diff options
Diffstat (limited to 'src/api/routes/applications/#id/index.ts')
| -rw-r--r-- | src/api/routes/applications/#id/index.ts | 51 |
1 files changed, 39 insertions, 12 deletions
diff --git a/src/api/routes/applications/#id/index.ts b/src/api/routes/applications/#id/index.ts index 0aced582..79df256a 100644 --- a/src/api/routes/applications/#id/index.ts +++ b/src/api/routes/applications/#id/index.ts @@ -1,28 +1,55 @@ import { Request, Response, Router } from "express"; import { route } from "@fosscord/api"; -import { Application, OrmUtils, Team, trimSpecial, User } from "@fosscord/util"; +import { Application, OrmUtils, DiscordApiErrors, ApplicationModifySchema, User } from "@fosscord/util"; +import { verifyToken } from "node-2fa"; +import { HTTPError } from "lambert-server"; const router: Router = Router(); router.get("/", route({}), async (req: Request, res: Response) => { - let results = await Application.findOne({where: {id: req.params.id}, relations: ["owner", "bot"] }); - res.json(results).status(200); + const app = await Application.findOneOrFail({ where: { id: req.params.id }, relations: ["owner", "bot"] }); + if (app.owner.id != req.user_id) + throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION; + + return res.json(app); }); -router.patch("/", route({}), async (req: Request, res: Response) => { - delete req.body.icon; - let app = OrmUtils.mergeDeep(await Application.findOne({where: {id: req.params.id}, relations: ["owner", "bot"]}), req.body); - if(app.bot) { - app.bot.bio = req.body.description - app.bot?.save(); +router.patch("/", route({ body: "ApplicationModifySchema" }), async (req: Request, res: Response) => { + const body = req.body as ApplicationModifySchema; + + const app = await Application.findOneOrFail({ where: { id: req.params.id }, relations: ["owner", "bot"] }); + + if (app.owner.id != req.user_id) + throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION; + + if (app.owner.totp_secret && (!req.body.code || verifyToken(app.owner.totp_secret, req.body.code))) + throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008); + + if (app.bot) { + app.bot.assign({ bio: body.description }); + await app.bot.save(); } - if(req.body.tags) app.tags = req.body.tags; + + app.assign(body); + await app.save(); - res.json(app).status(200); + + return res.json(app); }); router.post("/delete", route({}), async (req: Request, res: Response) => { - await Application.delete(req.params.id); + const app = await Application.findOneOrFail({ where: { id: req.params.id }, relations: ["bot", "owner"] }); + if (app.owner.id != req.user_id) + throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION; + + if (app.owner.totp_secret && (!req.body.code || verifyToken(app.owner.totp_secret, req.body.code))) + throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008); + + if (app.bot) + await User.delete({ id: app.bot.id }); + + await Application.delete({ id: app.id }); + res.send().status(200); }); |