From ca9d09bb226e49e9215bd629c2218a93529ea2ae Mon Sep 17 00:00:00 2001
From: Madeline <46743919+MaddyUnderStars@users.noreply.github.com>
Date: Wed, 5 Oct 2022 01:17:00 +1100
Subject: Check nonce in Message send

---
 src/api/routes/channels/#channel_id/messages/index.ts | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'src/api/routes')

diff --git a/src/api/routes/channels/#channel_id/messages/index.ts b/src/api/routes/channels/#channel_id/messages/index.ts
index 747701db..e0c91b8a 100644
--- a/src/api/routes/channels/#channel_id/messages/index.ts
+++ b/src/api/routes/channels/#channel_id/messages/index.ts
@@ -201,6 +201,19 @@ router.post(
 			);
 		}
 
+		if (body.nonce) {
+			const existing = await Message.findOne({
+				where: {
+					nonce: body.nonce,
+					channel_id: channel.id,
+					author_id: req.user_id
+				}
+			});
+			if (existing) {
+				return res.json(existing);
+			}
+		}
+
 		const files = (req.files as Express.Multer.File[]) ?? [];
 		for (var currFile of files) {
 			try {
-- 
cgit 1.4.1