summary refs log tree commit diff
path: root/api/src
diff options
context:
space:
mode:
Diffstat (limited to 'api/src')
-rw-r--r--api/src/routes/guilds/#guild_id/bans.ts25
-rw-r--r--api/src/util/route.ts66
2 files changed, 76 insertions, 15 deletions
diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts

index 86bff6b4..41a97b6a 100644
--- a/api/src/routes/guilds/#guild_id/bans.ts
+++ b/api/src/routes/guilds/#guild_id/bans.ts
@@ -1,19 +1,18 @@
 import { Request, Response, Router } from "express";
 import { emitEvent, getPermission, GuildBanAddEvent, GuildBanRemoveEvent, Guild, Ban, User, Member } from "@fosscord/util";
 import { HTTPError } from "lambert-server";
-import { getIpAdress, check } from "@fosscord/api";
+import { getIpAdress, check, route } from "@fosscord/api";
 import { BanCreateSchema } from "@fosscord/api/schema/Ban";
 
 const router: Router = Router();
-
-router.get("/", async (req: Request, res: Response) => {
+router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => {
 	const { guild_id } = req.params;
 
 	var bans = await Ban.find({ guild_id: guild_id });
 	return res.json(bans);
 });
 
-router.get("/:user", async (req: Request, res: Response) => {
+router.get("/:user", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => {
 	const { guild_id } = req.params;
 	const user_id = req.params.ban;
 
@@ -21,15 +20,14 @@ router.get("/:user", async (req: Request, res: Response) => {
 	return res.json(ban);
 });
 
-router.put("/:user_id", check(BanCreateSchema), async (req: Request, res: Response) => {
+router.put("/:user_id", route({ body: "BanCreateSchema", permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => {
 	const { guild_id } = req.params;
 	const banned_user_id = req.params.user_id;
 
 	const banned_user = await User.getPublicUser(banned_user_id);
-	const perms = await getPermission(req.user_id, guild_id);
-	perms.hasThrow("BAN_MEMBERS");
+
 	if (req.user_id === banned_user_id) throw new HTTPError("You can't ban yourself", 400);
-	if (perms.cache.guild?.owner_id === banned_user_id) throw new HTTPError("You can't ban the owner", 400);
+	if (req.permission?.cache.guild?.owner_id === banned_user_id) throw new HTTPError("You can't ban the owner", 400);
 
 	const ban = new Ban({
 		user_id: banned_user_id,
@@ -55,17 +53,14 @@ router.put("/:user_id", check(BanCreateSchema), async (req: Request, res: Respon
 	return res.json(ban);
 });
 
-router.delete("/:user_id", async (req: Request, res: Response) => {
-	var { guild_id } = req.params;
-	var banned_user_id = req.params.user_id;
+router.delete("/:user_id", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => {
+	const { guild_id, user_id } = req.params;
 
-	const banned_user = await User.getPublicUser(banned_user_id);
-	const perms = await getPermission(req.user_id, guild_id);
-	perms.hasThrow("BAN_MEMBERS");
+	const banned_user = await User.getPublicUser(user_id);
 
 	await Promise.all([
 		Ban.delete({
-			user_id: banned_user_id,
+			user_id: user_id,
 			guild_id
 		}),
 
diff --git a/api/src/util/route.ts b/api/src/util/route.ts
new file mode 100644

index 00000000..0302f3ec
--- /dev/null
+++ b/api/src/util/route.ts
@@ -0,0 +1,66 @@
+import { DiscordApiErrors, Event, EventData, getPermission, PermissionResolvable, Permissions } from "@fosscord/util";
+import { NextFunction, Request, Response } from "express";
+import fs from "fs";
+import path from "path";
+import Ajv from "ajv";
+import { AnyValidateFunction } from "ajv/dist/core";
+import { FieldErrors } from "..";
+
+const SchemaPath = path.join(__dirname, "..", "..", "assets", "schemas.json");
+const schemas = JSON.parse(fs.readFileSync(SchemaPath, { encoding: "utf8" }));
+export const ajv = new Ajv({ allErrors: true, parseDate: true, allowDate: true, schemas, messages: true });
+
+declare global {
+	namespace Express {
+		interface Request {
+			permission?: Permissions;
+		}
+	}
+}
+
+export type RouteSchema = string; // typescript interface name
+export type RouteResponse = { status: number; body?: RouteSchema; headers?: Record<string, string> };
+
+export interface RouteOptions {
+	permission?: PermissionResolvable;
+	body?: RouteSchema;
+	response?: RouteResponse;
+	example?: {
+		body?: any;
+		path?: string;
+		event?: EventData;
+		headers?: Record<string, string>;
+	};
+}
+
+export function route(opts: RouteOptions) {
+	var validate: AnyValidateFunction<any>;
+	if (opts.body) {
+		// @ts-ignore
+		validate = ajv.getSchema(opts.body);
+		if (!validate) throw new Error(`Body schema ${opts.body} not found`);
+	}
+
+	return async (req: Request, res: Response, next: NextFunction) => {
+		if (opts.permission) {
+			const required = new Permissions(opts.permission);
+			const permission = await getPermission(req.user_id, req.params.guild_id, req.params.channel_id);
+			console.log(required.bitfield, permission.bitfield, permission.bitfield & required.bitfield);
+
+			// bitfield comparison: check if user lacks certain permission
+			if (!permission.has(required)) {
+				throw DiscordApiErrors.MISSING_PERMISSIONS.withParams(opts.permission as string);
+			}
+
+			if (validate) {
+				const valid = validate(req.body);
+				if (!valid) {
+					const fields: Record<string, { code?: string; message: string }> = {};
+					validate.errors?.forEach((x) => (fields[x.instancePath] = { code: x.keyword, message: x.message || "" }));
+					throw FieldErrors(fields);
+				}
+			}
+		}
+		next();
+	};
+}
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-04-23 17:46:04 +0000