summary refs log tree commit diff
path: root/api/src/routes
diff options
context:
space:
mode:
Diffstat (limited to 'api/src/routes')
-rw-r--r--api/src/routes/channels/#channel_id/invites.ts3
-rw-r--r--api/src/routes/channels/#channel_id/messages/#message_id/index.ts32
-rw-r--r--api/src/routes/downloads.ts6
-rw-r--r--api/src/routes/guilds/#guild_id/bans.ts31
-rw-r--r--api/src/routes/guilds/#guild_id/index.ts12
-rw-r--r--api/src/routes/guilds/#guild_id/members/#member_id/index.ts6
-rw-r--r--api/src/routes/guilds/#guild_id/vanity-url.ts33
-rw-r--r--api/src/routes/guilds/index.ts7
-rw-r--r--api/src/routes/invites/index.ts2
-rw-r--r--api/src/routes/scheduled-maintenances/upcoming_json.ts12
-rw-r--r--api/src/routes/store/published-listings/applications.ts2
-rw-r--r--api/src/routes/store/published-listings/skus.ts2
-rw-r--r--api/src/routes/updates.ts12
-rw-r--r--api/src/routes/users/@me/index.ts16
-rw-r--r--api/src/routes/users/@me/notes.ts35
15 files changed, 155 insertions, 56 deletions
diff --git a/api/src/routes/channels/#channel_id/invites.ts b/api/src/routes/channels/#channel_id/invites.ts
index 6d2c625d..9c361164 100644
--- a/api/src/routes/channels/#channel_id/invites.ts
+++ b/api/src/routes/channels/#channel_id/invites.ts
@@ -19,7 +19,8 @@ export interface InviteCreateSchema {
 	target_user_type?: number;
 }
 
-router.post("/", route({ body: "InviteCreateSchema", permission: "CREATE_INSTANT_INVITE" }), async (req: Request, res: Response) => {
+router.post("/", route({ body: "InviteCreateSchema", permission: "CREATE_INSTANT_INVITE", right: "CREATE_INVITES" }),
+			async (req: Request, res: Response) => {
 	const { user_id } = req;
 	const { channel_id } = req.params;
 	const channel = await Channel.findOneOrFail({ where: { id: channel_id }, select: ["id", "name", "type", "guild_id"] });
diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts
index 7f7de264..58dfb1cc 100644
--- a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts
+++ b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts
@@ -1,4 +1,4 @@
-import { Channel, emitEvent, getPermission, MessageDeleteEvent, Message, MessageUpdateEvent } from "@fosscord/util";
+import { Channel, emitEvent, getPermission, getRights, MessageDeleteEvent, Message, MessageUpdateEvent } from "@fosscord/util";
 import { Router, Response, Request } from "express";
 import { route } from "@fosscord/api";
 import { handleMessage, postHandleMessage } from "@fosscord/api";
@@ -7,18 +7,23 @@ import { MessageCreateSchema } from "../index";
 const router = Router();
 // TODO: message content/embed string length limit
 
-router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES" }), async (req: Request, res: Response) => {
+router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES", right: "SEND_MESSAGES" }), async (req: Request, res: Response) => {
 	const { message_id, channel_id } = req.params;
 	var body = req.body as MessageCreateSchema;
 
 	const message = await Message.findOneOrFail({ where: { id: message_id, channel_id }, relations: ["attachments"] });
 
 	const permissions = await getPermission(req.user_id, undefined, channel_id);
-
-	if (req.user_id !== message.author_id) {
-		permissions.hasThrow("MANAGE_MESSAGES");
-		body = { flags: body.flags }; // admins can only suppress embeds of other messages
-	}
+	
+	const rights = await getRights(req.user_id);
+
+	if ((req.user_id !== message.author_id)) {
+		if (!rights.has("MANAGE_MESSAGES")) {
+			permissions.hasThrow("MANAGE_MESSAGES");
+			body = { flags: body.flags };
+// guild admins can only suppress embeds of other messages, no such restriction imposed to instance-wide admins
+		}
+	} else rights.hasThrow("SELF_EDIT_MESSAGES");
 
 	const new_message = await handleMessage({
 		...message,
@@ -46,17 +51,20 @@ router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGE
 	return res.json(message);
 });
 
-// permission check only if deletes messagr from other user
 router.delete("/", route({}), async (req: Request, res: Response) => {
 	const { message_id, channel_id } = req.params;
 
 	const channel = await Channel.findOneOrFail({ id: channel_id });
 	const message = await Message.findOneOrFail({ id: message_id });
+	
+	const rights = await getRights(req.user_id);
 
-	if (message.author_id !== req.user_id) {
-		const permission = await getPermission(req.user_id, channel.guild_id, channel_id);
-		permission.hasThrow("MANAGE_MESSAGES");
-	}
+	if ((message.author_id !== req.user_id)) {
+		if (!rights.has("MANAGE_MESSAGES")) {
+			const permission = await getPermission(req.user_id, channel.guild_id, channel_id);
+			permission.hasThrow("MANAGE_MESSAGES");
+		}
+	} else rights.hasThrow("SELF_DELETE_MESSAGES");
 
 	await Message.delete({ id: message_id });
 
diff --git a/api/src/routes/downloads.ts b/api/src/routes/downloads.ts
index ad78b62f..ddfc080c 100644
--- a/api/src/routes/downloads.ts
+++ b/api/src/routes/downloads.ts
@@ -1,6 +1,6 @@
 import { Router, Response, Request } from "express";
 import { route } from "@fosscord/api";
-import { Relase, Config } from "@fosscord/util";
+import { Release, Config } from "@fosscord/util";
 
 const router = Router();
 
@@ -12,9 +12,9 @@ router.get("/:branch", route({}), async (req: Request, res: Response) => {
 
 	if(!platform || !["linux", "osx", "win"].includes(platform.toString())) return res.status(404)
 
-	const relase = await Relase.findOneOrFail({ name: client.relases.upstreamVersion });
+	const release = await Release.findOneOrFail({ name: client.releases.upstreamVersion });
 
-	res.redirect(relase[`win_url`]);
+	res.redirect(release[`win_url`]);
 });
 
 export default router;
diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts
index 7ccf34d7..1ce41936 100644
--- a/api/src/routes/guilds/#guild_id/bans.ts
+++ b/api/src/routes/guilds/#guild_id/bans.ts
@@ -33,17 +33,32 @@ router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res:
 	const { guild_id } = req.params;
 
 	let bans = await Ban.find({ guild_id: guild_id });
+	let promisesToAwait: object[] = [];
+	const bansObj: object[] = [];
 
-	/* Filter secret from database registry.*/
+	bans.filter((ban) => ban.user_id !== ban.executor_id); // pretend self-bans don't exist to prevent victim chasing
 
-	bans.filter(ban => ban.user_id !== ban.executor_id);
-	// pretend self-bans don't exist to prevent victim chasing
-	
-	bans.forEach((registry: BanRegistrySchema) => {
-	delete registry.ip;
+	bans.forEach((ban) => {
+		promisesToAwait.push(User.getPublicUser(ban.user_id));
 	});
-	
-	return res.json(bans);
+
+	const bannedUsers: object[] = await Promise.all(promisesToAwait);
+
+	bans.forEach((ban, index) => {
+		const user = bannedUsers[index] as User;
+		bansObj.push({
+			reason: ban.reason,
+			user: {
+				username: user.username,
+				discriminator: user.discriminator,
+				id: user.id,
+				avatar: user.avatar,
+				public_flags: user.public_flags
+			}
+		});
+	});
+
+	return res.json(bansObj);
 });
 
 router.get("/:user", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => {
diff --git a/api/src/routes/guilds/#guild_id/index.ts b/api/src/routes/guilds/#guild_id/index.ts
index 991c3f93..4ec3df72 100644
--- a/api/src/routes/guilds/#guild_id/index.ts
+++ b/api/src/routes/guilds/#guild_id/index.ts
@@ -1,5 +1,5 @@
 import { Request, Response, Router } from "express";
-import { emitEvent, getPermission, Guild, GuildUpdateEvent, handleFile, Member } from "@fosscord/util";
+import { DiscordApiErrors, emitEvent, getPermission, getRights, Guild, GuildUpdateEvent, handleFile, Member } from "@fosscord/util";
 import { HTTPError } from "lambert-server";
 import { route } from "@fosscord/api";
 import "missing-native-js-functions";
@@ -37,9 +37,17 @@ router.get("/", route({}), async (req: Request, res: Response) => {
 	return res.send(guild);
 });
 
-router.patch("/", route({ body: "GuildUpdateSchema", permission: "MANAGE_GUILD" }), async (req: Request, res: Response) => {
+router.patch("/", route({ body: "GuildUpdateSchema"}), async (req: Request, res: Response) => {
 	const body = req.body as GuildUpdateSchema;
 	const { guild_id } = req.params;
+	
+	
+	const rights = await getRights(req.user_id);
+	const permission = await getPermission(req.user_id, guild_id);
+	
+	if (!rights.has("MANAGE_GUILDS")||!permission.has("MANAGE_GUILD"))
+		throw DiscordApiErrors.MISSING_PERMISSIONS.withParams("MANAGE_GUILD");
+	
 	// TODO: guild update check image
 
 	if (body.icon) body.icon = await handleFile(`/icons/${guild_id}`, body.icon);
diff --git a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
index 24c74af7..34836292 100644
--- a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
+++ b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
@@ -25,13 +25,19 @@ router.patch("/", route({ body: "MemberChangeSchema" }), async (req: Request, re
 
 	const member = await Member.findOneOrFail({ where: { id: member_id, guild_id }, relations: ["roles", "user"] });
 	const permission = await getPermission(req.user_id, guild_id);
+	const everyone = await Role.findOneOrFail({ guild_id: guild_id, name: "@everyone", position: 0 });
 
 	if (body.roles) {
 		permission.hasThrow("MANAGE_ROLES");
+
+		if (body.roles.indexOf(everyone.id) === -1) body.roles.push(everyone.id);
 		member.roles = body.roles.map((x) => new Role({ id: x })); // foreign key constraint will fail if role doesn't exist
 	}
 
 	await member.save();
+
+	member.roles = member.roles.filter((x) => x.id !== everyone.id);
+
 	// do not use promise.all as we have to first write to db before emitting the event to catch errors
 	await emitEvent({
 		event: "GUILD_MEMBER_UPDATE",
diff --git a/api/src/routes/guilds/#guild_id/vanity-url.ts b/api/src/routes/guilds/#guild_id/vanity-url.ts
index 63173345..29cd25e2 100644
--- a/api/src/routes/guilds/#guild_id/vanity-url.ts
+++ b/api/src/routes/guilds/#guild_id/vanity-url.ts
@@ -9,11 +9,19 @@ const InviteRegex = /\W/g;
 
 router.get("/", route({ permission: "MANAGE_GUILD" }), async (req: Request, res: Response) => {
 	const { guild_id } = req.params;
+	const guild = await Guild.findOneOrFail({ id: guild_id });
 
-	const invite = await Invite.findOne({ where: { guild_id: guild_id, vanity_url: true } });
-	if (!invite) return res.json({ code: null });
+	if (!guild.features.includes("ALIASABLE_NAMES")) {
+		const invite = await Invite.findOne({ where: { guild_id: guild_id, vanity_url: true } });
+		if (!invite) return res.json({ code: null });
 
-	return res.json({ code: invite.code, uses: invite.uses });
+		return res.json({ code: invite.code, uses: invite.uses });
+	} else {
+		const invite = await Invite.find({ where: { guild_id: guild_id, vanity_url: true } });
+		if (!invite || invite.length == 0) return res.json({ code: null });
+
+		return res.json(invite.map((x) => ({ code: x.code, uses: x.uses })));
+	}
 });
 
 export interface VanityUrlSchema {
@@ -24,18 +32,33 @@ export interface VanityUrlSchema {
 	code?: string;
 }
 
-// TODO: check if guild is elgible for vanity url
 router.patch("/", route({ body: "VanityUrlSchema", permission: "MANAGE_GUILD" }), async (req: Request, res: Response) => {
 	const { guild_id } = req.params;
 	const body = req.body as VanityUrlSchema;
 	const code = body.code?.replace(InviteRegex, "");
 
+	const guild = await Guild.findOneOrFail({ id: guild_id });
+	if (!guild.features.includes("VANITY_URL")) throw new HTTPError("Your guild doesn't support vanity urls");
+
+	if (!code || code.length === 0) throw new HTTPError("Code cannot be null or empty");
+
 	const invite = await Invite.findOne({ code });
 	if (invite) throw new HTTPError("Invite already exists");
 
 	const { id } = await Channel.findOneOrFail({ guild_id, type: ChannelType.GUILD_TEXT });
 
-	await Invite.update({ vanity_url: true, guild_id }, { code: code, channel_id: id });
+	await new Invite({
+		vanity_url: true,
+		code: code,
+		temporary: false,
+		uses: 0,
+		max_uses: 0,
+		max_age: 0,
+		created_at: new Date(),
+		expires_at: new Date(),
+		guild_id: guild_id,
+		channel_id: id
+	}).save();
 
 	return res.json({ code: code });
 });
diff --git a/api/src/routes/guilds/index.ts b/api/src/routes/guilds/index.ts
index 7b676211..10721413 100644
--- a/api/src/routes/guilds/index.ts
+++ b/api/src/routes/guilds/index.ts
@@ -1,5 +1,5 @@
 import { Router, Request, Response } from "express";
-import { Role, Guild, Snowflake, Config, Member, Channel, DiscordApiErrors, handleFile } from "@fosscord/util";
+import { Role, Guild, Snowflake, Config, getRights, Member, Channel, DiscordApiErrors, handleFile } from "@fosscord/util";
 import { route } from "@fosscord/api";
 import { ChannelModifySchema } from "../channels/#channel_id";
 
@@ -20,12 +20,13 @@ export interface GuildCreateSchema {
 
 //TODO: create default channel
 
-router.post("/", route({ body: "GuildCreateSchema" }), async (req: Request, res: Response) => {
+router.post("/", route({ body: "GuildCreateSchema", right: "CREATE_GUILDS" }), async (req: Request, res: Response) => {
 	const body = req.body as GuildCreateSchema;
 
 	const { maxGuilds } = Config.get().limits.user;
 	const guild_count = await Member.count({ id: req.user_id });
-	if (guild_count >= maxGuilds) {
+	const rights = await getRights(req.user_id);
+	if ((guild_count >= maxGuilds)&&!rights.has("MANAGE_GUILDS")) {
 		throw DiscordApiErrors.MAXIMUM_GUILDS.withParams(maxGuilds);
 	}
 
diff --git a/api/src/routes/invites/index.ts b/api/src/routes/invites/index.ts
index 37e9e05a..21da2d18 100644
--- a/api/src/routes/invites/index.ts
+++ b/api/src/routes/invites/index.ts
@@ -13,7 +13,7 @@ router.get("/:code", route({}), async (req: Request, res: Response) => {
 	res.status(200).send(invite);
 });
 
-router.post("/:code", route({}), async (req: Request, res: Response) => {
+router.post("/:code", route({right: "JOIN_GUILDS"}), async (req: Request, res: Response) => {
 	const { code } = req.params;
     const { guild_id } = await Invite.findOneOrFail({ code })
 	const { features } = await Guild.findOneOrFail({ id: guild_id});
diff --git a/api/src/routes/scheduled-maintenances/upcoming_json.ts b/api/src/routes/scheduled-maintenances/upcoming_json.ts
new file mode 100644
index 00000000..83092e44
--- /dev/null
+++ b/api/src/routes/scheduled-maintenances/upcoming_json.ts
@@ -0,0 +1,12 @@
+import { Router, Request, Response } from "express";
+import { route } from "@fosscord/api";
+const router = Router();
+
+router.get("/scheduled-maintenances/upcoming.json",route({}), async (req: Request, res: Response) => {
+	res.json({
+  "page": {},
+  "scheduled_maintenances": {}
+  });
+});
+
+export default router;
diff --git a/api/src/routes/store/published-listings/applications.ts b/api/src/routes/store/published-listings/applications.ts
index f06a01e4..060a4c3d 100644
--- a/api/src/routes/store/published-listings/applications.ts
+++ b/api/src/routes/store/published-listings/applications.ts
@@ -18,7 +18,7 @@ router.get("/:id", route({}), async (req: Request, res: Response) => {
 			access_type: 2,
 			name: "",
 			features: [],
-			relase_date: "",
+			release_date: "",
 			premium: false,
 			slug: "",
 			flags: 4,
diff --git a/api/src/routes/store/published-listings/skus.ts b/api/src/routes/store/published-listings/skus.ts
index f06a01e4..060a4c3d 100644
--- a/api/src/routes/store/published-listings/skus.ts
+++ b/api/src/routes/store/published-listings/skus.ts
@@ -18,7 +18,7 @@ router.get("/:id", route({}), async (req: Request, res: Response) => {
 			access_type: 2,
 			name: "",
 			features: [],
-			relase_date: "",
+			release_date: "",
 			premium: false,
 			slug: "",
 			flags: 4,
diff --git a/api/src/routes/updates.ts b/api/src/routes/updates.ts
index 4682ce7c..cb4577c8 100644
--- a/api/src/routes/updates.ts
+++ b/api/src/routes/updates.ts
@@ -1,19 +1,19 @@
 import { Router, Response, Request } from "express";
 import { route } from "@fosscord/api";
-import { Config, Relase } from "@fosscord/util";
+import { Config, Release } from "@fosscord/util";
 
 const router = Router();
 
 router.get("/", route({}), async (req: Request, res: Response) => {
 	const { client } = Config.get();
 
-    const relase = await Relase.findOneOrFail({ name: client.relases.upstreamVersion})
+    const release = await Release.findOneOrFail({ name: client.releases.upstreamVersion})
 
 	res.json({
-        name: relase.name,
-        pub_date: relase.pub_date,
-        url: relase.url,
-        notes: relase.notes
+        name: release.name,
+        pub_date: release.pub_date,
+        url: release.url,
+        notes: release.notes
     });
 });
 
diff --git a/api/src/routes/users/@me/index.ts b/api/src/routes/users/@me/index.ts
index bf62e7fc..122080f2 100644
--- a/api/src/routes/users/@me/index.ts
+++ b/api/src/routes/users/@me/index.ts
@@ -53,8 +53,6 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res:
 			throw FieldErrors({ email: { message: req.t("auth:register.EMAIL_INVALID"), code: "EMAIL_INVALID" } });
 	}
 
-	user.assign(body);
-
 	if (body.new_password) {
 		if (!body.password && !user.email) {
 			throw FieldErrors({
@@ -64,14 +62,16 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res:
 		user.data.hash = await bcrypt.hash(body.new_password, 12);
 	}
 
-	var check_username = body?.username?.replace(/\s/g, '');
-
-	if(!check_username && !body?.avatar && !body?.banner) {
-		throw FieldErrors({
-			username: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") }
-		});
+	if (body.username) {
+		var check_username = body?.username?.replace(/\s/g, '');
+		if (!check_username) {
+			throw FieldErrors({
+				username: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") }
+			});
+		}
 	}
 
+	user.assign(body);
 	await user.save();
 
 	// @ts-ignore
diff --git a/api/src/routes/users/@me/notes.ts b/api/src/routes/users/@me/notes.ts
index 2ef27bc0..4887b191 100644
--- a/api/src/routes/users/@me/notes.ts
+++ b/api/src/routes/users/@me/notes.ts
@@ -1,14 +1,39 @@
 import { Request, Response, Router } from "express";
 import { route } from "@fosscord/api";
+import { User, emitEvent } from "@fosscord/util";
 
 const router: Router = Router();
 
+router.get("/:id", route({}), async (req: Request, res: Response) => {
+	const { id } = req.params;
+	const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["notes"] });
+
+	const note = user.notes[id];
+	return res.json({
+		note: note,
+		note_user_id: id,
+		user_id: user.id,
+	});
+});
+
 router.put("/:id", route({}), async (req: Request, res: Response) => {
-	//TODO
-	res.json({
-		message: "400: Bad Request",
-		code: 0
-	}).status(400);
+	const { id } = req.params;
+	const user = await User.findOneOrFail({ where: { id: req.user_id } });
+	const noteUser = await User.findOneOrFail({ where: { id: id }});		//if noted user does not exist throw
+	const { note } = req.body;
+
+	await User.update({ id: req.user_id }, { notes: { ...user.notes, [noteUser.id]: note } });
+
+	await emitEvent({
+		event: "USER_NOTE_UPDATE",
+		data: {
+			note: note,
+			id: noteUser.id
+		},
+		user_id: user.id,
+	})
+
+	return res.status(204);
 });
 
 export default router;