summary refs log tree commit diff
path: root/api/src
diff options
context:
space:
mode:
Diffstat (limited to 'api/src')
-rw-r--r--api/src/routes/channels/#channel_id/messages/#message_id/ack.ts3
-rw-r--r--api/src/routes/channels/#channel_id/messages/#message_id/index.ts12
-rw-r--r--api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts2
-rw-r--r--api/src/routes/channels/#channel_id/messages/index.ts7
-rw-r--r--api/src/routes/guilds/#guild_id/members/index.ts1
-rw-r--r--api/src/start.ts7
-rw-r--r--api/src/util/handlers/route.ts3
-rw-r--r--api/src/util/utility/passwordStrength.ts10
8 files changed, 33 insertions, 12 deletions
diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts b/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts

index 208c1da4..885c5eca 100644
--- a/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts
+++ b/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts
@@ -4,8 +4,9 @@ import { route } from "@fosscord/api";
 
 const router = Router();
 
-// TODO: check if message exists
+// TODO: public read receipts & privacy scoping
 // TODO: send read state event to all channel members
+// TODO: advance-only notification cursor
 
 export interface MessageAcknowledgeSchema {
 	manual?: boolean;
diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts

index 58dfb1cc..a27c71e1 100644
--- a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts
+++ b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts
@@ -51,6 +51,18 @@ router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGE
 	return res.json(message);
 });
 
+router.get("/", route({ permission: "VIEW_CHANNEL" }), async (req: Request, res: Response) => {
+	const { message_id, channel_id } = req.params;
+
+	const message = await Message.findOneOrFail({ where: { id: message_id, channel_id }, relations: ["attachments"] });
+
+	const permissions = await getPermission(req.user_id, undefined, channel_id);
+	
+	if (message.author_id !== req.user_id) permissions.hasThrow("READ_MESSAGE_HISTORY");
+
+	return res.json(message);
+});
+
 router.delete("/", route({}), async (req: Request, res: Response) => {
 	const { message_id, channel_id } = req.params;
 
diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts b/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts

index 6b6a66b2..d93cf70f 100644
--- a/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts
+++ b/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts
@@ -101,7 +101,7 @@ router.get("/:emoji", route({ permission: "VIEW_CHANNEL" }), async (req: Request
 	res.json(users);
 });
 
-router.put("/:emoji/:user_id", route({ permission: "READ_MESSAGE_HISTORY" }), async (req: Request, res: Response) => {
+router.put("/:emoji/:user_id", route({ permission: "READ_MESSAGE_HISTORY", right: "SELF_ADD_REACTIONS" }), async (req: Request, res: Response) => {
 	const { message_id, channel_id, user_id } = req.params;
 	if (user_id !== "@me") throw new HTTPError("Invalid user");
 	const emoji = getEmoji(req.params.emoji);
diff --git a/api/src/routes/channels/#channel_id/messages/index.ts b/api/src/routes/channels/#channel_id/messages/index.ts

index 2fd08b04..af0ae32d 100644
--- a/api/src/routes/channels/#channel_id/messages/index.ts
+++ b/api/src/routes/channels/#channel_id/messages/index.ts
@@ -8,6 +8,7 @@ import {
 	Embed,
 	emitEvent,
 	getPermission,
+	getRights,
 	Message,
 	MessageCreateEvent,
 	uploadFile,
@@ -119,7 +120,7 @@ router.get("/", async (req: Request, res: Response) => {
 				delete x.user_ids;
 			});
 			// @ts-ignore
-			if (!x.author) x.author = { discriminator: "0000", username: "Deleted User", public_flags: "0", avatar: null };
+			if (!x.author) x.author = { id: "4", discriminator: "0000", username: "Fosscord Ghost", public_flags: "0", avatar: null };
 			x.attachments?.forEach((y: any) => {
 				// dynamically set attachment proxy_url in case the endpoint changed
 				const uri = y.proxy_url.startsWith("http") ? y.proxy_url : `https://example.org${y.proxy_url}`;
@@ -149,7 +150,7 @@ const messageUpload = multer({
 }); // max upload 50 mb
 
 // TODO: dynamically change limit of MessageCreateSchema with config
-// TODO: check: sum of all characters in an embed structure must not exceed 6000 characters
+// TODO: check: sum of all characters in an embed structure must not exceed instance limits
 
 // https://discord.com/developers/docs/resources/channel#create-message
 // TODO: text channel slowdown
@@ -167,7 +168,7 @@ router.post(
 
 		next();
 	},
-	route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES" }),
+	route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES", right: "SEND_MESSAGES" }),
 	async (req: Request, res: Response) => {
 		const { channel_id } = req.params;
 		var body = req.body as MessageCreateSchema;
diff --git a/api/src/routes/guilds/#guild_id/members/index.ts b/api/src/routes/guilds/#guild_id/members/index.ts

index 386276c8..b730a4e7 100644
--- a/api/src/routes/guilds/#guild_id/members/index.ts
+++ b/api/src/routes/guilds/#guild_id/members/index.ts
@@ -6,7 +6,6 @@ import { HTTPError } from "lambert-server";
 
 const router = Router();
 
-// TODO: not allowed for user -> only allowed for bots with privileged intents
 // TODO: send over websocket
 // TODO: check for GUILD_MEMBERS intent
 
diff --git a/api/src/start.ts b/api/src/start.ts

index 717e1b8f..ccb4d108 100644
--- a/api/src/start.ts
+++ b/api/src/start.ts
@@ -7,7 +7,12 @@ config();
 import { FosscordServer } from "./Server";
 import cluster from "cluster";
 import os from "os";
-const cores = Number(process.env.THREADS) || os.cpus().length;
+var cores = 1;
+try {
+	cores = Number(process.env.THREADS) || os.cpus().length;
+} catch {
+	console.log("[API] Failed to get thread count! Using 1...")
+}
 
 if (cluster.isMaster && process.env.NODE_ENV == "production") {
 	console.log(`Primary ${process.pid} is running`);
diff --git a/api/src/util/handlers/route.ts b/api/src/util/handlers/route.ts

index 0048c4dd..3d3bbc37 100644
--- a/api/src/util/handlers/route.ts
+++ b/api/src/util/handlers/route.ts
@@ -6,6 +6,7 @@ import {
 	FieldErrors,
 	FosscordApiErrors,
 	getPermission,
+	getRights,
 	PermissionResolvable,
 	Permissions,
 	RightResolvable,
@@ -105,6 +106,8 @@ export function route(opts: RouteOptions) {
 
 		if (opts.right) {
 			const required = new Rights(opts.right);
+			req.rights = await getRights(req.user_id);
+
 			if (!req.rights || !req.rights.has(required)) {
 				throw FosscordApiErrors.MISSING_RIGHTS.withParams(opts.right as string);
 			}
diff --git a/api/src/util/utility/passwordStrength.ts b/api/src/util/utility/passwordStrength.ts

index e75e48f6..439700d0 100644
--- a/api/src/util/utility/passwordStrength.ts
+++ b/api/src/util/utility/passwordStrength.ts
@@ -13,7 +13,7 @@ const blocklist: string[] = []; // TODO: update ones passwordblocklist is stored
  *  - min <n> numbers
  *  - min <n> symbols
  *  - min <n> uppercase chars
- *  - shannon entropy divided by password entropy
+ *  - shannon entropy folded into [0, 1) interval
  *
  * Returns: 0 > pw > 1
  */
@@ -46,15 +46,15 @@ export function checkPassword(password: string): number {
 		strength = 0;
 	}
 	
-	let entropyMap;
+	let entropyMap: { [key: string]: number } = {};
 	for (let i = 0; i < password.length; i++) {
 		if (entropyMap[password[i]]) entropyMap[password[i]]++;
 		else entropyMap[password[i]] = 1;
 	}
 	
-	let entropies = Array(entropyMap);
-		
+	let entropies = Object.values(entropyMap);
+	
 	entropies.map(x => (x / entropyMap.length));
-	strength += entropies.reduceRight((a, x), a - (x * Math.log2(x))) / Math.log2(password.length);	
+	strength += entropies.reduceRight((a: number, x: number) => a - (x * Math.log2(x))) / Math.log2(password.length);	
 	return strength;
 }
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-07-17 22:35:29 +0000