summary refs log tree commit diff
path: root/api/src/routes/applications/#id/bot/index.ts
blob: 5cae52150599fd00d35325795f1eef1d3887c8a6 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
import { Request, Response, Router } from "express";
import { route } from "@fosscord/api";
import { Application, Config, FieldErrors, generateToken, OrmUtils, Snowflake, trimSpecial, User, handleFile } from "@fosscord/util";
import { HTTPError } from "lambert-server";
import { verifyToken } from "node-2fa";

const router: Router = Router();

router.post("/", route({}), async (req: Request, res: Response) => {
	const app = await Application.findOne({where: {id: req.params.id}});
	if(!app) return res.status(404);
	const username = trimSpecial(app.name);
	const discriminator = await User.generateDiscriminator(username);
	if (!discriminator) {
		// We've failed to generate a valid and unused discriminator
		throw FieldErrors({
			username: {
				code: "USERNAME_TOO_MANY_USERS",
				message: req?.t("auth:register.USERNAME_TOO_MANY_USERS"),
			},
		});
	}

	const user = OrmUtils.mergeDeep(new User(), {
		created_at: new Date(),
		username: username,
		discriminator,
		id: app.id,
		bot: true,
		system: false,
		premium_since: null,
		desktop: false,
		mobile: false,
		premium: false,
		premium_type: 0,
		bio: app.description,
		mfa_enabled: true,
		totp_secret: "",
		totp_backup_codes: [],
		verified: true,
		disabled: false,
		deleted: false,
		email: null,
		rights: Config.get().register.defaultRights,
		nsfw_allowed: true,
		public_flags: "0",
		flags: "0",
		data: {
			hash: null,
			valid_tokens_since: new Date(),
		},
		settings: {},
		extended_settings: {},
		fingerprints: [],
		notes: {},
	});
	await user.save();
	app.bot = user;
	await app.save();
	res.send().status(204)
});

router.post("/reset", route({}), async (req: Request, res: Response) => {
	let bot = await User.findOne({where: {id: req.params.id}});
	let owner = await User.findOne({where: {id: req.user_id}});
	if(!bot) return res.status(404);
	if(owner?.totp_secret && (!req.body.code || verifyToken(owner.totp_secret, req.body.code))) {
		throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008);
	}
	bot.data = { hash: undefined, valid_tokens_since: new Date() };
	await bot.save();
	let token = await generateToken(bot.id);
	res.json({token}).status(200);
});

router.patch("/", route({}), async (req: Request, res: Response) => {
	if (req.body.avatar) req.body.avatar = await handleFile(`/avatars/${req.params.id}`, req.body.avatar as string);
	let app = OrmUtils.mergeDeep(await User.findOne({where: {id: req.params.id}}), req.body);
	await app.save();
	res.json(app).status(200);
});

export default router;