From bffeb4af0d34546747e5d1941da3544d2482f3e0 Mon Sep 17 00:00:00 2001
From: Flam3rboy <34555296+Flam3rboy@users.noreply.github.com>
Date: Sun, 12 Sep 2021 21:21:08 +0200
Subject: :construction: :sparkles: new body parser (bans route)

---
 api/src/util/route.ts | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 66 insertions(+)
 create mode 100644 api/src/util/route.ts

(limited to 'api/src/util/route.ts')

diff --git a/api/src/util/route.ts b/api/src/util/route.ts
new file mode 100644
index 00000000..0302f3ec
--- /dev/null
+++ b/api/src/util/route.ts
@@ -0,0 +1,66 @@
+import { DiscordApiErrors, Event, EventData, getPermission, PermissionResolvable, Permissions } from "@fosscord/util";
+import { NextFunction, Request, Response } from "express";
+import fs from "fs";
+import path from "path";
+import Ajv from "ajv";
+import { AnyValidateFunction } from "ajv/dist/core";
+import { FieldErrors } from "..";
+
+const SchemaPath = path.join(__dirname, "..", "..", "assets", "schemas.json");
+const schemas = JSON.parse(fs.readFileSync(SchemaPath, { encoding: "utf8" }));
+export const ajv = new Ajv({ allErrors: true, parseDate: true, allowDate: true, schemas, messages: true });
+
+declare global {
+	namespace Express {
+		interface Request {
+			permission?: Permissions;
+		}
+	}
+}
+
+export type RouteSchema = string; // typescript interface name
+export type RouteResponse = { status: number; body?: RouteSchema; headers?: Record<string, string> };
+
+export interface RouteOptions {
+	permission?: PermissionResolvable;
+	body?: RouteSchema;
+	response?: RouteResponse;
+	example?: {
+		body?: any;
+		path?: string;
+		event?: EventData;
+		headers?: Record<string, string>;
+	};
+}
+
+export function route(opts: RouteOptions) {
+	var validate: AnyValidateFunction<any>;
+	if (opts.body) {
+		// @ts-ignore
+		validate = ajv.getSchema(opts.body);
+		if (!validate) throw new Error(`Body schema ${opts.body} not found`);
+	}
+
+	return async (req: Request, res: Response, next: NextFunction) => {
+		if (opts.permission) {
+			const required = new Permissions(opts.permission);
+			const permission = await getPermission(req.user_id, req.params.guild_id, req.params.channel_id);
+			console.log(required.bitfield, permission.bitfield, permission.bitfield & required.bitfield);
+
+			// bitfield comparison: check if user lacks certain permission
+			if (!permission.has(required)) {
+				throw DiscordApiErrors.MISSING_PERMISSIONS.withParams(opts.permission as string);
+			}
+
+			if (validate) {
+				const valid = validate(req.body);
+				if (!valid) {
+					const fields: Record<string, { code?: string; message: string }> = {};
+					validate.errors?.forEach((x) => (fields[x.instancePath] = { code: x.keyword, message: x.message || "" }));
+					throw FieldErrors(fields);
+				}
+			}
+		}
+		next();
+	};
+}
-- 
cgit 1.4.1