res: Respo const banned_user = await getPublicUser(banned_user_id); const perms = await getPermission(req.user_id, guild_id); - if (!perms.has("BAN_MEMBERS")) throw new HTTPError("You don't have the permission to ban members", 403); + perms.hasThrow("BAN_MEMBERS"); if (req.user_id === banned_user_id) throw new HTTPError("You can't ban yourself", 400); await removeMember(banned_user_id, guild_id); @@ -69,9 +69,7 @@ router.delete("/:user_id", async (req: Request, res: Response) => { if (!guild) throw new HTTPError("Guild not found", 404); const perms = await getPermission(req.user_id, guild_id); - if (!perms.has("BAN_MEMBERS")) { - throw new HTTPError("No permissions", 403); - } + perms.hasThrow("BAN_MEMBERS"); await BanModel.deleteOne({ user_id: banned_user_id, diff --git a/src/routes/guilds/#guild_id/index.ts b/src/routes/guilds/#guild_id/index.ts index 96861e48..2a7d9b38 100644 --- a/src/routes/guilds/#guild_id/index.ts +++ b/src/routes/guilds/#guild_id/index.ts @@ -41,7 +41,7 @@ router.patch("/", check(GuildUpdateSchema), async (req: Request, res: Response) // TODO: guild update check image const perms = await getPermission(req.user_id, guild_id); - if (!perms.has("MANAGE_GUILD")) throw new HTTPError("You do not have the MANAGE_GUILD permission", 401); + perms.hasThrow("MANAGE_GUILD"); const guild = await GuildModel.findOneAndUpdate({ id: guild_id }, body) .populate({ path: "joined_at", match: { id: req.user_id } }) |