diff options
-rw-r--r-- | package-lock.json | 14 | ||||
-rw-r--r-- | package.json | 2 | ||||
-rw-r--r-- | src/routes/channels/#channel_id/messages/index.ts | 35 | ||||
-rw-r--r-- | src/routes/channels/#channel_id/pins.ts | 43 |
4 files changed, 43 insertions, 51 deletions
diff --git a/package-lock.json b/package-lock.json index 6b29af59..552a0972 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10,7 +10,7 @@ "hasInstallScript": true, "license": "ISC", "dependencies": { - "@fosscord/server-util": "^1.0.7", + "@fosscord/server-util": "^1.0.8", "@types/jest": "^26.0.22", "bcrypt": "^5.0.0", "body-parser": "^1.19.0", @@ -529,9 +529,9 @@ } }, "node_modules/@fosscord/server-util": { - "version": "1.0.7", - "resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.7.tgz", - "integrity": "sha512-3vBPCt+lwMS7wk+iRvv+V8qBSnEdNifpPxX97Lfjje/TSWI17Kg29y3BmcGJRC5TwIHTLFtgpNLmZmruhv7ziQ==", + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.8.tgz", + "integrity": "sha512-VfdjodBIdDZMyOJ8gZ4LmCQ7aENuPfcOUq2Vs8JOTwF2pYO/Z2yTsJcgZHLLqpMkhikBs8hW2XePEsxNNq3VwQ==", "dependencies": { "@types/jsonwebtoken": "^8.5.0", "@types/mongoose-autopopulate": "^0.10.1", @@ -12688,9 +12688,9 @@ } }, "@fosscord/server-util": { - "version": "1.0.7", - "resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.7.tgz", - "integrity": "sha512-3vBPCt+lwMS7wk+iRvv+V8qBSnEdNifpPxX97Lfjje/TSWI17Kg29y3BmcGJRC5TwIHTLFtgpNLmZmruhv7ziQ==", + "version": "1.0.8", + "resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.8.tgz", + "integrity": "sha512-VfdjodBIdDZMyOJ8gZ4LmCQ7aENuPfcOUq2Vs8JOTwF2pYO/Z2yTsJcgZHLLqpMkhikBs8hW2XePEsxNNq3VwQ==", "requires": { "@types/jsonwebtoken": "^8.5.0", "@types/mongoose-autopopulate": "^0.10.1", diff --git a/package.json b/package.json index d10adc8c..ad52ffd9 100644 --- a/package.json +++ b/package.json @@ -31,7 +31,7 @@ }, "homepage": "https://github.com/fosscord/fosscord-api#readme", "dependencies": { - "@fosscord/server-util": "^1.0.7", + "@fosscord/server-util": "^1.0.8", "@types/jest": "^26.0.22", "bcrypt": "^5.0.0", "body-parser": "^1.19.0", diff --git a/src/routes/channels/#channel_id/messages/index.ts b/src/routes/channels/#channel_id/messages/index.ts index a5151d9b..b186343e 100644 --- a/src/routes/channels/#channel_id/messages/index.ts +++ b/src/routes/channels/#channel_id/messages/index.ts @@ -57,18 +57,9 @@ router.get("/", async (req, res) => { if (!limit) limit = 50; var halfLimit = Math.floor(limit / 2); - if ([ChannelType.GUILD_VOICE, ChannelType.GUILD_CATEGORY, ChannelType.GUILD_STORE].includes(channel.type)) - throw new HTTPError("Not a text channel"); - - if (channel.guild_id) { - const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel }); - permissions.hasThrow("VIEW_CHANNEL"); - - if (!permissions.has("READ_MESSAGE_HISTORY")) return res.json([]); - } else if (channel.recipients) { - // group/dm channel - if (!channel.recipients.includes(req.user_id)) throw new HTTPError("You don't have permission to view this channel", 401); - } + const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel }); + permissions.hasThrow("VIEW_CHANNEL"); + if (!permissions.has("READ_MESSAGE_HISTORY")) return res.json([]); var query: Query<MessageDocument[], MessageDocument>; if (after) query = MessageModel.find({ channel_id, id: { $gt: after } }); @@ -105,15 +96,12 @@ router.post("/", check(MessageCreateSchema), async (req, res) => { if (!channel) throw new HTTPError("Channel not found", 404); // TODO: are tts messages allowed in dm channels? should permission be checked? - if (channel.guild_id) { - const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel }); - permissions.hasThrow("SEND_MESSAGES"); - if (body.tts) permissions.hasThrow("SEND_TTS_MESSAGES"); - if (body.message_reference) { - permissions.hasThrow("READ_MESSAGE_HISTORY"); - if (body.message_reference.guild_id !== channel.guild_id) - throw new HTTPError("You can only reference messages from this guild"); - } + const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel }); + permissions.hasThrow("SEND_MESSAGES"); + if (body.tts) permissions.hasThrow("SEND_TTS_MESSAGES"); + if (body.message_reference) { + permissions.hasThrow("READ_MESSAGE_HISTORY"); + if (body.message_reference.guild_id !== channel.guild_id) throw new HTTPError("You can only reference messages from this guild"); } if (body.message_reference) { @@ -124,7 +112,7 @@ router.post("/", check(MessageCreateSchema), async (req, res) => { const embeds = []; if (body.embed) embeds.push(body.embed); - // TODO: check and put all in body in it + // TODO: check and put it all in the body const message: Message = { id: Snowflake.generate(), channel_id, @@ -144,8 +132,7 @@ router.post("/", check(MessageCreateSchema), async (req, res) => { pinned: false, }; - const doc = await new MessageModel(message).populate({ path: "member", select: PublicMemberProjection }).save(); - const data = toObject(doc); + const data = toObject(await new MessageModel(message).populate({ path: "member", select: PublicMemberProjection }).save()); await emitEvent({ event: "MESSAGE_CREATE", channel_id, data, guild_id: channel.guild_id } as MessageCreateEvent); diff --git a/src/routes/channels/#channel_id/pins.ts b/src/routes/channels/#channel_id/pins.ts index fc7dfb09..7dde15d0 100644 --- a/src/routes/channels/#channel_id/pins.ts +++ b/src/routes/channels/#channel_id/pins.ts @@ -1,37 +1,42 @@ import { ChannelModel, getPermission, MessageModel, toObject } from "@fosscord/server-util"; import { Router, Request, Response } from "express"; -import Config from "../../../util/Config" +import Config from "../../../util/Config"; import { HTTPError } from "lambert-server"; const router: Router = Router(); +// TODO: auto throw error if findOne doesn't find anything + router.put("/:message_id", async (req: Request, res: Response) => { - const { channel_id, message_id } = req.params; - const channel = await ChannelModel.findOne({ id: channel_id }).exec() - if (!channel) throw new HTTPError("Channel not found", 404) - const permission = await getPermission(req.user_id, channel.guild_id, channel_id) - permission.hasThrow("VIEW_CHANNEL") - permission.hasThrow("MANAGE_MESSAGES") + const { channel_id, message_id } = req.params; + const channel = await ChannelModel.findOne({ id: channel_id }).exec(); + if (!channel) throw new HTTPError("Channel not found", 404); + const permission = await getPermission(req.user_id, channel.guild_id, channel_id); + permission.hasThrow("VIEW_CHANNEL"); + + // * in dm channels anyone can pin messages -> only check for guilds + if (channel.guild_id) permission.hasThrow("MANAGE_MESSAGES"); - const pinned_count = await MessageModel.count({ channel_id, pinned: true }).exec() - const { maxPins } = Config.get().limits.channel - if (pinned_count >= maxPins) throw new HTTPError("Max pin count reached: " + maxPins) + const pinned_count = await MessageModel.count({ channel_id, pinned: true }).exec(); + const { maxPins } = Config.get().limits.channel; + if (pinned_count >= maxPins) throw new HTTPError("Max pin count reached: " + maxPins); - await MessageModel.updateOne({ id: message_id }, { pinned: true }).exec() + await MessageModel.updateOne({ id: message_id }, { pinned: true }).exec(); - res.sendStatus(204) + res.sendStatus(204); }); router.get("/", async (req: Request, res: Response) => { - const { channel_id } = req.params; + const { channel_id } = req.params; - const channel = await ChannelModel.findOne({ id: channel_id }).exec() - if (!channel) throw new HTTPError("Channel not found", 404) - const permission = await getPermission(req.user_id, channel.guild_id, channel_id) - permission.hasThrow("VIEW_CHANNEL") + const channel = await ChannelModel.findOne({ id: channel_id }).exec(); + if (!channel) throw new HTTPError("Channel not found", 404); + const permission = await getPermission(req.user_id, channel.guild_id, channel_id); + permission.hasThrow("VIEW_CHANNEL"); - let pins = await MessageModel.find({ channel_id: channel_id, pinned: true }).exec() + let pins = await MessageModel.find({ channel_id: channel_id, pinned: true }).exec(); - res.send(toObject(pins)) + res.send(toObject(pins)); }); + export default router; |