diff options
Diffstat (limited to 'api/src/routes')
-rw-r--r-- | api/src/routes/channels/#channel_id/invites.ts | 3 | ||||
-rw-r--r-- | api/src/routes/channels/#channel_id/messages/#message_id/index.ts | 32 | ||||
-rw-r--r-- | api/src/routes/downloads.ts | 6 | ||||
-rw-r--r-- | api/src/routes/guilds/#guild_id/bans.ts | 31 | ||||
-rw-r--r-- | api/src/routes/guilds/#guild_id/index.ts | 12 | ||||
-rw-r--r-- | api/src/routes/guilds/#guild_id/members/#member_id/index.ts | 6 | ||||
-rw-r--r-- | api/src/routes/guilds/#guild_id/vanity-url.ts | 33 | ||||
-rw-r--r-- | api/src/routes/guilds/index.ts | 7 | ||||
-rw-r--r-- | api/src/routes/invites/index.ts | 2 | ||||
-rw-r--r-- | api/src/routes/scheduled-maintenances/upcoming_json.ts | 12 | ||||
-rw-r--r-- | api/src/routes/store/published-listings/applications.ts | 2 | ||||
-rw-r--r-- | api/src/routes/store/published-listings/skus.ts | 2 | ||||
-rw-r--r-- | api/src/routes/updates.ts | 12 | ||||
-rw-r--r-- | api/src/routes/users/@me/index.ts | 16 | ||||
-rw-r--r-- | api/src/routes/users/@me/notes.ts | 35 |
15 files changed, 155 insertions, 56 deletions
diff --git a/api/src/routes/channels/#channel_id/invites.ts b/api/src/routes/channels/#channel_id/invites.ts index 6d2c625d..9c361164 100644 --- a/api/src/routes/channels/#channel_id/invites.ts +++ b/api/src/routes/channels/#channel_id/invites.ts @@ -19,7 +19,8 @@ export interface InviteCreateSchema { target_user_type?: number; } -router.post("/", route({ body: "InviteCreateSchema", permission: "CREATE_INSTANT_INVITE" }), async (req: Request, res: Response) => { +router.post("/", route({ body: "InviteCreateSchema", permission: "CREATE_INSTANT_INVITE", right: "CREATE_INVITES" }), + async (req: Request, res: Response) => { const { user_id } = req; const { channel_id } = req.params; const channel = await Channel.findOneOrFail({ where: { id: channel_id }, select: ["id", "name", "type", "guild_id"] }); diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts index 7f7de264..58dfb1cc 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts +++ b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts @@ -1,4 +1,4 @@ -import { Channel, emitEvent, getPermission, MessageDeleteEvent, Message, MessageUpdateEvent } from "@fosscord/util"; +import { Channel, emitEvent, getPermission, getRights, MessageDeleteEvent, Message, MessageUpdateEvent } from "@fosscord/util"; import { Router, Response, Request } from "express"; import { route } from "@fosscord/api"; import { handleMessage, postHandleMessage } from "@fosscord/api"; @@ -7,18 +7,23 @@ import { MessageCreateSchema } from "../index"; const router = Router(); // TODO: message content/embed string length limit -router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES" }), async (req: Request, res: Response) => { +router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES", right: "SEND_MESSAGES" }), async (req: Request, res: Response) => { const { message_id, channel_id } = req.params; var body = req.body as MessageCreateSchema; const message = await Message.findOneOrFail({ where: { id: message_id, channel_id }, relations: ["attachments"] }); const permissions = await getPermission(req.user_id, undefined, channel_id); - - if (req.user_id !== message.author_id) { - permissions.hasThrow("MANAGE_MESSAGES"); - body = { flags: body.flags }; // admins can only suppress embeds of other messages - } + + const rights = await getRights(req.user_id); + + if ((req.user_id !== message.author_id)) { + if (!rights.has("MANAGE_MESSAGES")) { + permissions.hasThrow("MANAGE_MESSAGES"); + body = { flags: body.flags }; +// guild admins can only suppress embeds of other messages, no such restriction imposed to instance-wide admins + } + } else rights.hasThrow("SELF_EDIT_MESSAGES"); const new_message = await handleMessage({ ...message, @@ -46,17 +51,20 @@ router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGE return res.json(message); }); -// permission check only if deletes messagr from other user router.delete("/", route({}), async (req: Request, res: Response) => { const { message_id, channel_id } = req.params; const channel = await Channel.findOneOrFail({ id: channel_id }); const message = await Message.findOneOrFail({ id: message_id }); + + const rights = await getRights(req.user_id); - if (message.author_id !== req.user_id) { - const permission = await getPermission(req.user_id, channel.guild_id, channel_id); - permission.hasThrow("MANAGE_MESSAGES"); - } + if ((message.author_id !== req.user_id)) { + if (!rights.has("MANAGE_MESSAGES")) { + const permission = await getPermission(req.user_id, channel.guild_id, channel_id); + permission.hasThrow("MANAGE_MESSAGES"); + } + } else rights.hasThrow("SELF_DELETE_MESSAGES"); await Message.delete({ id: message_id }); diff --git a/api/src/routes/downloads.ts b/api/src/routes/downloads.ts index ad78b62f..ddfc080c 100644 --- a/api/src/routes/downloads.ts +++ b/api/src/routes/downloads.ts @@ -1,6 +1,6 @@ import { Router, Response, Request } from "express"; import { route } from "@fosscord/api"; -import { Relase, Config } from "@fosscord/util"; +import { Release, Config } from "@fosscord/util"; const router = Router(); @@ -12,9 +12,9 @@ router.get("/:branch", route({}), async (req: Request, res: Response) => { if(!platform || !["linux", "osx", "win"].includes(platform.toString())) return res.status(404) - const relase = await Relase.findOneOrFail({ name: client.relases.upstreamVersion }); + const release = await Release.findOneOrFail({ name: client.releases.upstreamVersion }); - res.redirect(relase[`win_url`]); + res.redirect(release[`win_url`]); }); export default router; diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts index 7ccf34d7..1ce41936 100644 --- a/api/src/routes/guilds/#guild_id/bans.ts +++ b/api/src/routes/guilds/#guild_id/bans.ts @@ -33,17 +33,32 @@ router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: const { guild_id } = req.params; let bans = await Ban.find({ guild_id: guild_id }); + let promisesToAwait: object[] = []; + const bansObj: object[] = []; - /* Filter secret from database registry.*/ + bans.filter((ban) => ban.user_id !== ban.executor_id); // pretend self-bans don't exist to prevent victim chasing - bans.filter(ban => ban.user_id !== ban.executor_id); - // pretend self-bans don't exist to prevent victim chasing - - bans.forEach((registry: BanRegistrySchema) => { - delete registry.ip; + bans.forEach((ban) => { + promisesToAwait.push(User.getPublicUser(ban.user_id)); }); - - return res.json(bans); + + const bannedUsers: object[] = await Promise.all(promisesToAwait); + + bans.forEach((ban, index) => { + const user = bannedUsers[index] as User; + bansObj.push({ + reason: ban.reason, + user: { + username: user.username, + discriminator: user.discriminator, + id: user.id, + avatar: user.avatar, + public_flags: user.public_flags + } + }); + }); + + return res.json(bansObj); }); router.get("/:user", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => { diff --git a/api/src/routes/guilds/#guild_id/index.ts b/api/src/routes/guilds/#guild_id/index.ts index 991c3f93..4ec3df72 100644 --- a/api/src/routes/guilds/#guild_id/index.ts +++ b/api/src/routes/guilds/#guild_id/index.ts @@ -1,5 +1,5 @@ import { Request, Response, Router } from "express"; -import { emitEvent, getPermission, Guild, GuildUpdateEvent, handleFile, Member } from "@fosscord/util"; +import { DiscordApiErrors, emitEvent, getPermission, getRights, Guild, GuildUpdateEvent, handleFile, Member } from "@fosscord/util"; import { HTTPError } from "lambert-server"; import { route } from "@fosscord/api"; import "missing-native-js-functions"; @@ -37,9 +37,17 @@ router.get("/", route({}), async (req: Request, res: Response) => { return res.send(guild); }); -router.patch("/", route({ body: "GuildUpdateSchema", permission: "MANAGE_GUILD" }), async (req: Request, res: Response) => { +router.patch("/", route({ body: "GuildUpdateSchema"}), async (req: Request, res: Response) => { const body = req.body as GuildUpdateSchema; const { guild_id } = req.params; + + + const rights = await getRights(req.user_id); + const permission = await getPermission(req.user_id, guild_id); + + if (!rights.has("MANAGE_GUILDS")||!permission.has("MANAGE_GUILD")) + throw DiscordApiErrors.MISSING_PERMISSIONS.withParams("MANAGE_GUILD"); + // TODO: guild update check image if (body.icon) body.icon = await handleFile(`/icons/${guild_id}`, body.icon); diff --git a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts index 24c74af7..34836292 100644 --- a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts +++ b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts @@ -25,13 +25,19 @@ router.patch("/", route({ body: "MemberChangeSchema" }), async (req: Request, re const member = await Member.findOneOrFail({ where: { id: member_id, guild_id }, relations: ["roles", "user"] }); const permission = await getPermission(req.user_id, guild_id); + const everyone = await Role.findOneOrFail({ guild_id: guild_id, name: "@everyone", position: 0 }); if (body.roles) { permission.hasThrow("MANAGE_ROLES"); + + if (body.roles.indexOf(everyone.id) === -1) body.roles.push(everyone.id); member.roles = body.roles.map((x) => new Role({ id: x })); // foreign key constraint will fail if role doesn't exist } await member.save(); + + member.roles = member.roles.filter((x) => x.id !== everyone.id); + // do not use promise.all as we have to first write to db before emitting the event to catch errors await emitEvent({ event: "GUILD_MEMBER_UPDATE", diff --git a/api/src/routes/guilds/#guild_id/vanity-url.ts b/api/src/routes/guilds/#guild_id/vanity-url.ts index 63173345..29cd25e2 100644 --- a/api/src/routes/guilds/#guild_id/vanity-url.ts +++ b/api/src/routes/guilds/#guild_id/vanity-url.ts @@ -9,11 +9,19 @@ const InviteRegex = /\W/g; router.get("/", route({ permission: "MANAGE_GUILD" }), async (req: Request, res: Response) => { const { guild_id } = req.params; + const guild = await Guild.findOneOrFail({ id: guild_id }); - const invite = await Invite.findOne({ where: { guild_id: guild_id, vanity_url: true } }); - if (!invite) return res.json({ code: null }); + if (!guild.features.includes("ALIASABLE_NAMES")) { + const invite = await Invite.findOne({ where: { guild_id: guild_id, vanity_url: true } }); + if (!invite) return res.json({ code: null }); - return res.json({ code: invite.code, uses: invite.uses }); + return res.json({ code: invite.code, uses: invite.uses }); + } else { + const invite = await Invite.find({ where: { guild_id: guild_id, vanity_url: true } }); + if (!invite || invite.length == 0) return res.json({ code: null }); + + return res.json(invite.map((x) => ({ code: x.code, uses: x.uses }))); + } }); export interface VanityUrlSchema { @@ -24,18 +32,33 @@ export interface VanityUrlSchema { code?: string; } -// TODO: check if guild is elgible for vanity url router.patch("/", route({ body: "VanityUrlSchema", permission: "MANAGE_GUILD" }), async (req: Request, res: Response) => { const { guild_id } = req.params; const body = req.body as VanityUrlSchema; const code = body.code?.replace(InviteRegex, ""); + const guild = await Guild.findOneOrFail({ id: guild_id }); + if (!guild.features.includes("VANITY_URL")) throw new HTTPError("Your guild doesn't support vanity urls"); + + if (!code || code.length === 0) throw new HTTPError("Code cannot be null or empty"); + const invite = await Invite.findOne({ code }); if (invite) throw new HTTPError("Invite already exists"); const { id } = await Channel.findOneOrFail({ guild_id, type: ChannelType.GUILD_TEXT }); - await Invite.update({ vanity_url: true, guild_id }, { code: code, channel_id: id }); + await new Invite({ + vanity_url: true, + code: code, + temporary: false, + uses: 0, + max_uses: 0, + max_age: 0, + created_at: new Date(), + expires_at: new Date(), + guild_id: guild_id, + channel_id: id + }).save(); return res.json({ code: code }); }); diff --git a/api/src/routes/guilds/index.ts b/api/src/routes/guilds/index.ts index 7b676211..10721413 100644 --- a/api/src/routes/guilds/index.ts +++ b/api/src/routes/guilds/index.ts @@ -1,5 +1,5 @@ import { Router, Request, Response } from "express"; -import { Role, Guild, Snowflake, Config, Member, Channel, DiscordApiErrors, handleFile } from "@fosscord/util"; +import { Role, Guild, Snowflake, Config, getRights, Member, Channel, DiscordApiErrors, handleFile } from "@fosscord/util"; import { route } from "@fosscord/api"; import { ChannelModifySchema } from "../channels/#channel_id"; @@ -20,12 +20,13 @@ export interface GuildCreateSchema { //TODO: create default channel -router.post("/", route({ body: "GuildCreateSchema" }), async (req: Request, res: Response) => { +router.post("/", route({ body: "GuildCreateSchema", right: "CREATE_GUILDS" }), async (req: Request, res: Response) => { const body = req.body as GuildCreateSchema; const { maxGuilds } = Config.get().limits.user; const guild_count = await Member.count({ id: req.user_id }); - if (guild_count >= maxGuilds) { + const rights = await getRights(req.user_id); + if ((guild_count >= maxGuilds)&&!rights.has("MANAGE_GUILDS")) { throw DiscordApiErrors.MAXIMUM_GUILDS.withParams(maxGuilds); } diff --git a/api/src/routes/invites/index.ts b/api/src/routes/invites/index.ts index 37e9e05a..21da2d18 100644 --- a/api/src/routes/invites/index.ts +++ b/api/src/routes/invites/index.ts @@ -13,7 +13,7 @@ router.get("/:code", route({}), async (req: Request, res: Response) => { res.status(200).send(invite); }); -router.post("/:code", route({}), async (req: Request, res: Response) => { +router.post("/:code", route({right: "JOIN_GUILDS"}), async (req: Request, res: Response) => { const { code } = req.params; const { guild_id } = await Invite.findOneOrFail({ code }) const { features } = await Guild.findOneOrFail({ id: guild_id}); diff --git a/api/src/routes/scheduled-maintenances/upcoming_json.ts b/api/src/routes/scheduled-maintenances/upcoming_json.ts new file mode 100644 index 00000000..83092e44 --- /dev/null +++ b/api/src/routes/scheduled-maintenances/upcoming_json.ts @@ -0,0 +1,12 @@ +import { Router, Request, Response } from "express"; +import { route } from "@fosscord/api"; +const router = Router(); + +router.get("/scheduled-maintenances/upcoming.json",route({}), async (req: Request, res: Response) => { + res.json({ + "page": {}, + "scheduled_maintenances": {} + }); +}); + +export default router; diff --git a/api/src/routes/store/published-listings/applications.ts b/api/src/routes/store/published-listings/applications.ts index f06a01e4..060a4c3d 100644 --- a/api/src/routes/store/published-listings/applications.ts +++ b/api/src/routes/store/published-listings/applications.ts @@ -18,7 +18,7 @@ router.get("/:id", route({}), async (req: Request, res: Response) => { access_type: 2, name: "", features: [], - relase_date: "", + release_date: "", premium: false, slug: "", flags: 4, diff --git a/api/src/routes/store/published-listings/skus.ts b/api/src/routes/store/published-listings/skus.ts index f06a01e4..060a4c3d 100644 --- a/api/src/routes/store/published-listings/skus.ts +++ b/api/src/routes/store/published-listings/skus.ts @@ -18,7 +18,7 @@ router.get("/:id", route({}), async (req: Request, res: Response) => { access_type: 2, name: "", features: [], - relase_date: "", + release_date: "", premium: false, slug: "", flags: 4, diff --git a/api/src/routes/updates.ts b/api/src/routes/updates.ts index 4682ce7c..cb4577c8 100644 --- a/api/src/routes/updates.ts +++ b/api/src/routes/updates.ts @@ -1,19 +1,19 @@ import { Router, Response, Request } from "express"; import { route } from "@fosscord/api"; -import { Config, Relase } from "@fosscord/util"; +import { Config, Release } from "@fosscord/util"; const router = Router(); router.get("/", route({}), async (req: Request, res: Response) => { const { client } = Config.get(); - const relase = await Relase.findOneOrFail({ name: client.relases.upstreamVersion}) + const release = await Release.findOneOrFail({ name: client.releases.upstreamVersion}) res.json({ - name: relase.name, - pub_date: relase.pub_date, - url: relase.url, - notes: relase.notes + name: release.name, + pub_date: release.pub_date, + url: release.url, + notes: release.notes }); }); diff --git a/api/src/routes/users/@me/index.ts b/api/src/routes/users/@me/index.ts index bf62e7fc..122080f2 100644 --- a/api/src/routes/users/@me/index.ts +++ b/api/src/routes/users/@me/index.ts @@ -53,8 +53,6 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res: throw FieldErrors({ email: { message: req.t("auth:register.EMAIL_INVALID"), code: "EMAIL_INVALID" } }); } - user.assign(body); - if (body.new_password) { if (!body.password && !user.email) { throw FieldErrors({ @@ -64,14 +62,16 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res: user.data.hash = await bcrypt.hash(body.new_password, 12); } - var check_username = body?.username?.replace(/\s/g, ''); - - if(!check_username && !body?.avatar && !body?.banner) { - throw FieldErrors({ - username: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") } - }); + if (body.username) { + var check_username = body?.username?.replace(/\s/g, ''); + if (!check_username) { + throw FieldErrors({ + username: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") } + }); + } } + user.assign(body); await user.save(); // @ts-ignore diff --git a/api/src/routes/users/@me/notes.ts b/api/src/routes/users/@me/notes.ts index 2ef27bc0..4887b191 100644 --- a/api/src/routes/users/@me/notes.ts +++ b/api/src/routes/users/@me/notes.ts @@ -1,14 +1,39 @@ import { Request, Response, Router } from "express"; import { route } from "@fosscord/api"; +import { User, emitEvent } from "@fosscord/util"; const router: Router = Router(); +router.get("/:id", route({}), async (req: Request, res: Response) => { + const { id } = req.params; + const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["notes"] }); + + const note = user.notes[id]; + return res.json({ + note: note, + note_user_id: id, + user_id: user.id, + }); +}); + router.put("/:id", route({}), async (req: Request, res: Response) => { - //TODO - res.json({ - message: "400: Bad Request", - code: 0 - }).status(400); + const { id } = req.params; + const user = await User.findOneOrFail({ where: { id: req.user_id } }); + const noteUser = await User.findOneOrFail({ where: { id: id }}); //if noted user does not exist throw + const { note } = req.body; + + await User.update({ id: req.user_id }, { notes: { ...user.notes, [noteUser.id]: note } }); + + await emitEvent({ + event: "USER_NOTE_UPDATE", + data: { + note: note, + id: noteUser.id + }, + user_id: user.id, + }) + + return res.status(204); }); export default router; |