3 files changed, 22 insertions, 16 deletions

diff --git a/api/client_test/index.html b/api/client_test/index.html
index 39ff346d..b438b492 100644
--- a/api/client_test/index.html
+++ b/api/client_test/index.html
@@ -24,20 +24,20 @@
 				ASSET_ENDPOINT: "",
 				MEDIA_PROXY_ENDPOINT: "https://media.discordapp.net",
 				WIDGET_ENDPOINT: `//${location.host}/widget`,
-				INVITE_HOST: `${location.host}/invite`,
-				GUILD_TEMPLATE_HOST: "discord.new",
-				GIFT_CODE_HOST: "discord.gift",
+				INVITE_HOST: `${location.hostname}/invite`,
+				GUILD_TEMPLATE_HOST: "${location.host}",
+				GIFT_CODE_HOST: "${location.hostname}",
 				RELEASE_CHANNEL: "stable",
 				MARKETING_ENDPOINT: "//discord.com",
 				BRAINTREE_KEY: "production_5st77rrc_49pp2rp4phym7387",
 				STRIPE_KEY: "pk_live_CUQtlpQUF0vufWpnpUmQvcdi",
 				NETWORKING_ENDPOINT: "//router.discordapp.net",
-				RTC_LATENCY_ENDPOINT: "//latency.discord.media/rtc",
+				RTC_LATENCY_ENDPOINT: "//${location.hostname}/rtc",
 				PROJECT_ENV: "production",
 				REMOTE_AUTH_ENDPOINT: "//localhost:3020",
 				SENTRY_TAGS: { buildId: "75e36d9", buildType: "normal" },
-				MIGRATION_SOURCE_ORIGIN: "https://discordapp.com",
-				MIGRATION_DESTINATION_ORIGIN: "https://discord.com",
+				MIGRATION_SOURCE_ORIGIN: "https://${location.hostname}",
+				MIGRATION_DESTINATION_ORIGIN: "https://${location.hostname}",
 				HTML_TIMESTAMP: Date.now(),
 				ALGOLIA_KEY: "aca0d7082e4e63af5ba5917d5e96bed0"
 			};
diff --git a/api/src/routes/channels/#channel_id/messages/bulk-delete.ts b/api/src/routes/channels/#channel_id/messages/bulk-delete.ts
index 7a711cb0..6eacf249 100644
--- a/api/src/routes/channels/#channel_id/messages/bulk-delete.ts
+++ b/api/src/routes/channels/#channel_id/messages/bulk-delete.ts
@@ -1,5 +1,5 @@
 import { Router, Response, Request } from "express";
-import { Channel, Config, emitEvent, getPermission, MessageDeleteBulkEvent, Message } from "@fosscord/util";
+import { Channel, Config, emitEvent, getPermission, getRights, MessageDeleteBulkEvent, Message } from "@fosscord/util";
 import { HTTPError } from "lambert-server";
 import { route } from "@fosscord/api";
 import { In } from "typeorm";
@@ -12,22 +12,28 @@ export interface BulkDeleteSchema {
 	messages: string[];
 }
 
-// TODO: should users be able to bulk delete messages or only bots?
-// TODO: should this request fail, if you provide messages older than 14 days/invalid ids?
+// should users be able to bulk delete messages or only bots? ANSWER: all users
+// should this request fail, if you provide messages older than 14 days/invalid ids? ANSWER: NO
 // https://discord.com/developers/docs/resources/channel#bulk-delete-messages
 router.post("/", route({ body: "BulkDeleteSchema" }), async (req: Request, res: Response) => {
 	const { channel_id } = req.params;
 	const channel = await Channel.findOneOrFail({ id: channel_id });
 	if (!channel.guild_id) throw new HTTPError("Can't bulk delete dm channel messages", 400);
 
+	const rights = await getRights(req.user_id);
+	rights.hasThrow("SELF_DELETE_MESSAGES");
+	
+	let superuser = rights.has("MANAGE_MESSAGES");
 	const permission = await getPermission(req.user_id, channel?.guild_id, channel_id);
-	permission.hasThrow("MANAGE_MESSAGES");
-
+		
 	const { maxBulkDelete } = Config.get().limits.message;
 
 	const { messages } = req.body as { messages: string[] };
-	if (messages.length < 2) throw new HTTPError("You must at least specify 2 messages to bulk delete");
-	if (messages.length > maxBulkDelete) throw new HTTPError(`You cannot delete more than ${maxBulkDelete} messages`);
+	if (messages.length === 0) throw new HTTPError("You must specify messages to bulk delete");
+	if (!superuser) {
+		permission.hasThrow("MANAGE_MESSAGES");
+		if (messages.length > maxBulkDelete) throw new HTTPError(`You cannot delete more than ${maxBulkDelete} messages`);
+	}
 
 	await Message.delete(messages.map((x) => ({ id: x })));
 
diff --git a/api/src/routes/channels/#channel_id/purge.ts b/api/src/routes/channels/#channel_id/purge.ts
index 8a87c379..28b52b50 100644
--- a/api/src/routes/channels/#channel_id/purge.ts
+++ b/api/src/routes/channels/#channel_id/purge.ts
@@ -30,9 +30,9 @@ export interface PurgeSchema {
 	after: string
 }
 
-// TODO: should users be able to bulk delete messages or only bots?
-// TODO: should this request fail, if you provide messages older than 14 days/invalid ids?
-// https://discord.com/developers/docs/resources/channel#bulk-delete-messages
+/**
+TODO: apply the delete bit by bit to prevent client and database stress
+**/
 router.post("/", route({ /*body: "PurgeSchema",*/ }), async (req: Request, res: Response) => {
 	const { channel_id } = req.params;
 	const channel = await Channel.findOneOrFail({ id: channel_id });