diff --git a/api/src/middlewares/Authentication.ts b/api/src/middlewares/Authentication.ts
index a300c786..571097bf 100644
--- a/api/src/middlewares/Authentication.ts
+++ b/api/src/middlewares/Authentication.ts
@@ -1,6 +1,6 @@
import { NextFunction, Request, Response } from "express";
import { HTTPError } from "lambert-server";
-import { checkToken, Config } from "@fosscord/util";
+import { checkToken, Config, Rights } from "@fosscord/util";
export const NO_AUTHORIZATION_ROUTES = [
"/auth/login",
@@ -21,6 +21,7 @@ declare global {
user_id: string;
user_bot: boolean;
token: string;
+ rights: Rights;
}
}
}
@@ -46,6 +47,7 @@ export async function Authentication(req: Request, res: Response, next: NextFunc
req.token = decoded;
req.user_id = decoded.id;
req.user_bot = user.bot;
+ req.rights = new Rights(user.rights);
return next();
} catch (error: any) {
return next(new HTTPError(error?.toString(), 400));
diff --git a/api/src/util/route.ts b/api/src/util/route.ts
index 45882d8a..3e967e2a 100644
--- a/api/src/util/route.ts
+++ b/api/src/util/route.ts
@@ -1,4 +1,15 @@
-import { DiscordApiErrors, EVENT, Event, EventData, getPermission, PermissionResolvable, Permissions } from "@fosscord/util";
+import {
+ DiscordApiErrors,
+ EVENT,
+ Event,
+ EventData,
+ FosscordApiErrors,
+ getPermission,
+ PermissionResolvable,
+ Permissions,
+ RightResolvable,
+ Rights
+} from "@fosscord/util";
import { NextFunction, Request, Response } from "express";
import fs from "fs";
import path from "path";
@@ -33,6 +44,7 @@ export type RouteResponse = { status?: number; body?: `${string}Response`; heade
export interface RouteOptions {
permission?: PermissionResolvable;
+ right?: RightResolvable;
body?: `${string}Schema`; // typescript interface name
test?: {
response?: RouteResponse;
@@ -89,6 +101,13 @@ export function route(opts: RouteOptions) {
}
}
+ if (opts.right) {
+ const required = new Rights(opts.right);
+ if (!req.rights || !req.rights.has(required)) {
+ throw FosscordApiErrors.MISSING_RIGHTS.withParams(opts.right as string);
+ }
+ }
+
if (validate) {
const valid = validate(normalizeBody(req.body));
if (!valid) {
diff --git a/util/src/util/BitField.ts b/util/src/util/BitField.ts
index 986077ba..fb887e05 100644
--- a/util/src/util/BitField.ts
+++ b/util/src/util/BitField.ts
@@ -143,6 +143,5 @@ export class BitField {
}
export function BitFlag(x: bigint | number) {
- if (!x) throw new Error("You need to pass a bitflag");
return BigInt(1) << BigInt(x);
}
diff --git a/util/src/util/Constants.ts b/util/src/util/Constants.ts
index d2cc5130..5fdf5bc0 100644
--- a/util/src/util/Constants.ts
+++ b/util/src/util/Constants.ts
@@ -726,7 +726,9 @@ export const DiscordApiErrors = {
/**
* An error encountered while performing an API request (Fosscord only). Here are the potential errors:
*/
-export const FosscordApiErrors = {};
+export const FosscordApiErrors = {
+ MISSING_RIGHTS: new ApiError("You lack rights to perform that action ({})", 50013, undefined, [""]),
+};
/**
* The value set for a guild's default message notifications, e.g. `ALL`. Here are the available types:
diff --git a/util/src/util/Token.ts b/util/src/util/Token.ts
index 111d59a2..7c4cc61d 100644
--- a/util/src/util/Token.ts
+++ b/util/src/util/Token.ts
@@ -10,7 +10,10 @@ export function checkToken(token: string, jwtSecret: string): Promise<any> {
jwt.verify(token, jwtSecret, JWTOptions, async (err, decoded: any) => {
if (err || !decoded) return rej("Invalid Token");
- const user = await User.findOne({ id: decoded.id }, { select: ["data", "bot", "disabled", "deleted"] });
+ const user = await User.findOne(
+ { id: decoded.id },
+ { select: ["data", "bot", "disabled", "deleted", "rights"] }
+ );
if (!user) return rej("Invalid Token");
// we need to round it to seconds as it saved as seconds in jwt iat and valid_tokens_since is stored in milliseconds
if (decoded.iat * 1000 < new Date(user.data.valid_tokens_since).setSeconds(0, 0))
diff --git a/util/src/util/index.ts b/util/src/util/index.ts
index d73bf4ca..9c51d3b8 100644
--- a/util/src/util/index.ts
+++ b/util/src/util/index.ts
@@ -12,6 +12,7 @@ export * from "./MessageFlags";
export * from "./Permissions";
export * from "./RabbitMQ";
export * from "./Regex";
+export * from "./Rights";
export * from "./Snowflake";
export * from "./String";
export * from "./Array";
|
