From 40f08ed76c35daea8a1e743d2076e27ea4d7e40f Mon Sep 17 00:00:00 2001 From: Madeline <46743919+MaddyUnderStars@users.noreply.github.com> Date: Thu, 31 Mar 2022 01:21:40 +1100 Subject: Fix typo in table 'client_relase' -> 'client_release' ( and other of the same typo ) (#703) * Fixed typo in table name 'client_relase' -> 'client_release'. Fixed more typos of the same typo. * Fixed migration ( but dirty lol ) --- api/src/routes/downloads.ts | 6 +++--- api/src/routes/store/published-listings/applications.ts | 2 +- api/src/routes/store/published-listings/skus.ts | 2 +- api/src/routes/updates.ts | 12 ++++++------ 4 files changed, 11 insertions(+), 11 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/downloads.ts b/api/src/routes/downloads.ts index ad78b62f..ddfc080c 100644 --- a/api/src/routes/downloads.ts +++ b/api/src/routes/downloads.ts @@ -1,6 +1,6 @@ import { Router, Response, Request } from "express"; import { route } from "@fosscord/api"; -import { Relase, Config } from "@fosscord/util"; +import { Release, Config } from "@fosscord/util"; const router = Router(); @@ -12,9 +12,9 @@ router.get("/:branch", route({}), async (req: Request, res: Response) => { if(!platform || !["linux", "osx", "win"].includes(platform.toString())) return res.status(404) - const relase = await Relase.findOneOrFail({ name: client.relases.upstreamVersion }); + const release = await Release.findOneOrFail({ name: client.releases.upstreamVersion }); - res.redirect(relase[`win_url`]); + res.redirect(release[`win_url`]); }); export default router; diff --git a/api/src/routes/store/published-listings/applications.ts b/api/src/routes/store/published-listings/applications.ts index f06a01e4..060a4c3d 100644 --- a/api/src/routes/store/published-listings/applications.ts +++ b/api/src/routes/store/published-listings/applications.ts @@ -18,7 +18,7 @@ router.get("/:id", route({}), async (req: Request, res: Response) => { access_type: 2, name: "", features: [], - relase_date: "", + release_date: "", premium: false, slug: "", flags: 4, diff --git a/api/src/routes/store/published-listings/skus.ts b/api/src/routes/store/published-listings/skus.ts index f06a01e4..060a4c3d 100644 --- a/api/src/routes/store/published-listings/skus.ts +++ b/api/src/routes/store/published-listings/skus.ts @@ -18,7 +18,7 @@ router.get("/:id", route({}), async (req: Request, res: Response) => { access_type: 2, name: "", features: [], - relase_date: "", + release_date: "", premium: false, slug: "", flags: 4, diff --git a/api/src/routes/updates.ts b/api/src/routes/updates.ts index 4682ce7c..cb4577c8 100644 --- a/api/src/routes/updates.ts +++ b/api/src/routes/updates.ts @@ -1,19 +1,19 @@ import { Router, Response, Request } from "express"; import { route } from "@fosscord/api"; -import { Config, Relase } from "@fosscord/util"; +import { Config, Release } from "@fosscord/util"; const router = Router(); router.get("/", route({}), async (req: Request, res: Response) => { const { client } = Config.get(); - const relase = await Relase.findOneOrFail({ name: client.relases.upstreamVersion}) + const release = await Release.findOneOrFail({ name: client.releases.upstreamVersion}) res.json({ - name: relase.name, - pub_date: relase.pub_date, - url: relase.url, - notes: relase.notes + name: release.name, + pub_date: release.pub_date, + url: release.url, + notes: release.notes }); }); -- cgit 1.4.1 From d08689b4180c2a66382ca9a6174b1c177076a65f Mon Sep 17 00:00:00 2001 From: Madeline <46743919+MaddyUnderStars@users.noreply.github.com> Date: Tue, 5 Apr 2022 19:58:34 +1000 Subject: User Notes (#707) * Notes implementation. Bug: Client does not save note locally after uploading to server. Client does save after reloading page. Is this due to the response being sent by PUT? * I don't know why the client doesn't do optimistic UI updates with this, or any updates at all without reloading the page * Added USER_NOTE_UPDATE event, thanks @TheRealGeoDash2019 ! --- api/src/routes/users/@me/notes.ts | 35 ++++++++++++++++++++++++++++++----- util/src/entities/User.ts | 4 ++++ util/src/interfaces/Event.ts | 1 + 3 files changed, 35 insertions(+), 5 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/users/@me/notes.ts b/api/src/routes/users/@me/notes.ts index 96067bf5..4887b191 100644 --- a/api/src/routes/users/@me/notes.ts +++ b/api/src/routes/users/@me/notes.ts @@ -1,14 +1,39 @@ import { Request, Response, Router } from "express"; import { route } from "@fosscord/api"; +import { User, emitEvent } from "@fosscord/util"; const router: Router = Router(); +router.get("/:id", route({}), async (req: Request, res: Response) => { + const { id } = req.params; + const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["notes"] }); + + const note = user.notes[id]; + return res.json({ + note: note, + note_user_id: id, + user_id: user.id, + }); +}); + router.put("/:id", route({}), async (req: Request, res: Response) => { - //TODO - res.json({ - message: "Unknown User", - code: 10013 - }).status(404); + const { id } = req.params; + const user = await User.findOneOrFail({ where: { id: req.user_id } }); + const noteUser = await User.findOneOrFail({ where: { id: id }}); //if noted user does not exist throw + const { note } = req.body; + + await User.update({ id: req.user_id }, { notes: { ...user.notes, [noteUser.id]: note } }); + + await emitEvent({ + event: "USER_NOTE_UPDATE", + data: { + note: note, + id: noteUser.id + }, + user_id: user.id, + }) + + return res.status(204); }); export default router; diff --git a/util/src/entities/User.ts b/util/src/entities/User.ts index ed7bd4ce..7091ee24 100644 --- a/util/src/entities/User.ts +++ b/util/src/entities/User.ts @@ -164,6 +164,9 @@ export class User extends BaseClass { @Column({ type: "simple-json", select: false }) settings: UserSettings; + @Column({ type: "simple-json" }) + notes: { [key: string]: string }; //key is ID of user + toPublicUser() { const user: any = {}; PublicUserProjection.forEach((x) => { @@ -271,6 +274,7 @@ export class User extends BaseClass { }, settings: { ...defaultSettings, locale: language }, fingerprints: [], + notes: {}, }); await user.save(); diff --git a/util/src/interfaces/Event.ts b/util/src/interfaces/Event.ts index a5253c09..416082ed 100644 --- a/util/src/interfaces/Event.ts +++ b/util/src/interfaces/Event.ts @@ -623,6 +623,7 @@ export type EVENT = | "PRESENCE_UPDATE" | "TYPING_START" | "USER_UPDATE" + | "USER_NOTE_UPDATE" | "WEBHOOKS_UPDATE" | "INTERACTION_CREATE" | "VOICE_STATE_UPDATE" -- cgit 1.4.1 From 742e534e31e332ecf49ea5aacc734ef52958bd20 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Thu, 7 Apr 2022 23:13:43 +0300 Subject: scheduled maintenances --- api/src/routes/scheduled-maintenances/upcoming_json.ts | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 api/src/routes/scheduled-maintenances/upcoming_json.ts (limited to 'api/src') diff --git a/api/src/routes/scheduled-maintenances/upcoming_json.ts b/api/src/routes/scheduled-maintenances/upcoming_json.ts new file mode 100644 index 00000000..83092e44 --- /dev/null +++ b/api/src/routes/scheduled-maintenances/upcoming_json.ts @@ -0,0 +1,12 @@ +import { Router, Request, Response } from "express"; +import { route } from "@fosscord/api"; +const router = Router(); + +router.get("/scheduled-maintenances/upcoming.json",route({}), async (req: Request, res: Response) => { + res.json({ + "page": {}, + "scheduled_maintenances": {} + }); +}); + +export default router; -- cgit 1.4.1 From c5de68d0bc24c939987060ce593ddb1182c3df74 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Thu, 7 Apr 2022 23:15:41 +0300 Subject: added the maintenance listing endpoint --- api/src/middlewares/Authentication.ts | 1 + 1 file changed, 1 insertion(+) (limited to 'api/src') diff --git a/api/src/middlewares/Authentication.ts b/api/src/middlewares/Authentication.ts index 429cf11e..5a08caf3 100644 --- a/api/src/middlewares/Authentication.ts +++ b/api/src/middlewares/Authentication.ts @@ -15,6 +15,7 @@ export const NO_AUTHORIZATION_ROUTES = [ "/experiments", "/updates", "/downloads/", + "/scheduled-maintenances/upcoming.json", // Public kubernetes integration "/-/readyz", "/-/healthz", -- cgit 1.4.1 From 785544e1c8d7b579f161c0b3ca0c6e13e44cae18 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 00:00:22 +0300 Subject: Update index.ts --- .../channels/#channel_id/messages/#message_id/index.ts | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts index 7f7de264..bdc34a81 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts +++ b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts @@ -1,4 +1,4 @@ -import { Channel, emitEvent, getPermission, MessageDeleteEvent, Message, MessageUpdateEvent } from "@fosscord/util"; +import { Channel, emitEvent, getPermission, getRight MessageDeleteEvent, Message, MessageUpdateEvent } from "@fosscord/util"; import { Router, Response, Request } from "express"; import { route } from "@fosscord/api"; import { handleMessage, postHandleMessage } from "@fosscord/api"; @@ -7,18 +7,21 @@ import { MessageCreateSchema } from "../index"; const router = Router(); // TODO: message content/embed string length limit -router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES" }), async (req: Request, res: Response) => { +router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES", right: "SEND_MESSAGES" }), async (req: Request, res: Response) => { const { message_id, channel_id } = req.params; var body = req.body as MessageCreateSchema; const message = await Message.findOneOrFail({ where: { id: message_id, channel_id }, relations: ["attachments"] }); const permissions = await getPermission(req.user_id, undefined, channel_id); + + const rights = await getRights(req.user_id); - if (req.user_id !== message.author_id) { + if ((req.user_id !== message.author_id)) { + if (rights.has("MANAGE_MESSAGES")) break; permissions.hasThrow("MANAGE_MESSAGES"); body = { flags: body.flags }; // admins can only suppress embeds of other messages - } + } else rights.hasThrow("SELF_EDIT_MESSAGES"); const new_message = await handleMessage({ ...message, @@ -46,17 +49,17 @@ router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGE return res.json(message); }); -// permission check only if deletes messagr from other user router.delete("/", route({}), async (req: Request, res: Response) => { const { message_id, channel_id } = req.params; const channel = await Channel.findOneOrFail({ id: channel_id }); const message = await Message.findOneOrFail({ id: message_id }); - if (message.author_id !== req.user_id) { + if ((message.author_id !== req.user_id)) { + if (rights.has("MANAGE_MESSAGES")) break; const permission = await getPermission(req.user_id, channel.guild_id, channel_id); permission.hasThrow("MANAGE_MESSAGES"); - } + } else rights.hasThrow("SELF_DELETE_MESSAGES"); await Message.delete({ id: message_id }); -- cgit 1.4.1 From ec07a9f415eb34eac2249c9fdaf0769f880717d1 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 10:26:20 +0300 Subject: fix the build mistakes from yesternight --- .../#channel_id/messages/#message_id/index.ts | 19 ++++++++++++------- util/src/util/Rights.ts | 17 ++++++++--------- 2 files changed, 20 insertions(+), 16 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts index bdc34a81..58dfb1cc 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts +++ b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts @@ -1,4 +1,4 @@ -import { Channel, emitEvent, getPermission, getRight MessageDeleteEvent, Message, MessageUpdateEvent } from "@fosscord/util"; +import { Channel, emitEvent, getPermission, getRights, MessageDeleteEvent, Message, MessageUpdateEvent } from "@fosscord/util"; import { Router, Response, Request } from "express"; import { route } from "@fosscord/api"; import { handleMessage, postHandleMessage } from "@fosscord/api"; @@ -18,9 +18,11 @@ router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGE const rights = await getRights(req.user_id); if ((req.user_id !== message.author_id)) { - if (rights.has("MANAGE_MESSAGES")) break; - permissions.hasThrow("MANAGE_MESSAGES"); - body = { flags: body.flags }; // admins can only suppress embeds of other messages + if (!rights.has("MANAGE_MESSAGES")) { + permissions.hasThrow("MANAGE_MESSAGES"); + body = { flags: body.flags }; +// guild admins can only suppress embeds of other messages, no such restriction imposed to instance-wide admins + } } else rights.hasThrow("SELF_EDIT_MESSAGES"); const new_message = await handleMessage({ @@ -54,11 +56,14 @@ router.delete("/", route({}), async (req: Request, res: Response) => { const channel = await Channel.findOneOrFail({ id: channel_id }); const message = await Message.findOneOrFail({ id: message_id }); + + const rights = await getRights(req.user_id); if ((message.author_id !== req.user_id)) { - if (rights.has("MANAGE_MESSAGES")) break; - const permission = await getPermission(req.user_id, channel.guild_id, channel_id); - permission.hasThrow("MANAGE_MESSAGES"); + if (!rights.has("MANAGE_MESSAGES")) { + const permission = await getPermission(req.user_id, channel.guild_id, channel_id); + permission.hasThrow("MANAGE_MESSAGES"); + } } else rights.hasThrow("SELF_DELETE_MESSAGES"); await Message.delete({ id: message_id }); diff --git a/util/src/util/Rights.ts b/util/src/util/Rights.ts index dedbfe30..35ad9514 100644 --- a/util/src/util/Rights.ts +++ b/util/src/util/Rights.ts @@ -87,15 +87,14 @@ export class Rights extends BitField { throw new HTTPError(`You are missing the following rights ${permission}`, 403); } - export async function getRight( - user_id: string, - /** opts: { - in_behalf?: (keyof User)[]; - } = {} **/) - { - user = await User.findOneOrFail({ where: { id: user_id } }); - return new Rights(user.right); - } } const ALL_RIGHTS = Object.values(Rights.FLAGS).reduce((total, val) => total | val, BigInt(0)); + +export async function getRights( user_id: string + /**, opts: { + in_behalf?: (keyof User)[]; + } = {} **/) { + let user = await User.findOneOrFail({ where: { id: user_id } }); + return new Rights(user.rights); +} -- cgit 1.4.1 From 22952ef928808d4112e0bd3c2a5b867d3e4c4b1a Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 11:02:11 +0300 Subject: enforce the rights --- api/src/util/handlers/Message.ts | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'api/src') diff --git a/api/src/util/handlers/Message.ts b/api/src/util/handlers/Message.ts index 2d9f7032..f0ecf416 100644 --- a/api/src/util/handlers/Message.ts +++ b/api/src/util/handlers/Message.ts @@ -7,6 +7,7 @@ import { MessageCreateEvent, MessageUpdateEvent, getPermission, + getRights, CHANNEL_MENTION, Snowflake, USER_MENTION, @@ -61,17 +62,18 @@ export async function handleMessage(opts: MessageOptions): Promise { throw new HTTPError("Content length over max character limit") } - // TODO: are tts messages allowed in dm channels? should permission be checked? if (opts.author_id) { message.author = await User.getPublicUser(opts.author_id); - } + const rights = await getRights(opts.author_id); + rights.hasThrow("SEND_MESSAGES"); + } if (opts.application_id) { message.application = await Application.findOneOrFail({ id: opts.application_id }); } if (opts.webhook_id) { message.webhook = await Webhook.findOneOrFail({ id: opts.webhook_id }); } - + const permission = await getPermission(opts.author_id, channel.guild_id, opts.channel_id); permission.hasThrow("SEND_MESSAGES"); // TODO: add the rights check if (permission.cache.member) { -- cgit 1.4.1 From be3f796f3462ce925c445d710e848425ac1f9d94 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 11:05:19 +0300 Subject: remove todos that are implemented --- api/src/util/handlers/Message.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'api/src') diff --git a/api/src/util/handlers/Message.ts b/api/src/util/handlers/Message.ts index f0ecf416..5a5ac666 100644 --- a/api/src/util/handlers/Message.ts +++ b/api/src/util/handlers/Message.ts @@ -75,7 +75,7 @@ export async function handleMessage(opts: MessageOptions): Promise { } const permission = await getPermission(opts.author_id, channel.guild_id, opts.channel_id); - permission.hasThrow("SEND_MESSAGES"); // TODO: add the rights check + permission.hasThrow("SEND_MESSAGES"); if (permission.cache.member) { message.member = permission.cache.member; } @@ -83,7 +83,7 @@ export async function handleMessage(opts: MessageOptions): Promise { if (opts.tts) permission.hasThrow("SEND_TTS_MESSAGES"); if (opts.message_reference) { permission.hasThrow("READ_MESSAGE_HISTORY"); - // code below has to be redone when we add custom message routing and cross-channel replies + // code below has to be redone when we add custom message routing if (message.guild_id !== null) { const guild = await Guild.findOneOrFail({ id: channel.guild_id }); if (!guild.features.includes("CROSS_CHANNEL_REPLIES")) { @@ -91,7 +91,7 @@ export async function handleMessage(opts: MessageOptions): Promise { if (opts.message_reference.channel_id !== opts.channel_id) throw new HTTPError("You can only reference messages from this channel"); } } - // TODO: should be checked if the referenced message exists? + // Q: should be checked if the referenced message exists? ANSWER: NO // @ts-ignore message.type = MessageType.REPLY; } -- cgit 1.4.1 From 3a5a90007e7ad8942cd121cf410f7996ecb1e35a Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 11:23:09 +0300 Subject: MANAGE_GUILDS --- api/src/routes/guilds/#guild_id/index.ts | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/guilds/#guild_id/index.ts b/api/src/routes/guilds/#guild_id/index.ts index 991c3f93..8e1e74f7 100644 --- a/api/src/routes/guilds/#guild_id/index.ts +++ b/api/src/routes/guilds/#guild_id/index.ts @@ -1,5 +1,5 @@ import { Request, Response, Router } from "express"; -import { emitEvent, getPermission, Guild, GuildUpdateEvent, handleFile, Member } from "@fosscord/util"; +import { DiscordApiErrors, emitEvent, getPermission, getRights, Guild, GuildUpdateEvent, handleFile, Member } from "@fosscord/util"; import { HTTPError } from "lambert-server"; import { route } from "@fosscord/api"; import "missing-native-js-functions"; @@ -37,9 +37,17 @@ router.get("/", route({}), async (req: Request, res: Response) => { return res.send(guild); }); -router.patch("/", route({ body: "GuildUpdateSchema", permission: "MANAGE_GUILD" }), async (req: Request, res: Response) => { +router.patch("/", route({ body: "GuildUpdateSchema"}), async (req: Request, res: Response) => { const body = req.body as GuildUpdateSchema; const { guild_id } = req.params; + + + const rights = await getRight(req.user_id); + const permission = await getPermission(req.user_id, guild_id); + + if (!rights.has("MANAGE_GUILDS")||!permission.has("MANAGE_GUILD")) + throw DiscordApiErrors.MISSING_PERMISSIONS("MANAGE_GUILD"); + // TODO: guild update check image if (body.icon) body.icon = await handleFile(`/icons/${guild_id}`, body.icon); -- cgit 1.4.1 From a4e4d40bb967a73130363b134cf9072e08ea4d3f Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 11:29:04 +0300 Subject: rights enforcement in guild create --- api/src/routes/guilds/index.ts | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/guilds/index.ts b/api/src/routes/guilds/index.ts index 7b676211..10721413 100644 --- a/api/src/routes/guilds/index.ts +++ b/api/src/routes/guilds/index.ts @@ -1,5 +1,5 @@ import { Router, Request, Response } from "express"; -import { Role, Guild, Snowflake, Config, Member, Channel, DiscordApiErrors, handleFile } from "@fosscord/util"; +import { Role, Guild, Snowflake, Config, getRights, Member, Channel, DiscordApiErrors, handleFile } from "@fosscord/util"; import { route } from "@fosscord/api"; import { ChannelModifySchema } from "../channels/#channel_id"; @@ -20,12 +20,13 @@ export interface GuildCreateSchema { //TODO: create default channel -router.post("/", route({ body: "GuildCreateSchema" }), async (req: Request, res: Response) => { +router.post("/", route({ body: "GuildCreateSchema", right: "CREATE_GUILDS" }), async (req: Request, res: Response) => { const body = req.body as GuildCreateSchema; const { maxGuilds } = Config.get().limits.user; const guild_count = await Member.count({ id: req.user_id }); - if (guild_count >= maxGuilds) { + const rights = await getRights(req.user_id); + if ((guild_count >= maxGuilds)&&!rights.has("MANAGE_GUILDS")) { throw DiscordApiErrors.MAXIMUM_GUILDS.withParams(maxGuilds); } -- cgit 1.4.1 From 76268ae456f9151250a762dd1dc9cec7a127889a Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 11:32:00 +0300 Subject: JOIN_GUILDS --- api/src/routes/invites/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'api/src') diff --git a/api/src/routes/invites/index.ts b/api/src/routes/invites/index.ts index 37e9e05a..21da2d18 100644 --- a/api/src/routes/invites/index.ts +++ b/api/src/routes/invites/index.ts @@ -13,7 +13,7 @@ router.get("/:code", route({}), async (req: Request, res: Response) => { res.status(200).send(invite); }); -router.post("/:code", route({}), async (req: Request, res: Response) => { +router.post("/:code", route({right: "JOIN_GUILDS"}), async (req: Request, res: Response) => { const { code } = req.params; const { guild_id } = await Invite.findOneOrFail({ code }) const { features } = await Guild.findOneOrFail({ id: guild_id}); -- cgit 1.4.1 From 2c0d2f40c8df354c5a749e9af647aba4066e45b9 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 11:34:01 +0300 Subject: invite right enforced --- api/src/routes/channels/#channel_id/invites.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'api/src') diff --git a/api/src/routes/channels/#channel_id/invites.ts b/api/src/routes/channels/#channel_id/invites.ts index 6d2c625d..208a0705 100644 --- a/api/src/routes/channels/#channel_id/invites.ts +++ b/api/src/routes/channels/#channel_id/invites.ts @@ -19,7 +19,8 @@ export interface InviteCreateSchema { target_user_type?: number; } -router.post("/", route({ body: "InviteCreateSchema", permission: "CREATE_INSTANT_INVITE" }), async (req: Request, res: Response) => { +router.post("/", route({ body: "InviteCreateSchema", permission: "CREATE_INSTANT_INVITE", right: "CREATE_INSTANT_INVITE" }), + async (req: Request, res: Response) => { const { user_id } = req; const { channel_id } = req.params; const channel = await Channel.findOneOrFail({ where: { id: channel_id }, select: ["id", "name", "type", "guild_id"] }); -- cgit 1.4.1 From 271574bb384a4d8a08f0058a453abd7839707b32 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 17:30:55 +0300 Subject: correct right name --- api/src/routes/channels/#channel_id/invites.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'api/src') diff --git a/api/src/routes/channels/#channel_id/invites.ts b/api/src/routes/channels/#channel_id/invites.ts index 208a0705..6367a8b6 100644 --- a/api/src/routes/channels/#channel_id/invites.ts +++ b/api/src/routes/channels/#channel_id/invites.ts @@ -19,7 +19,7 @@ export interface InviteCreateSchema { target_user_type?: number; } -router.post("/", route({ body: "InviteCreateSchema", permission: "CREATE_INSTANT_INVITE", right: "CREATE_INSTANT_INVITE" }), +router.post("/", route({ body: "InviteCreateSchema", permission: "CREATE_INVITES", right: "CREATE_INSTANT_INVITE" }), async (req: Request, res: Response) => { const { user_id } = req; const { channel_id } = req.params; -- cgit 1.4.1 From 596c60e010a8372c729306476c0734e86f990ad9 Mon Sep 17 00:00:00 2001 From: binsky Date: Sat, 9 Apr 2022 04:11:10 +0200 Subject: fix invite right enforcement --- api/src/routes/channels/#channel_id/invites.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'api/src') diff --git a/api/src/routes/channels/#channel_id/invites.ts b/api/src/routes/channels/#channel_id/invites.ts index 6367a8b6..9c361164 100644 --- a/api/src/routes/channels/#channel_id/invites.ts +++ b/api/src/routes/channels/#channel_id/invites.ts @@ -19,7 +19,7 @@ export interface InviteCreateSchema { target_user_type?: number; } -router.post("/", route({ body: "InviteCreateSchema", permission: "CREATE_INVITES", right: "CREATE_INSTANT_INVITE" }), +router.post("/", route({ body: "InviteCreateSchema", permission: "CREATE_INSTANT_INVITE", right: "CREATE_INVITES" }), async (req: Request, res: Response) => { const { user_id } = req; const { channel_id } = req.params; -- cgit 1.4.1 From 88dd33a9a271ec73f9ce0beb8c5c8e662912fc68 Mon Sep 17 00:00:00 2001 From: binsky Date: Sat, 9 Apr 2022 04:12:16 +0200 Subject: fix MANAGE_GUILDS; rename getRight to getRights --- api/src/routes/guilds/#guild_id/index.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/guilds/#guild_id/index.ts b/api/src/routes/guilds/#guild_id/index.ts index 8e1e74f7..4ec3df72 100644 --- a/api/src/routes/guilds/#guild_id/index.ts +++ b/api/src/routes/guilds/#guild_id/index.ts @@ -42,11 +42,11 @@ router.patch("/", route({ body: "GuildUpdateSchema"}), async (req: Request, res: const { guild_id } = req.params; - const rights = await getRight(req.user_id); + const rights = await getRights(req.user_id); const permission = await getPermission(req.user_id, guild_id); if (!rights.has("MANAGE_GUILDS")||!permission.has("MANAGE_GUILD")) - throw DiscordApiErrors.MISSING_PERMISSIONS("MANAGE_GUILD"); + throw DiscordApiErrors.MISSING_PERMISSIONS.withParams("MANAGE_GUILD"); // TODO: guild update check image -- cgit 1.4.1 From 2e6599654046291832b7138e452777e75d45f4b3 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Sat, 9 Apr 2022 21:45:45 +0300 Subject: add an elegant entropy check --- api/src/util/utility/passwordStrength.ts | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) (limited to 'api/src') diff --git a/api/src/util/utility/passwordStrength.ts b/api/src/util/utility/passwordStrength.ts index 047df008..81ac2559 100644 --- a/api/src/util/utility/passwordStrength.ts +++ b/api/src/util/utility/passwordStrength.ts @@ -13,6 +13,7 @@ const blocklist: string[] = []; // TODO: update ones passwordblocklist is stored * - min numbers * - min symbols * - min uppercase chars + * - shannon entropy divided by password entropy * * Returns: 0 > pw > 1 */ @@ -22,28 +23,38 @@ export function checkPassword(password: string): number { // checks for total password len if (password.length >= minLength - 1) { - strength += 0.25; + strength += 0.05; } // checks for amount of Numbers if (password.count(reNUMBER) >= minNumbers - 1) { - strength += 0.25; + strength += 0.05; } // checks for amount of Uppercase Letters if (password.count(reUPPERCASELETTER) >= minUpperCase - 1) { - strength += 0.25; + strength += 0.05; } // checks for amount of symbols if (password.replace(reSYMBOLS, "").length >= minSymbols - 1) { - strength += 0.25; + strength += 0.05; } // checks if password only consists of numbers or only consists of chars if (password.length == password.count(reNUMBER) || password.length === password.count(reUPPERCASELETTER)) { strength = 0; } - + + var entropyMap; + for (let i = 0; i < password.length; i++) { + if (entropyMap[password[i]]) entropyMap[password[i]]++; + else entropyMap[password[i]] = 1; + } + + let entropies = Array(entropyMap); + + entropies.map(x => (x / entropyMap.length)); + strength += entropies.reduceRight((a, x), a - (x * Math.log2(x))) / Math.log2(password.length); return strength; } -- cgit 1.4.1 From fd702100ea5a9a88131b387f8ea573a601a1b3ec Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Sat, 9 Apr 2022 21:48:25 +0300 Subject: Update passwordStrength.ts --- api/src/util/utility/passwordStrength.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'api/src') diff --git a/api/src/util/utility/passwordStrength.ts b/api/src/util/utility/passwordStrength.ts index 81ac2559..e75e48f6 100644 --- a/api/src/util/utility/passwordStrength.ts +++ b/api/src/util/utility/passwordStrength.ts @@ -46,7 +46,7 @@ export function checkPassword(password: string): number { strength = 0; } - var entropyMap; + let entropyMap; for (let i = 0; i < password.length; i++) { if (entropyMap[password[i]]) entropyMap[password[i]]++; else entropyMap[password[i]] = 1; -- cgit 1.4.1 From 977861ad4e6eff025f0c0a1b4731f0efd283886d Mon Sep 17 00:00:00 2001 From: Madeline <46743919+MaddyUnderStars@users.noreply.github.com> Date: Mon, 11 Apr 2022 00:36:12 +1000 Subject: Fix compile errors in checkPassword's entropy check --- api/src/util/utility/passwordStrength.ts | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'api/src') diff --git a/api/src/util/utility/passwordStrength.ts b/api/src/util/utility/passwordStrength.ts index e75e48f6..f3960e48 100644 --- a/api/src/util/utility/passwordStrength.ts +++ b/api/src/util/utility/passwordStrength.ts @@ -46,15 +46,15 @@ export function checkPassword(password: string): number { strength = 0; } - let entropyMap; + let entropyMap: { [key: string]: number } = {}; for (let i = 0; i < password.length; i++) { if (entropyMap[password[i]]) entropyMap[password[i]]++; else entropyMap[password[i]] = 1; } - let entropies = Array(entropyMap); - + let entropies = Object.values(entropyMap); + entropies.map(x => (x / entropyMap.length)); - strength += entropies.reduceRight((a, x), a - (x * Math.log2(x))) / Math.log2(password.length); + strength += entropies.reduceRight((a: number, x: number) => a - (x * Math.log2(x))) / Math.log2(password.length); return strength; } -- cgit 1.4.1 From 0aa100c8e079c60dfee2524ba70775ef276d930f Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Tue, 12 Apr 2022 20:10:30 +0300 Subject: Update passwordStrength.ts --- api/src/util/utility/passwordStrength.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'api/src') diff --git a/api/src/util/utility/passwordStrength.ts b/api/src/util/utility/passwordStrength.ts index f3960e48..439700d0 100644 --- a/api/src/util/utility/passwordStrength.ts +++ b/api/src/util/utility/passwordStrength.ts @@ -13,7 +13,7 @@ const blocklist: string[] = []; // TODO: update ones passwordblocklist is stored * - min numbers * - min symbols * - min uppercase chars - * - shannon entropy divided by password entropy + * - shannon entropy folded into [0, 1) interval * * Returns: 0 > pw > 1 */ -- cgit 1.4.1 From 221f627f187e544159db38cf157a43369b3a98b2 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Sat, 16 Apr 2022 00:15:09 +0300 Subject: remove misleading todo note --- api/src/routes/guilds/#guild_id/members/index.ts | 1 - 1 file changed, 1 deletion(-) (limited to 'api/src') diff --git a/api/src/routes/guilds/#guild_id/members/index.ts b/api/src/routes/guilds/#guild_id/members/index.ts index 386276c8..b730a4e7 100644 --- a/api/src/routes/guilds/#guild_id/members/index.ts +++ b/api/src/routes/guilds/#guild_id/members/index.ts @@ -6,7 +6,6 @@ import { HTTPError } from "lambert-server"; const router = Router(); -// TODO: not allowed for user -> only allowed for bots with privileged intents // TODO: send over websocket // TODO: check for GUILD_MEMBERS intent -- cgit 1.4.1 From f27afe0c5695f23a90b2f6b4aed1537ba6b87ba2 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Sun, 17 Apr 2022 21:15:58 +0300 Subject: reactions rights enforcement --- api/src/routes/channels/#channel_id/messages/#message_id/ack.ts | 3 ++- api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts b/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts index 208c1da4..885c5eca 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts +++ b/api/src/routes/channels/#channel_id/messages/#message_id/ack.ts @@ -4,8 +4,9 @@ import { route } from "@fosscord/api"; const router = Router(); -// TODO: check if message exists +// TODO: public read receipts & privacy scoping // TODO: send read state event to all channel members +// TODO: advance-only notification cursor export interface MessageAcknowledgeSchema { manual?: boolean; diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts b/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts index 6b6a66b2..d93cf70f 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts +++ b/api/src/routes/channels/#channel_id/messages/#message_id/reactions.ts @@ -101,7 +101,7 @@ router.get("/:emoji", route({ permission: "VIEW_CHANNEL" }), async (req: Request res.json(users); }); -router.put("/:emoji/:user_id", route({ permission: "READ_MESSAGE_HISTORY" }), async (req: Request, res: Response) => { +router.put("/:emoji/:user_id", route({ permission: "READ_MESSAGE_HISTORY", right: "SELF_ADD_REACTIONS" }), async (req: Request, res: Response) => { const { message_id, channel_id, user_id } = req.params; if (user_id !== "@me") throw new HTTPError("Invalid user"); const emoji = getEmoji(req.params.emoji); -- cgit 1.4.1 From 8a5f6bad2198b42ad4c342659bb0c24152e7ff78 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Mon, 18 Apr 2022 19:09:43 +0300 Subject: Unified ghost instead of separate ghosts --- api/src/routes/channels/#channel_id/messages/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'api/src') diff --git a/api/src/routes/channels/#channel_id/messages/index.ts b/api/src/routes/channels/#channel_id/messages/index.ts index 2fd08b04..fbcce619 100644 --- a/api/src/routes/channels/#channel_id/messages/index.ts +++ b/api/src/routes/channels/#channel_id/messages/index.ts @@ -119,7 +119,7 @@ router.get("/", async (req: Request, res: Response) => { delete x.user_ids; }); // @ts-ignore - if (!x.author) x.author = { discriminator: "0000", username: "Deleted User", public_flags: "0", avatar: null }; + if (!x.author) x.author = { id: "4", discriminator: "0000", username: "Fosscord Ghost", public_flags: "0", avatar: null }; x.attachments?.forEach((y: any) => { // dynamically set attachment proxy_url in case the endpoint changed const uri = y.proxy_url.startsWith("http") ? y.proxy_url : `https://example.org${y.proxy_url}`; -- cgit 1.4.1 From 53ca3925bf09c6b00d62edc27d93560578a09c34 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Mon, 18 Apr 2022 21:21:40 +0300 Subject: get single message && message rights enforcement --- .../channels/#channel_id/messages/#message_id/index.ts | 12 ++++++++++++ api/src/routes/channels/#channel_id/messages/index.ts | 5 +++-- 2 files changed, 15 insertions(+), 2 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts index 58dfb1cc..a27c71e1 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts +++ b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts @@ -51,6 +51,18 @@ router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGE return res.json(message); }); +router.get("/", route({ permission: "VIEW_CHANNEL" }), async (req: Request, res: Response) => { + const { message_id, channel_id } = req.params; + + const message = await Message.findOneOrFail({ where: { id: message_id, channel_id }, relations: ["attachments"] }); + + const permissions = await getPermission(req.user_id, undefined, channel_id); + + if (message.author_id !== req.user_id) permissions.hasThrow("READ_MESSAGE_HISTORY"); + + return res.json(message); +}); + router.delete("/", route({}), async (req: Request, res: Response) => { const { message_id, channel_id } = req.params; diff --git a/api/src/routes/channels/#channel_id/messages/index.ts b/api/src/routes/channels/#channel_id/messages/index.ts index 2fd08b04..4cfaf247 100644 --- a/api/src/routes/channels/#channel_id/messages/index.ts +++ b/api/src/routes/channels/#channel_id/messages/index.ts @@ -8,6 +8,7 @@ import { Embed, emitEvent, getPermission, + getRights, Message, MessageCreateEvent, uploadFile, @@ -149,7 +150,7 @@ const messageUpload = multer({ }); // max upload 50 mb // TODO: dynamically change limit of MessageCreateSchema with config -// TODO: check: sum of all characters in an embed structure must not exceed 6000 characters +// TODO: check: sum of all characters in an embed structure must not exceed instance limits // https://discord.com/developers/docs/resources/channel#create-message // TODO: text channel slowdown @@ -167,7 +168,7 @@ router.post( next(); }, - route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES" }), + route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES", right: "SEND_MESSAGES" }), async (req: Request, res: Response) => { const { channel_id } = req.params; var body = req.body as MessageCreateSchema; -- cgit 1.4.1 From 3061c24780a2dcf46dc4960d50c3636cab6b918f Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Mon, 18 Apr 2022 22:02:32 +0300 Subject: general rights enforcement stuff --- api/src/util/handlers/route.ts | 3 +++ 1 file changed, 3 insertions(+) (limited to 'api/src') diff --git a/api/src/util/handlers/route.ts b/api/src/util/handlers/route.ts index 0048c4dd..3d3bbc37 100644 --- a/api/src/util/handlers/route.ts +++ b/api/src/util/handlers/route.ts @@ -6,6 +6,7 @@ import { FieldErrors, FosscordApiErrors, getPermission, + getRights, PermissionResolvable, Permissions, RightResolvable, @@ -105,6 +106,8 @@ export function route(opts: RouteOptions) { if (opts.right) { const required = new Rights(opts.right); + req.rights = await getRights(req.user_id); + if (!req.rights || !req.rights.has(required)) { throw FosscordApiErrors.MISSING_RIGHTS.withParams(opts.right as string); } -- cgit 1.4.1 From 96b3929fa4c0d2cc6613957e6f1636d0f7644527 Mon Sep 17 00:00:00 2001 From: TheArcaneBrony Date: Tue, 19 Apr 2022 00:57:58 +0200 Subject: Use 1 thread on platform where fetching thread/core count fails --- api/src/start.ts | 7 ++++++- bundle/scripts/benchmark/connections.js | 7 ++++++- bundle/src/start.ts | 7 ++++++- 3 files changed, 18 insertions(+), 3 deletions(-) (limited to 'api/src') diff --git a/api/src/start.ts b/api/src/start.ts index 717e1b8f..ccb4d108 100644 --- a/api/src/start.ts +++ b/api/src/start.ts @@ -7,7 +7,12 @@ config(); import { FosscordServer } from "./Server"; import cluster from "cluster"; import os from "os"; -const cores = Number(process.env.THREADS) || os.cpus().length; +var cores = 1; +try { + cores = Number(process.env.THREADS) || os.cpus().length; +} catch { + console.log("[API] Failed to get thread count! Using 1...") +} if (cluster.isMaster && process.env.NODE_ENV == "production") { console.log(`Primary ${process.pid} is running`); diff --git a/bundle/scripts/benchmark/connections.js b/bundle/scripts/benchmark/connections.js index 2a4125b4..ffca2628 100644 --- a/bundle/scripts/benchmark/connections.js +++ b/bundle/scripts/benchmark/connections.js @@ -3,8 +3,13 @@ const cluster = require("cluster"); const WebSocket = require("ws"); const endpoint = process.env.GATEWAY || "ws://localhost:3001"; const connections = Number(process.env.CONNECTIONS) || 50; -const threads = Number(process.env.THREADS) || require("os").cpus().length || 1; const token = process.env.TOKEN; +var cores = 1; +try { + cores = Number(process.env.THREADS) || os.cpus().length; +} catch { + console.log("[Bundle] Failed to get thread count! Using 1...") +} if (!token) { console.error("TOKEN env var missing"); diff --git a/bundle/src/start.ts b/bundle/src/start.ts index 7660b296..de3b5848 100644 --- a/bundle/src/start.ts +++ b/bundle/src/start.ts @@ -9,7 +9,12 @@ config(); import { execSync } from "child_process"; // TODO: add socket event transmission -let cores = Number(process.env.THREADS) || os.cpus().length; +var cores = 1; +try { + cores = Number(process.env.THREADS) || os.cpus().length; +} catch { + console.log("[API] Failed to get thread count! Using 1...") +} if (cluster.isMaster) { function getCommitOrFail() { -- cgit 1.4.1