From fcc104d60ca509dbc2f31ff62987a5daedf1e7d3 Mon Sep 17 00:00:00 2001
From: Madeline <46743919+MaddyUnderStars@users.noreply.github.com>
Date: Sun, 24 Apr 2022 16:09:38 +1000
Subject: While backfilling, message ids must now be valid snowflakes, cannot
 be in the future, and cannot overwrite existing messages

---
 .../#channel_id/messages/#message_id/index.ts      | 24 +++++++++++++++++-----
 1 file changed, 19 insertions(+), 5 deletions(-)

(limited to 'api/src')

diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts
index 6d2bf185..8d2bd5cb 100644
--- a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts
+++ b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts
@@ -16,6 +16,8 @@ import multer from "multer";
 import { route } from "@fosscord/api";
 import { handleMessage, postHandleMessage } from "@fosscord/api";
 import { MessageCreateSchema } from "../index";
+import { Snowflake } from "@fosscord/util";
+import { HTTPError } from "lambert-server";
 
 const router = Router();
 // TODO: message content/embed string length limit
@@ -91,6 +93,22 @@ router.put(
 		var body = req.body as MessageCreateSchema;
 		const attachments: Attachment[] = [];
 
+		// regex to check if message contains anything other than numerals ( also no decimals )
+		if (!message_id.match(/^\+?\d+$/)) {
+			throw new HTTPError("Message IDs must be positive integers")
+		}
+
+		const snowflake = Snowflake.deconstruct(message_id)
+		if (Date.now() < snowflake.timestamp) {
+			// message is in the future
+			throw new HTTPError("You cannot backfill messages in the future", 400);
+		}
+
+		const exists = await Message.findOne({ where: { id: message_id, channel_id: channel_id }});
+		if (exists) {
+			throw new HTTPError("Cannot backfill to message ID that already exists", 400);
+		}
+
 		if (req.file) {
 			try {
 				const file = await uploadFile(`/attachments/${req.params.channel_id}`, req.file);
@@ -100,8 +118,6 @@ router.put(
 			}
 		}
 		const channel = await Channel.findOneOrFail({ where: { id: channel_id }, relations: ["recipients", "recipients.user"] });
-		
-		// TODO: check the ID is not from the future, to prevent future-faking of channel histories
 
 		const embeds = body.embeds || [];
 		if (body.embed) embeds.push(body.embed);
@@ -115,11 +131,9 @@ router.put(
 			channel_id,
 			attachments,
 			edited_timestamp: undefined,
-			timestamp: undefined, // FIXME: calculate timestamp from snowflake
+			timestamp: new Date(snowflake.timestamp),
 		});
 
-		channel.last_message_id = message.id;
-
 		//Fix for the client bug
 		delete message.member
 		
-- 
cgit 1.4.1