summary refs log tree commit diff
path: root/src/api/routes/channels
diff options
context:
space:
mode:
Diffstat (limited to 'src/api/routes/channels')
-rw-r--r--src/api/routes/channels/#channel_id/followers.ts14
-rw-r--r--src/api/routes/channels/#channel_id/index.ts71
-rw-r--r--src/api/routes/channels/#channel_id/invites.ts58
-rw-r--r--src/api/routes/channels/#channel_id/messages/#message_id/ack.ts32
-rw-r--r--src/api/routes/channels/#channel_id/messages/#message_id/crosspost.ts28
-rw-r--r--src/api/routes/channels/#channel_id/messages/#message_id/index.ts199
-rw-r--r--src/api/routes/channels/#channel_id/messages/#message_id/reactions.ts189
-rw-r--r--src/api/routes/channels/#channel_id/messages/bulk-delete.ts42
-rw-r--r--src/api/routes/channels/#channel_id/messages/index.ts234
-rw-r--r--src/api/routes/channels/#channel_id/permissions.ts79
-rw-r--r--src/api/routes/channels/#channel_id/pins.ts80
-rw-r--r--src/api/routes/channels/#channel_id/purge.ts77
-rw-r--r--src/api/routes/channels/#channel_id/recipients.ts68
-rw-r--r--src/api/routes/channels/#channel_id/typing.ts29
-rw-r--r--src/api/routes/channels/#channel_id/webhooks.ts32
15 files changed, 1232 insertions, 0 deletions
diff --git a/src/api/routes/channels/#channel_id/followers.ts b/src/api/routes/channels/#channel_id/followers.ts
new file mode 100644
index 00000000..c06db61b
--- /dev/null
+++ b/src/api/routes/channels/#channel_id/followers.ts
@@ -0,0 +1,14 @@
+import { Router } from "express";
+const router: Router = Router();
+// TODO:
+
+export default router;
+
+/**
+ *
+ * @param {"webhook_channel_id":"754001514330062952"}
+ *
+ * Creates a WebHook in the channel and returns the id of it
+ *
+ * @returns {"channel_id": "816382962056560690", "webhook_id": "834910735095037962"}
+ */
diff --git a/src/api/routes/channels/#channel_id/index.ts b/src/api/routes/channels/#channel_id/index.ts
new file mode 100644
index 00000000..a65cf451
--- /dev/null
+++ b/src/api/routes/channels/#channel_id/index.ts
@@ -0,0 +1,71 @@
+import { route } from "@fosscord/api";
+import {
+	Channel,
+	ChannelDeleteEvent,
+	ChannelModifySchema,
+	ChannelType,
+	ChannelUpdateEvent,
+	emitEvent,
+	handleFile,
+	OrmUtils,
+	Recipient
+} from "@fosscord/util";
+import { Request, Response, Router } from "express";
+
+const router: Router = Router();
+// TODO: delete channel
+// TODO: Get channel
+
+router.get("/", route({ permission: "VIEW_CHANNEL" }), async (req: Request, res: Response) => {
+	const { channel_id } = req.params;
+
+	const channel = await Channel.findOneOrFail({ where: { id: channel_id } });
+
+	return res.send(channel);
+});
+
+router.delete("/", route({ permission: "MANAGE_CHANNELS" }), async (req: Request, res: Response) => {
+	const { channel_id } = req.params;
+
+	const channel = await Channel.findOneOrFail({ where: { id: channel_id }, relations: ["recipients"] });
+
+	if (channel.type === ChannelType.DM) {
+		const recipient = await Recipient.findOneOrFail({ where: { channel_id, user_id: req.user_id } });
+		recipient.closed = true;
+		await Promise.all([
+			recipient.save(),
+			emitEvent({ event: "CHANNEL_DELETE", data: channel, user_id: req.user_id } as ChannelDeleteEvent)
+		]);
+	} else if (channel.type === ChannelType.GROUP_DM) {
+		await Channel.removeRecipientFromChannel(channel, req.user_id);
+	} else {
+		await Promise.all([
+			Channel.delete({ id: channel_id }),
+			emitEvent({ event: "CHANNEL_DELETE", data: channel, channel_id } as ChannelDeleteEvent)
+		]);
+	}
+
+	res.send(channel);
+});
+
+router.patch("/", route({ body: "ChannelModifySchema", permission: "MANAGE_CHANNELS" }), async (req: Request, res: Response) => {
+	let payload = req.body as ChannelModifySchema;
+	const { channel_id } = req.params;
+	if (payload.icon) payload.icon = await handleFile(`/channel-icons/${channel_id}`, payload.icon);
+
+	let channel = await Channel.findOneOrFail({ where: { id: channel_id } });
+	channel = OrmUtils.mergeDeep(channel, payload);
+
+	await Promise.all([
+		channel.save(),
+		emitEvent({
+			event: "CHANNEL_UPDATE",
+			data: channel,
+			channel_id
+		} as ChannelUpdateEvent)
+	]);
+
+	res.send(channel);
+});
+
+export default router;
diff --git a/src/api/routes/channels/#channel_id/invites.ts b/src/api/routes/channels/#channel_id/invites.ts
new file mode 100644
index 00000000..3a1d2666
--- /dev/null
+++ b/src/api/routes/channels/#channel_id/invites.ts
@@ -0,0 +1,58 @@
+import { route } from "@fosscord/api";
+import { Channel, emitEvent, Guild, HTTPError, Invite, InviteCreateEvent, OrmUtils, PublicInviteRelation, User } from "@fosscord/util";
+import { Request, Response, Router } from "express";
+import { isTextChannel } from "./messages";
+
+const router: Router = Router();
+
+router.post(
+	"/",
+	route({ body: "InviteCreateSchema", permission: "CREATE_INSTANT_INVITE", right: "CREATE_INVITES" }),
+	async (req: Request, res: Response) => {
+		const { user_id } = req;
+		const { channel_id } = req.params;
+		const channel = await Channel.findOneOrFail({ where: { id: channel_id }, select: ["id", "name", "type", "guild_id"] });
+		isTextChannel(channel.type);
+
+		if (!channel.guild_id) {
+			throw new HTTPError("This channel doesn't exist", 404);
+		}
+		const { guild_id } = channel;
+
+		const expires_at = new Date(req.body.max_age * 1000 + Date.now());
+
+		const invite = await OrmUtils.mergeDeep(new Invite(), {
+			temporary: req.body.temporary || true,
+			max_uses: req.body.max_uses,
+			max_age: req.body.max_age,
+			expires_at,
+			guild_id,
+			channel_id,
+			inviter_id: user_id
+		}).save();
+		//TODO: check this, removed toJSON call
+		const data = JSON.parse(JSON.stringify(invite));
+		data.inviter = await User.getPublicUser(req.user_id);
+		data.guild = await Guild.findOne({ where: { id: guild_id } });
+		data.channel = channel;
+
+		await emitEvent({ event: "INVITE_CREATE", data, guild_id } as InviteCreateEvent);
+		res.status(201).send(data);
+	}
+);
+
+router.get("/", route({ permission: "MANAGE_CHANNELS" }), async (req: Request, res: Response) => {
+	const { channel_id } = req.params;
+	const channel = await Channel.findOneOrFail({ where: { id: channel_id } });
+
+	if (!channel.guild_id) {
+		throw new HTTPError("This channel doesn't exist", 404);
+	}
+	const { guild_id } = channel;
+
+	const invites = await Invite.find({ where: { guild_id }, relations: PublicInviteRelation });
+
+	res.status(200).send(invites);
+});
+
+export default router;
diff --git a/src/api/routes/channels/#channel_id/messages/#message_id/ack.ts b/src/api/routes/channels/#channel_id/messages/#message_id/ack.ts
new file mode 100644
index 00000000..5ebeed49
--- /dev/null
+++ b/src/api/routes/channels/#channel_id/messages/#message_id/ack.ts
@@ -0,0 +1,32 @@
+import { route } from "@fosscord/api";
+import { emitEvent, getPermission, MessageAckEvent, OrmUtils, ReadState } from "@fosscord/util";
+import { Request, Response, Router } from "express";
+
+const router = Router();
+
+router.post("/", route({ body: "MessageAcknowledgeSchema" }), async (req: Request, res: Response) => {
+	const { channel_id, message_id } = req.params;
+
+	const permission = await getPermission(req.user_id, undefined, channel_id);
+	permission.hasThrow("VIEW_CHANNEL");
+
+	let read_state = await ReadState.findOne({ where: { user_id: req.user_id, channel_id } });
+	if (!read_state) read_state = OrmUtils.mergeDeep(new ReadState(), { user_id: req.user_id, channel_id }) as ReadState;
+	read_state.last_message_id = message_id;
+
+	await read_state.save();
+
+	await emitEvent({
+		event: "MESSAGE_ACK",
+		user_id: req.user_id,
+		data: {
+			channel_id,
+			message_id,
+			version: 3763
+		}
+	} as MessageAckEvent);
+
+	res.sendStatus(204);
+});
+
+export default router;
diff --git a/src/api/routes/channels/#channel_id/messages/#message_id/crosspost.ts b/src/api/routes/channels/#channel_id/messages/#message_id/crosspost.ts
new file mode 100644
index 00000000..fbbc65f0
--- /dev/null
+++ b/src/api/routes/channels/#channel_id/messages/#message_id/crosspost.ts
@@ -0,0 +1,28 @@
+import { route } from "@fosscord/api";
+import { Request, Response, Router } from "express";
+
+const router = Router();
+
+router.post("/", route({ permission: "MANAGE_MESSAGES" }), (req: Request, res: Response) => {
+	// TODO:
+	res.json({
+		id: "",
+		type: 0,
+		content: "",
+		channel_id: "",
+		author: { id: "", username: "", avatar: "", discriminator: "", public_flags: 64 },
+		attachments: [],
+		embeds: [],
+		mentions: [],
+		mention_roles: [],
+		pinned: false,
+		mention_everyone: false,
+		tts: false,
+		timestamp: "",
+		edited_timestamp: null,
+		flags: 1,
+		components: []
+	}).status(200);
+});
+
+export default router;
diff --git a/src/api/routes/channels/#channel_id/messages/#message_id/index.ts b/src/api/routes/channels/#channel_id/messages/#message_id/index.ts
new file mode 100644
index 00000000..b082e083
--- /dev/null
+++ b/src/api/routes/channels/#channel_id/messages/#message_id/index.ts
@@ -0,0 +1,199 @@
+import { handleMessage, postHandleMessage, route } from "@fosscord/api";
+import {
+	Attachment,
+	Channel,
+	emitEvent,
+	FosscordApiErrors,
+	getPermission,
+	getRights,
+	HTTPError,
+	Message,
+	MessageCreateEvent,
+	MessageCreateSchema,
+	MessageDeleteEvent,
+	MessageUpdateEvent,
+	Snowflake,
+	uploadFile
+} from "@fosscord/util";
+import { Request, Response, Router } from "express";
+import multer from "multer";
+
+const router = Router();
+// TODO: message content/embed string length limit
+
+const messageUpload = multer({
+	limits: {
+		fileSize: 1024 * 1024 * 100,
+		fields: 10,
+		files: 1
+	},
+	storage: multer.memoryStorage()
+}); // max upload 50 mb
+
+router.patch(
+	"/",
+	route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES", right: "SEND_MESSAGES" }),
+	async (req: Request, res: Response) => {
+		const { message_id, channel_id } = req.params;
+		let body = req.body as MessageCreateSchema;
+
+		const message = await Message.findOneOrFail({ where: { id: message_id, channel_id }, relations: ["attachments"] });
+
+		const permissions = await getPermission(req.user_id, undefined, channel_id);
+
+		const rights = await getRights(req.user_id);
+
+		if (req.user_id !== message.author_id) {
+			if (!rights.has("MANAGE_MESSAGES")) {
+				permissions.hasThrow("MANAGE_MESSAGES");
+				body = { flags: body.flags };
+				// guild admins can only suppress embeds of other messages, no such restriction imposed to instance-wide admins
+			}
+		} else rights.hasThrow("SELF_EDIT_MESSAGES");
+
+		const new_message = await handleMessage({
+			...message,
+			// TODO: should message_reference be overridable?
+			// @ts-ignore
+			message_reference: message.message_reference,
+			...body,
+			author_id: message.author_id,
+			channel_id,
+			id: message_id,
+			edited_timestamp: new Date()
+		});
+
+		await Promise.all([
+			new_message!.save(),
+			await emitEvent({
+				event: "MESSAGE_UPDATE",
+				channel_id,
+				data: { ...new_message, nonce: undefined }
+			} as MessageUpdateEvent)
+		]);
+
+		postHandleMessage(message);
+
+		return res.json(message);
+	}
+);
+
+// Backfill message with specific timestamp
+router.put(
+	"/",
+	messageUpload.single("file"),
+	async (req, res, next) => {
+		if (req.body.payload_json) {
+			req.body = JSON.parse(req.body.payload_json);
+		}
+
+		next();
+	},
+	route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES", right: "SEND_BACKDATED_EVENTS" }),
+	async (req: Request, res: Response) => {
+		const { channel_id, message_id } = req.params;
+		let body = req.body as MessageCreateSchema;
+		const attachments: Attachment[] = [];
+
+		const rights = await getRights(req.user_id);
+		rights.hasThrow("SEND_MESSAGES");
+
+		// regex to check if message contains anything other than numerals ( also no decimals )
+		if (!message_id.match(/^\+?\d+$/)) {
+			throw new HTTPError("Message IDs must be positive integers", 400);
+		}
+
+		const snowflake = Snowflake.deconstruct(message_id);
+		if (Date.now() < snowflake.timestamp) {
+			// message is in the future
+			throw FosscordApiErrors.CANNOT_BACKFILL_TO_THE_FUTURE;
+		}
+
+		const exists = await Message.findOne({ where: { id: message_id, channel_id: channel_id } });
+		if (exists) {
+			throw FosscordApiErrors.CANNOT_REPLACE_BY_BACKFILL;
+		}
+
+		if (req.file) {
+			try {
+				const file: any = await uploadFile(`/attachments/${req.params.channel_id}`, req.file);
+				attachments.push({ ...file, proxy_url: file.url });
+			} catch (error) {
+				return res.status(400).json(error);
+			}
+		}
+		const channel = await Channel.findOneOrFail({ where: { id: channel_id }, relations: ["recipients", "recipients.user"] });
+
+		const embeds = body.embeds || [];
+		if (body.embed) embeds.push(body.embed);
+		let message = await handleMessage({
+			...body,
+			type: 0,
+			pinned: false,
+			author_id: req.user_id,
+			id: message_id,
+			embeds,
+			channel_id,
+			attachments,
+			edited_timestamp: undefined,
+			timestamp: new Date(snowflake.timestamp)
+		});
+
+		//Fix for the client bug
+		delete message.member;
+
+		await Promise.all([
+			message.save(),
+			emitEvent({ event: "MESSAGE_CREATE", channel_id: channel_id, data: message } as MessageCreateEvent),
+			channel.save()
+		]);
+
+		postHandleMessage(message).catch((e) => {}); // no await as it shouldnt block the message send function and silently catch error
+
+		return res.json(message);
+	}
+);
+
+router.get("/", route({ permission: "VIEW_CHANNEL" }), async (req: Request, res: Response) => {
+	const { message_id, channel_id } = req.params;
+
+	const message = await Message.findOneOrFail({ where: { id: message_id, channel_id }, relations: ["attachments"] });
+
+	const permissions = await getPermission(req.user_id, undefined, channel_id);
+
+	if (message.author_id !== req.user_id) permissions.hasThrow("READ_MESSAGE_HISTORY");
+
+	return res.json(message);
+});
+
+router.delete("/", route({}), async (req: Request, res: Response) => {
+	const { message_id, channel_id } = req.params;
+
+	const channel = await Channel.findOneOrFail({ where: { id: channel_id } });
+	const message = await Message.findOneOrFail({ where: { id: message_id } });
+
+	const rights = await getRights(req.user_id);
+
+	if (message.author_id !== req.user_id) {
+		if (!rights.has("MANAGE_MESSAGES")) {
+			const permission = await getPermission(req.user_id, channel.guild_id, channel_id);
+			permission.hasThrow("MANAGE_MESSAGES");
+		}
+	} else rights.hasThrow("SELF_DELETE_MESSAGES");
+
+	await Message.delete({ id: message_id });
+
+	await emitEvent({
+		event: "MESSAGE_DELETE",
+		channel_id,
+		data: {
+			id: message_id,
+			channel_id,
+			guild_id: channel.guild_id
+		}
+	} as MessageDeleteEvent);
+
+	res.sendStatus(204);
+});
+
+export default router;
diff --git a/src/api/routes/channels/#channel_id/messages/#message_id/reactions.ts b/src/api/routes/channels/#channel_id/messages/#message_id/reactions.ts
new file mode 100644
index 00000000..44de5c45
--- /dev/null
+++ b/src/api/routes/channels/#channel_id/messages/#message_id/reactions.ts
@@ -0,0 +1,189 @@
+import { route } from "@fosscord/api";
+import {
+	Channel,
+	emitEvent,
+	Emoji,
+	getPermission,
+	HTTPError,
+	Member,
+	Message,
+	MessageReactionAddEvent,
+	MessageReactionRemoveAllEvent,
+	MessageReactionRemoveEmojiEvent,
+	MessageReactionRemoveEvent,
+	PartialEmoji,
+	PublicUserProjection,
+	User
+} from "@fosscord/util";
+import { Request, Response, Router } from "express";
+import { In } from "typeorm";
+
+const router = Router();
+// TODO: check if emoji is really an unicode emoji or a prperly encoded external emoji
+
+function getEmoji(emoji: string): PartialEmoji {
+	emoji = decodeURIComponent(emoji);
+	const parts = emoji.includes(":") && emoji.split(":");
+	if (parts)
+		return {
+			name: parts[0],
+			id: parts[1]
+		};
+
+	return {
+		id: undefined,
+		name: emoji
+	};
+}
+
+router.delete("/", route({ permission: "MANAGE_MESSAGES" }), async (req: Request, res: Response) => {
+	const { message_id, channel_id } = req.params;
+
+	const channel = await Channel.findOneOrFail({ where: { id: channel_id } });
+
+	await Message.update({ id: message_id, channel_id }, { reactions: [] });
+
+	await emitEvent({
+		event: "MESSAGE_REACTION_REMOVE_ALL",
+		channel_id,
+		data: {
+			channel_id,
+			message_id,
+			guild_id: channel.guild_id
+		}
+	} as MessageReactionRemoveAllEvent);
+
+	res.sendStatus(204);
+});
+
+router.delete("/:emoji", route({ permission: "MANAGE_MESSAGES" }), async (req: Request, res: Response) => {
+	const { message_id, channel_id } = req.params;
+	const emoji = getEmoji(req.params.emoji);
+
+	const message = await Message.findOneOrFail({ where: { id: message_id, channel_id } });
+
+	const already_added = message.reactions.find((x) => (x.emoji.id === emoji.id && emoji.id) || x.emoji.name === emoji.name);
+	if (!already_added) throw new HTTPError("Reaction not found", 404);
+	message.reactions.remove(already_added);
+
+	await Promise.all([
+		message.save(),
+		emitEvent({
+			event: "MESSAGE_REACTION_REMOVE_EMOJI",
+			channel_id,
+			data: {
+				channel_id,
+				message_id,
+				guild_id: message.guild_id,
+				emoji
+			}
+		} as MessageReactionRemoveEmojiEvent)
+	]);
+
+	res.sendStatus(204);
+});
+
+router.get("/:emoji", route({ permission: "VIEW_CHANNEL" }), async (req: Request, res: Response) => {
+	const { message_id, channel_id } = req.params;
+	const emoji = getEmoji(req.params.emoji);
+
+	const message = await Message.findOneOrFail({ where: { id: message_id, channel_id } });
+	const reaction = message.reactions.find((x) => (x.emoji.id === emoji.id && emoji.id) || x.emoji.name === emoji.name);
+	if (!reaction) throw new HTTPError("Reaction not found", 404);
+
+	const users = await User.find({
+		where: {
+			id: In(reaction.user_ids)
+		},
+		select: PublicUserProjection
+	});
+
+	res.json(users);
+});
+
+router.put(
+	"/:emoji/:user_id",
+	route({ permission: "READ_MESSAGE_HISTORY", right: "SELF_ADD_REACTIONS" }),
+	async (req: Request, res: Response) => {
+		const { message_id, channel_id, user_id } = req.params;
+		if (user_id !== "@me") throw new HTTPError("Invalid user");
+		const emoji = getEmoji(req.params.emoji);
+
+		const channel = await Channel.findOneOrFail({ where: { id: channel_id } });
+		const message = await Message.findOneOrFail({ where: { id: message_id, channel_id } });
+		const already_added = message.reactions.find((x) => (x.emoji.id === emoji.id && emoji.id) || x.emoji.name === emoji.name);
+
+		if (!already_added) req.permission!.hasThrow("ADD_REACTIONS");
+
+		if (emoji.id) {
+			const external_emoji = await Emoji.findOneOrFail({ where: { id: emoji.id } });
+			if (!already_added) req.permission!.hasThrow("USE_EXTERNAL_EMOJIS");
+			emoji.animated = external_emoji.animated;
+			emoji.name = external_emoji.name;
+		}
+
+		if (already_added) {
+			if (already_added.user_ids.includes(req.user_id)) return res.sendStatus(204); // Do not throw an error ¯\_(ツ)_/¯ as discord also doesn't throw any error
+			already_added.count++;
+		} else message.reactions.push({ count: 1, emoji, user_ids: [req.user_id] });
+
+		await message.save();
+
+		const member = channel.guild_id && (await Member.findOneOrFail({ where: { id: req.user_id } }));
+
+		await emitEvent({
+			event: "MESSAGE_REACTION_ADD",
+			channel_id,
+			data: {
+				user_id: req.user_id,
+				channel_id,
+				message_id,
+				guild_id: channel.guild_id,
+				emoji,
+				member
+			}
+		} as MessageReactionAddEvent);
+
+		res.sendStatus(204);
+	}
+);
+
+router.delete("/:emoji/:user_id", route({}), async (req: Request, res: Response) => {
+	let { message_id, channel_id, user_id } = req.params;
+
+	const emoji = getEmoji(req.params.emoji);
+
+	const channel = await Channel.findOneOrFail({ where: { id: channel_id } });
+	const message = await Message.findOneOrFail({ where: { id: message_id, channel_id } });
+
+	if (user_id === "@me") user_id = req.user_id;
+	else {
+		const permissions = await getPermission(req.user_id, undefined, channel_id);
+		permissions.hasThrow("MANAGE_MESSAGES");
+	}
+
+	const already_added = message.reactions.find((x) => (x.emoji.id === emoji.id && emoji.id) || x.emoji.name === emoji.name);
+	if (!already_added || !already_added.user_ids.includes(user_id)) throw new HTTPError("Reaction not found", 404);
+
+	already_added.count--;
+
+	if (already_added.count <= 0) message.reactions.remove(already_added);
+
+	await message.save();
+
+	await emitEvent({
+		event: "MESSAGE_REACTION_REMOVE",
+		channel_id,
+		data: {
+			user_id: req.user_id,
+			channel_id,
+			message_id,
+			guild_id: channel.guild_id,
+			emoji
+		}
+	} as MessageReactionRemoveEvent);
+
+	res.sendStatus(204);
+});
+
+export default router;
diff --git a/src/api/routes/channels/#channel_id/messages/bulk-delete.ts b/src/api/routes/channels/#channel_id/messages/bulk-delete.ts
new file mode 100644
index 00000000..561a40c0
--- /dev/null
+++ b/src/api/routes/channels/#channel_id/messages/bulk-delete.ts
@@ -0,0 +1,42 @@
+import { route } from "@fosscord/api";
+import { Channel, Config, emitEvent, getPermission, getRights, HTTPError, Message, MessageDeleteBulkEvent } from "@fosscord/util";
+import { Request, Response, Router } from "express";
+import { In } from "typeorm";
+
+const router: Router = Router();
+
+export default router;
+
+// should users be able to bulk delete messages or only bots? ANSWER: all users
+// should this request fail, if you provide messages older than 14 days/invalid ids? ANSWER: NO
+// https://discord.com/developers/docs/resources/channel#bulk-delete-messages
+router.post("/", route({ body: "BulkDeleteSchema" }), async (req: Request, res: Response) => {
+	const { channel_id } = req.params;
+	const channel = await Channel.findOneOrFail({ where: { id: channel_id } });
+	if (!channel.guild_id) throw new HTTPError("Can't bulk delete dm channel messages", 400);
+
+	const rights = await getRights(req.user_id);
+	rights.hasThrow("SELF_DELETE_MESSAGES");
+
+	let superuser = rights.has("MANAGE_MESSAGES");
+	const permission = await getPermission(req.user_id, channel?.guild_id, channel_id);
+
+	const { maxBulkDelete } = Config.get().limits.message;
+
+	const { messages } = req.body as { messages: string[] };
+	if (messages.length === 0) throw new HTTPError("You must specify messages to bulk delete");
+	if (!superuser) {
+		permission.hasThrow("MANAGE_MESSAGES");
+		if (messages.length > maxBulkDelete) throw new HTTPError(`You cannot delete more than ${maxBulkDelete} messages`);
+	}
+
+	await Message.delete({ id: In(messages) });
+
+	await emitEvent({
+		event: "MESSAGE_DELETE_BULK",
+		channel_id,
+		data: { ids: messages, channel_id, guild_id: channel.guild_id }
+	} as MessageDeleteBulkEvent);
+
+	res.sendStatus(204);
+});
diff --git a/src/api/routes/channels/#channel_id/messages/index.ts b/src/api/routes/channels/#channel_id/messages/index.ts
new file mode 100644
index 00000000..5fdcb6f9
--- /dev/null
+++ b/src/api/routes/channels/#channel_id/messages/index.ts
@@ -0,0 +1,234 @@
+import { handleMessage, postHandleMessage, route } from "@fosscord/api";
+import {
+	Attachment,
+	Channel,
+	ChannelType,
+	Config,
+	DmChannelDTO,
+	emitEvent,
+	getPermission,
+	HTTPError,
+	Member,
+	Message,
+	MessageCreateEvent,
+	MessageCreateSchema,
+	Snowflake,
+	uploadFile
+} from "@fosscord/util";
+import { Request, Response, Router } from "express";
+import multer from "multer";
+import { FindManyOptions, LessThan, MoreThan } from "typeorm";
+import { URL } from "url";
+
+const router: Router = Router();
+
+export default router;
+
+export function isTextChannel(type: ChannelType): boolean {
+	switch (type) {
+		case ChannelType.GUILD_STORE:
+		case ChannelType.GUILD_VOICE:
+		case ChannelType.GUILD_STAGE_VOICE:
+		case ChannelType.GUILD_CATEGORY:
+		case ChannelType.GUILD_FORUM:
+		case ChannelType.DIRECTORY:
+			throw new HTTPError("not a text channel", 400);
+		case ChannelType.DM:
+		case ChannelType.GROUP_DM:
+		case ChannelType.GUILD_NEWS:
+		case ChannelType.GUILD_NEWS_THREAD:
+		case ChannelType.GUILD_PUBLIC_THREAD:
+		case ChannelType.GUILD_PRIVATE_THREAD:
+		case ChannelType.GUILD_TEXT:
+		case ChannelType.ENCRYPTED:
+		case ChannelType.ENCRYPTED_THREAD:
+			return true;
+		default:
+			throw new HTTPError("unimplemented", 400);
+	}
+}
+
+// https://discord.com/developers/docs/resources/channel#create-message
+// get messages
+router.get("/", async (req: Request, res: Response) => {
+	const channel_id = req.params.channel_id;
+	const channel = await Channel.findOneOrFail({ where: { id: channel_id } });
+	if (!channel) throw new HTTPError("Channel not found", 404);
+
+	isTextChannel(channel.type);
+	const around = req.query.around ? `${req.query.around}` : undefined;
+	const before = req.query.before ? `${req.query.before}` : undefined;
+	const after = req.query.after ? `${req.query.after}` : undefined;
+	const limit = Number(req.query.limit) || 50;
+	if (limit < 1 || limit > 100) throw new HTTPError("limit must be between 1 and 100", 422);
+
+	let halfLimit = Math.floor(limit / 2);
+
+	const permissions = await getPermission(req.user_id, channel.guild_id, channel_id);
+	permissions.hasThrow("VIEW_CHANNEL");
+	if (!permissions.has("READ_MESSAGE_HISTORY")) return res.json([]);
+
+	let query: FindManyOptions<Message> & { where: { id?: any } } = {
+		order: { id: "DESC" },
+		take: limit,
+		where: { channel_id },
+		relations: ["author", "webhook", "application", "mentions", "mention_roles", "mention_channels", "sticker_items", "attachments"]
+	};
+
+	if (after) {
+		if (after > new Snowflake()) return res.status(422);
+		query.where.id = MoreThan(after);
+	} else if (before) {
+		if (before < req.params.channel_id) return res.status(422);
+		query.where.id = LessThan(before);
+	} else if (around) {
+		query.where.id = [
+			MoreThan((BigInt(around) - BigInt(halfLimit)).toString()),
+			LessThan((BigInt(around) + BigInt(halfLimit)).toString())
+		];
+	}
+
+	const messages = await Message.find(query);
+	const endpoint = Config.get().cdn.endpointPublic;
+
+	return res.json(
+		messages.map((x: any) => {
+			(x.reactions || []).forEach((x: any) => {
+				// @ts-ignore
+				if ((x.user_ids || []).includes(req.user_id)) x.me = true;
+				// @ts-ignore
+				delete x.user_ids;
+			});
+			// @ts-ignore
+			if (!x.author) x.author = { id: "4", discriminator: "0000", username: "Fosscord Ghost", public_flags: "0", avatar: null };
+			x.attachments?.forEach((y: any) => {
+				// dynamically set attachment proxy_url in case the endpoint changed
+				const uri = y.proxy_url.startsWith("http") ? y.proxy_url : `https://example.org${y.proxy_url}`;
+				y.proxy_url = `${endpoint == null ? "" : endpoint}${new URL(uri).pathname}`;
+			});
+
+			/**
+			Some clients ( discord.js ) only check if a property exists within the response,
+			which causes erorrs when, say, the `application` property is `null`.
+			**/
+
+			for (let curr in x) {
+				if (x[curr] === null) delete x[curr];
+			}
+
+			return x;
+		})
+	);
+});
+
+// TODO: config max upload size
+const messageUpload = multer({
+	limits: {
+		fileSize: 1024 * 1024 * 100,
+		fields: 10
+		// files: 1
+	},
+	storage: multer.memoryStorage()
+}); // max upload 50 mb
+/**
+ TODO: dynamically change limit of MessageCreateSchema with config
+
+ https://discord.com/developers/docs/resources/channel#create-message
+ TODO: text channel slowdown (per-user and across-users)
+ Q: trim and replace message content and every embed field A: NO, given this cannot be implemented in E2EE channels
+ TODO: only dispatch notifications for mentions denoted in allowed_mentions
+**/
+// Send message
+router.post(
+	"/",
+	messageUpload.any(),
+	async (req, res, next) => {
+		if (req.body.payload_json) {
+			req.body = JSON.parse(req.body.payload_json);
+		}
+
+		next();
+	},
+	route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES", right: "SEND_MESSAGES" }),
+	async (req: Request, res: Response) => {
+		const { channel_id } = req.params;
+		let body = req.body as MessageCreateSchema;
+		const attachments: Attachment[] = [];
+
+		const channel = await Channel.findOneOrFail({ where: { id: channel_id }, relations: ["recipients", "recipients.user"] });
+		if (!channel.isWritable()) {
+			throw new HTTPError(`Cannot send messages to channel of type ${channel.type}`, 400);
+		}
+
+		const files = (req.files as Express.Multer.File[]) ?? [];
+		for (let currFile of files) {
+			try {
+				const file: any = await uploadFile(`/attachments/${channel.id}`, currFile);
+				attachments.push({ ...file, proxy_url: file.url });
+			} catch (error) {
+				return res.status(400).json(error);
+			}
+		}
+
+		const embeds = body.embeds || [];
+		if (body.embed) embeds.push(body.embed);
+		let message = await handleMessage({
+			...body,
+			type: 0,
+			pinned: false,
+			author_id: req.user_id,
+			embeds,
+			channel_id,
+			attachments,
+			edited_timestamp: undefined,
+			timestamp: new Date()
+		});
+
+		channel.last_message_id = message.id;
+
+		if (channel.isDm()) {
+			const channel_dto = await DmChannelDTO.from(channel);
+
+			// Only one recipients should be closed here, since in group DMs the recipient is deleted not closed
+			Promise.all(
+				channel.recipients!.map((recipient) => {
+					if (recipient.closed) {
+						recipient.closed = false;
+						return Promise.all([
+							recipient.save(),
+							emitEvent({
+								event: "CHANNEL_CREATE",
+								data: channel_dto.excludedRecipients([recipient.user_id]),
+								user_id: recipient.user_id
+							})
+						]);
+					}
+				})
+			);
+		}
+
+		//Defining member fields
+		var member = await Member.findOneOrFail({ where: { id: req.user_id }, relations: ["roles"] });
+		// TODO: This doesn't work either
+		// member.roles = member.roles.filter((role) => {
+		// 	return role.id !== role.guild_id;
+		// }).map((role) => {
+		// 	return role.id;
+		// });
+		message.member = member;
+		// TODO: Figure this out
+		// delete message.member.last_message_id;
+		// delete message.member.index;
+
+		await Promise.all([
+			message.save(),
+			emitEvent({ event: "MESSAGE_CREATE", channel_id: channel_id, data: message } as MessageCreateEvent),
+			message.guild_id ? Member.update({ id: req.user_id, guild_id: message.guild_id }, { last_message_id: message.id }) : null,
+			channel.save()
+		]);
+
+		postHandleMessage(message).catch((e) => {}); // no await as it shouldnt block the message send function and silently catch error
+
+		return res.json(message);
+	}
+);
diff --git a/src/api/routes/channels/#channel_id/permissions.ts b/src/api/routes/channels/#channel_id/permissions.ts
new file mode 100644
index 00000000..bd462ea6
--- /dev/null
+++ b/src/api/routes/channels/#channel_id/permissions.ts
@@ -0,0 +1,79 @@
+import { route } from "@fosscord/api";
+import {
+	Channel,
+	ChannelPermissionOverwrite,
+	ChannelPermissionOverwriteSchema,
+	ChannelUpdateEvent,
+	emitEvent,
+	HTTPError,
+	Member,
+	Role
+} from "@fosscord/util";
+import { Request, Response, Router } from "express";
+
+const router: Router = Router();
+
+router.put(
+	"/:overwrite_id",
+	route({ body: "ChannelPermissionOverwriteSchema", permission: "MANAGE_ROLES" }),
+	async (req: Request, res: Response) => {
+		const { channel_id, overwrite_id } = req.params;
+		const body = req.body as ChannelPermissionOverwriteSchema;
+
+		let channel = await Channel.findOneOrFail({ where: { id: channel_id } });
+		if (!channel.guild_id) throw new HTTPError("Channel not found", 404);
+
+		if (body.type === 0) {
+			if (!(await Role.count({ where: { id: overwrite_id } }))) throw new HTTPError("role not found", 404);
+		} else if (body.type === 1) {
+			if (!(await Member.count({ where: { id: overwrite_id } }))) throw new HTTPError("user not found", 404);
+		} else throw new HTTPError("type not supported", 501);
+
+		// @ts-ignore
+		let overwrite: ChannelPermissionOverwrite = channel.permission_overwrites.find((x) => x.id === overwrite_id);
+		if (!overwrite) {
+			// @ts-ignore
+			overwrite = {
+				id: overwrite_id,
+				type: body.type
+			};
+			channel.permission_overwrites!.push(overwrite);
+		}
+		overwrite.allow = String(req.permission!.bitfield & (BigInt(body.allow) || BigInt("0")));
+		overwrite.deny = String(req.permission!.bitfield & (BigInt(body.deny) || BigInt("0")));
+
+		await Promise.all([
+			channel.save(),
+			emitEvent({
+				event: "CHANNEL_UPDATE",
+				channel_id,
+				data: channel
+			} as ChannelUpdateEvent)
+		]);
+
+		return res.sendStatus(204);
+	}
+);
+
+// TODO: check permission hierarchy
+router.delete("/:overwrite_id", route({ permission: "MANAGE_ROLES" }), async (req: Request, res: Response) => {
+	const { channel_id, overwrite_id } = req.params;
+
+	const channel = await Channel.findOneOrFail({ where: { id: channel_id } });
+	if (!channel.guild_id) throw new HTTPError("Channel not found", 404);
+
+	channel.permission_overwrites = channel.permission_overwrites!.filter((x) => x.id === overwrite_id);
+
+	await Promise.all([
+		channel.save(),
+		emitEvent({
+			event: "CHANNEL_UPDATE",
+			channel_id,
+			data: channel
+		} as ChannelUpdateEvent)
+	]);
+
+	return res.sendStatus(204);
+});
+
+export default router;
diff --git a/src/api/routes/channels/#channel_id/pins.ts b/src/api/routes/channels/#channel_id/pins.ts
new file mode 100644
index 00000000..5c28feac
--- /dev/null
+++ b/src/api/routes/channels/#channel_id/pins.ts
@@ -0,0 +1,80 @@
+import { route } from "@fosscord/api";
+import { Channel, ChannelPinsUpdateEvent, Config, DiscordApiErrors, emitEvent, Message, MessageUpdateEvent } from "@fosscord/util";
+import { Request, Response, Router } from "express";
+
+const router: Router = Router();
+
+router.put("/:message_id", route({ permission: "VIEW_CHANNEL" }), async (req: Request, res: Response) => {
+	const { channel_id, message_id } = req.params;
+
+	const message = await Message.findOneOrFail({ where: { id: message_id } });
+
+	// * in dm channels anyone can pin messages -> only check for guilds
+	if (message.guild_id) req.permission!.hasThrow("MANAGE_MESSAGES");
+
+	const pinned_count = await Message.count({ where: { channel: { id: channel_id }, pinned: true } });
+	const { maxPins } = Config.get().limits.channel;
+	if (pinned_count >= maxPins) throw DiscordApiErrors.MAXIMUM_PINS.withParams(maxPins);
+
+	await Promise.all([
+		Message.update({ id: message_id }, { pinned: true }),
+		emitEvent({
+			event: "MESSAGE_UPDATE",
+			channel_id,
+			data: message
+		} as MessageUpdateEvent),
+		emitEvent({
+			event: "CHANNEL_PINS_UPDATE",
+			channel_id,
+			data: {
+				channel_id,
+				guild_id: message.guild_id,
+				last_pin_timestamp: undefined
+			}
+		} as ChannelPinsUpdateEvent)
+	]);
+
+	res.sendStatus(204);
+});
+
+router.delete("/:message_id", route({ permission: "VIEW_CHANNEL" }), async (req: Request, res: Response) => {
+	const { channel_id, message_id } = req.params;
+
+	const channel = await Channel.findOneOrFail({ where: { id: channel_id } });
+	if (channel.guild_id) req.permission!.hasThrow("MANAGE_MESSAGES");
+
+	const message = await Message.findOneOrFail({ where: { id: message_id } });
+	message.pinned = false;
+
+	await Promise.all([
+		message.save(),
+
+		emitEvent({
+			event: "MESSAGE_UPDATE",
+			channel_id,
+			data: message
+		} as MessageUpdateEvent),
+
+		emitEvent({
+			event: "CHANNEL_PINS_UPDATE",
+			channel_id,
+			data: {
+				channel_id,
+				guild_id: channel.guild_id,
+				last_pin_timestamp: undefined
+			}
+		} as ChannelPinsUpdateEvent)
+	]);
+
+	res.sendStatus(204);
+});
+
+router.get("/", route({ permission: ["READ_MESSAGE_HISTORY"] }), async (req: Request, res: Response) => {
+	const { channel_id } = req.params;
+
+	let pins = await Message.find({ where: { channel_id, pinned: true } });
+
+	res.send(pins);
+});
+
+export default router;
diff --git a/src/api/routes/channels/#channel_id/purge.ts b/src/api/routes/channels/#channel_id/purge.ts
new file mode 100644
index 00000000..aebdb832
--- /dev/null
+++ b/src/api/routes/channels/#channel_id/purge.ts
@@ -0,0 +1,77 @@
+import { route } from "@fosscord/api";
+import {
+	Channel,
+	Config,
+	emitEvent,
+	getPermission,
+	getRights,
+	HTTPError,
+	Message,
+	MessageDeleteBulkEvent,
+	PurgeSchema
+} from "@fosscord/util";
+import { Request, Response, Router } from "express";
+import { Between, FindManyOptions, In, Not } from "typeorm";
+import { isTextChannel } from "./messages";
+
+const router: Router = Router();
+
+export default router;
+
+/**
+TODO: apply the delete bit by bit to prevent client and database stress
+**/
+router.post(
+	"/",
+	route({
+		/*body: "PurgeSchema",*/
+	}),
+	async (req: Request, res: Response) => {
+		const { channel_id } = req.params;
+		const channel = await Channel.findOneOrFail({ where: { id: channel_id } });
+
+		if (!channel.guild_id) throw new HTTPError("Can't purge dm channels", 400);
+		isTextChannel(channel.type);
+
+		const rights = await getRights(req.user_id);
+		if (!rights.has("MANAGE_MESSAGES")) {
+			const permissions = await getPermission(req.user_id, channel.guild_id, channel_id);
+			permissions.hasThrow("MANAGE_MESSAGES");
+			permissions.hasThrow("MANAGE_CHANNELS");
+		}
+
+		const { before, after } = req.body as PurgeSchema;
+
+		// TODO: send the deletion event bite-by-bite to prevent client stress
+
+		let query: FindManyOptions<Message> & { where: { id?: any } } = {
+			order: { id: "ASC" },
+			// take: limit,
+			where: {
+				channel_id,
+				id: Between(after, before), // the right way around
+				author_id: rights.has("SELF_DELETE_MESSAGES") ? undefined : Not(req.user_id)
+				// if you lack the right of self-deletion, you can't delete your own messages, even in purges
+			},
+			relations: ["author", "webhook", "application", "mentions", "mention_roles", "mention_channels", "sticker_items", "attachments"]
+		};
+
+		const messages = await Message.find(query);
+		const endpoint = Config.get().cdn.endpointPublic;
+
+		if (messages.length == 0) {
+			res.sendStatus(304);
+			return;
+		}
+
+		await Message.delete({ id: In(messages) });
+
+		await emitEvent({
+			event: "MESSAGE_DELETE_BULK",
+			channel_id,
+			data: { ids: messages.map((x) => x.id), channel_id, guild_id: channel.guild_id }
+		} as MessageDeleteBulkEvent);
+
+		res.sendStatus(204);
+	}
+);
diff --git a/src/api/routes/channels/#channel_id/recipients.ts b/src/api/routes/channels/#channel_id/recipients.ts
new file mode 100644
index 00000000..276a0eda
--- /dev/null
+++ b/src/api/routes/channels/#channel_id/recipients.ts
@@ -0,0 +1,68 @@
+import { route } from "@fosscord/api";
+import {
+	Channel,
+	ChannelRecipientAddEvent,
+	ChannelType,
+	DiscordApiErrors,
+	DmChannelDTO,
+	emitEvent,
+	OrmUtils,
+	PublicUserProjection,
+	Recipient,
+	User
+} from "@fosscord/util";
+import { Request, Response, Router } from "express";
+
+const router: Router = Router();
+
+router.put("/:user_id", route({}), async (req: Request, res: Response) => {
+	const { channel_id, user_id } = req.params;
+	const channel = await Channel.findOneOrFail({ where: { id: channel_id }, relations: ["recipients"] });
+
+	if (channel.type !== ChannelType.GROUP_DM) {
+		const recipients = [...channel.recipients!.map((r) => r.user_id), user_id].unique();
+
+		const new_channel = await Channel.createDMChannel(recipients, req.user_id);
+		return res.status(201).json(new_channel);
+	} else {
+		if (channel.recipients!.map((r) => r.user_id).includes(user_id)) {
+			throw DiscordApiErrors.INVALID_RECIPIENT; //TODO is this the right error?
+		}
+
+		channel.recipients!.push(OrmUtils.mergeDeep(new Recipient(), { channel_id, user_id: user_id }));
+		await channel.save();
+
+		await emitEvent({
+			event: "CHANNEL_CREATE",
+			data: await DmChannelDTO.from(channel, [user_id]),
+			user_id: user_id
+		});
+
+		await emitEvent({
+			event: "CHANNEL_RECIPIENT_ADD",
+			data: {
+				channel_id: channel_id,
+				user: await User.findOneOrFail({ where: { id: user_id }, select: PublicUserProjection })
+			},
+			channel_id: channel_id
+		} as ChannelRecipientAddEvent);
+		return res.sendStatus(204);
+	}
+});
+
+router.delete("/:user_id", route({}), async (req: Request, res: Response) => {
+	const { channel_id, user_id } = req.params;
+	const channel = await Channel.findOneOrFail({ where: { id: channel_id }, relations: ["recipients"] });
+	if (!(channel.type === ChannelType.GROUP_DM && (channel.owner_id === req.user_id || user_id === req.user_id)))
+		throw DiscordApiErrors.MISSING_PERMISSIONS;
+
+	if (!channel.recipients!.map((r) => r.user_id).includes(user_id)) {
+		throw DiscordApiErrors.INVALID_RECIPIENT; //TODO is this the right error?
+	}
+
+	await Channel.removeRecipientFromChannel(channel, user_id);
+
+	return res.sendStatus(204);
+});
+
+export default router;
diff --git a/src/api/routes/channels/#channel_id/typing.ts b/src/api/routes/channels/#channel_id/typing.ts
new file mode 100644
index 00000000..26d0fcfa
--- /dev/null
+++ b/src/api/routes/channels/#channel_id/typing.ts
@@ -0,0 +1,29 @@
+import { route } from "@fosscord/api";
+import { Channel, emitEvent, Member, TypingStartEvent } from "@fosscord/util";
+import { Request, Response, Router } from "express";
+
+const router: Router = Router();
+
+router.post("/", route({ permission: "SEND_MESSAGES" }), async (req: Request, res: Response) => {
+	const { channel_id } = req.params;
+	const user_id = req.user_id;
+	const timestamp = Date.now();
+	const channel = await Channel.findOneOrFail({ where: { id: channel_id } });
+	const member = await Member.findOne({ where: { id: user_id, guild_id: channel.guild_id }, relations: ["roles", "user"] });
+
+	await emitEvent({
+		event: "TYPING_START",
+		channel_id: channel_id,
+		data: {
+			...(member ? { member: { ...member, roles: member?.roles?.map((x) => x.id) } } : null),
+			channel_id,
+			timestamp,
+			user_id,
+			guild_id: channel.guild_id
+		}
+	} as TypingStartEvent);
+
+	res.sendStatus(204);
+});
+
+export default router;
diff --git a/src/api/routes/channels/#channel_id/webhooks.ts b/src/api/routes/channels/#channel_id/webhooks.ts
new file mode 100644
index 00000000..38dcb869
--- /dev/null
+++ b/src/api/routes/channels/#channel_id/webhooks.ts
@@ -0,0 +1,32 @@
+import { route } from "@fosscord/api";
+import { Channel, Config, DiscordApiErrors, HTTPError, trimSpecial, Webhook } from "@fosscord/util";
+import { Request, Response, Router } from "express";
+import { isTextChannel } from "./messages/index";
+
+const router: Router = Router();
+//TODO: implement webhooks
+router.get("/", route({}), async (req: Request, res: Response) => {
+	res.json([]);
+});
+
+// TODO: use Image Data Type for avatar instead of String
+router.post("/", route({ body: "WebhookCreateSchema", permission: "MANAGE_WEBHOOKS" }), async (req: Request, res: Response) => {
+	const channel_id = req.params.channel_id;
+	const channel = await Channel.findOneOrFail({ where: { id: channel_id } });
+
+	isTextChannel(channel.type);
+	if (!channel.guild_id) throw new HTTPError("Not a guild channel", 400);
+
+	const webhook_count = await Webhook.count({ where: { channel_id } });
+	const { maxWebhooks } = Config.get().limits.channel;
+	if (webhook_count > maxWebhooks) throw DiscordApiErrors.MAXIMUM_WEBHOOKS.withParams(maxWebhooks);
+
+	let { avatar, name } = req.body as { name: string; avatar?: string };
+	name = trimSpecial(name);
+	if (name === "clyde") throw new HTTPError("Invalid name", 400);
+
+	// TODO: save webhook in database and send response
+	res.json(new Webhook());
+});
+
+export default router;