diff options
Diffstat (limited to 'src/api/routes/applications/#id/bot/index.ts')
| -rw-r--r-- | src/api/routes/applications/#id/bot/index.ts | 113 |
1 files changed, 55 insertions, 58 deletions
diff --git a/src/api/routes/applications/#id/bot/index.ts b/src/api/routes/applications/#id/bot/index.ts index ad2399b8..ed5d6a70 100644 --- a/src/api/routes/applications/#id/bot/index.ts +++ b/src/api/routes/applications/#id/bot/index.ts @@ -1,81 +1,78 @@ import { Request, Response, Router } from "express"; import { route } from "@fosscord/api"; -import { Application, Config, FieldErrors, generateToken, OrmUtils, Snowflake, trimSpecial, User } from "@fosscord/util"; +import { Application, generateToken, User, BotModifySchema, handleFile, DiscordApiErrors } from "@fosscord/util"; import { HTTPError } from "lambert-server"; import { verifyToken } from "node-2fa"; const router: Router = Router(); router.post("/", route({}), async (req: Request, res: Response) => { - const app = await Application.findOne({where: {id: req.params.id}}); - if(!app) return res.status(404); - const username = trimSpecial(app.name); - const discriminator = await User.generateDiscriminator(username); - if (!discriminator) { - // We've failed to generate a valid and unused discriminator - throw FieldErrors({ - username: { - code: "USERNAME_TOO_MANY_USERS", - message: req?.t("auth:register.USERNAME_TOO_MANY_USERS"), - }, - }); - } - - const user = OrmUtils.mergeDeep(new User(), { - created_at: new Date(), - username: username, - discriminator, - id: app.id, - bot: true, - system: false, - premium_since: new Date(), - desktop: false, - mobile: false, - premium: true, - premium_type: 2, - bio: app.description, - mfa_enabled: false, - totp_secret: "", - totp_backup_codes: [], - verified: true, - disabled: false, - deleted: false, - email: null, - rights: Config.get().security.defaultRights, - nsfw_allowed: true, - public_flags: "0", - flags: "0", - data: { - hash: null, - valid_tokens_since: new Date(), - }, - settings: {}, - extended_settings: {}, - fingerprints: [], - notes: {}, + const app = await Application.findOneOrFail({ where: { id: req.params.id }, relations: ["owner"] }); + + if (app.owner.id != req.user_id) + throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION; + + const user = await User.register({ + username: app.name, + password: undefined, + req, }); + + user.id = app.id; + user.premium_since = new Date(); + user.bot = true; + await user.save(); - app.bot = user; + + // flags is NaN here? + app.assign({ bot: user, flags: app.flags || 0 }); + await app.save(); - res.send().status(204) + + res.send().status(204); }); router.post("/reset", route({}), async (req: Request, res: Response) => { - let bot = await User.findOne({where: {id: req.params.id}}); - let owner = await User.findOne({where: {id: req.user_id}}); - if(!bot) return res.status(404); - if(owner?.totp_secret && (!req.body.code || verifyToken(owner.totp_secret, req.body.code))) { + let bot = await User.findOneOrFail({ where: { id: req.params.id } }); + let owner = await User.findOneOrFail({ where: { id: req.user_id } }); + + if (owner.id != req.user_id) + throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION; + + if (owner.totp_secret && (!req.body.code || verifyToken(owner.totp_secret, req.body.code))) throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008); - } + bot.data = { hash: undefined, valid_tokens_since: new Date() }; + await bot.save(); + let token = await generateToken(bot.id); - res.json({token}).status(200); + + res.json({ token }).status(200); }); -router.patch("/", route({}), async (req: Request, res: Response) => { - delete req.body.avatar; - let app = OrmUtils.mergeDeep(await User.findOne({where: {id: req.params.id}}), req.body); +router.patch("/", route({ body: "BotModifySchema" }), async (req: Request, res: Response) => { + const body = req.body as BotModifySchema; + if (!body.avatar?.trim()) delete body.avatar; + + const app = await Application.findOneOrFail({ where: { id: req.params.id }, relations: ["bot", "owner"] }); + + if (!app.bot) + throw DiscordApiErrors.BOT_ONLY_ENDPOINT; + + if (app.owner.id != req.user_id) + throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION; + + if (body.avatar) + body.avatar = await handleFile( + `/avatars/${app.id}`, + body.avatar as string, + ); + + app.bot.assign(body); + + app.bot.save(); + await app.save(); res.json(app).status(200); }); |