Merge branch 'master' of https://github.com/fosscord/fosscord-server

8 files changed, 44 insertions, 83 deletions

diff --git a/api/src/middlewares/TestClient.ts b/api/src/middlewares/TestClient.ts

index 79f8f442..7db35285 100644
--- a/api/src/middlewares/TestClient.ts
+++ b/api/src/middlewares/TestClient.ts
@@ -9,11 +9,11 @@ export default function TestClient(app: Application) {
 	const indexHTML = fs.readFileSync(path.join(__dirname, "..", "..", "client_test", "index.html"), { encoding: "utf8" });
 
 	var html = indexHTML;
-	const CDN_ENDPOINT = (Config.get().cdn.endpointClient || Config.get()?.cdn.endpoint || process.env.CDN || "").replace(
+	const CDN_ENDPOINT = (Config.get().cdn.endpointClient || Config.get()?.cdn.endpointPublic || process.env.CDN || "").replace(
 		/(https?)?(:\/\/?)/g,
 		""
 	);
-	const GATEWAY_ENDPOINT = Config.get().gateway.endpointClient || Config.get()?.gateway.endpoint || process.env.GATEWAY || "";
+	const GATEWAY_ENDPOINT = Config.get().gateway.endpointClient || Config.get()?.gateway.endpointPublic || process.env.GATEWAY || "";
 
 	if (CDN_ENDPOINT) {
 		html = html.replace(/CDN_HOST: .+/, `CDN_HOST: \`${CDN_ENDPOINT}\`,`);
diff --git a/api/src/routes/channels/#channel_id/index.ts b/api/src/routes/channels/#channel_id/index.ts

index 61c851e8..2fca4fdf 100644
--- a/api/src/routes/channels/#channel_id/index.ts
+++ b/api/src/routes/channels/#channel_id/index.ts
@@ -62,8 +62,8 @@ export interface ChannelModifySchema {
 	permission_overwrites?: {
 		id: string;
 		type: ChannelPermissionOverwriteType;
-		allow: bigint;
-		deny: bigint;
+		allow: string;
+		deny: string;
 	}[];
 	parent_id?: string;
 	id?: string; // is not used (only for guild create)
diff --git a/api/src/routes/channels/#channel_id/messages/index.ts b/api/src/routes/channels/#channel_id/messages/index.ts

index fab20977..d3321fae 100644
--- a/api/src/routes/channels/#channel_id/messages/index.ts
+++ b/api/src/routes/channels/#channel_id/messages/index.ts
@@ -3,6 +3,7 @@ import {
 	Attachment,
 	Channel,
 	ChannelType,
+	Config,
 	DmChannelDTO,
 	Embed,
 	emitEvent,
@@ -15,6 +16,7 @@ import { HTTPError } from "lambert-server";
 import { handleMessage, postHandleMessage, route } from "@fosscord/api";
 import multer from "multer";
 import { FindManyOptions, LessThan, MoreThan } from "typeorm";
+import { URL } from "url";
 
 const router: Router = Router();
 
@@ -111,6 +113,9 @@ router.get("/", async (req: Request, res: Response) => {
 			});
 			// @ts-ignore
 			if (!x.author) x.author = { discriminator: "0000", username: "Deleted User", public_flags: "0", avatar: null };
+			x.attachments?.forEach((x) => {
+				x.proxy_url = `${Config.get().cdn.endpointPublic || "http://localhost:3003"}${new URL(x.proxy_url).pathname}`;
+			});
 
 			return x;
 		})
diff --git a/api/src/routes/channels/#channel_id/permissions.ts b/api/src/routes/channels/#channel_id/permissions.ts

index bc7ad5b8..6ebf721a 100644
--- a/api/src/routes/channels/#channel_id/permissions.ts
+++ b/api/src/routes/channels/#channel_id/permissions.ts
@@ -1,4 +1,13 @@
-import { Channel, ChannelPermissionOverwrite, ChannelUpdateEvent, emitEvent, getPermission, Member, Role } from "@fosscord/util";
+import {
+	Channel,
+	ChannelPermissionOverwrite,
+	ChannelPermissionOverwriteType,
+	ChannelUpdateEvent,
+	emitEvent,
+	getPermission,
+	Member,
+	Role
+} from "@fosscord/util";
 import { Router, Response, Request } from "express";
 import { HTTPError } from "lambert-server";
 
@@ -14,7 +23,7 @@ router.put(
 	route({ body: "ChannelPermissionOverwriteSchema", permission: "MANAGE_ROLES" }),
 	async (req: Request, res: Response) => {
 		const { channel_id, overwrite_id } = req.params;
-		const body = req.body as { allow: bigint; deny: bigint; type: number; id: string };
+		const body = req.body as ChannelPermissionOverwriteSchema;
 
 		var channel = await Channel.findOneOrFail({ id: channel_id });
 		if (!channel.guild_id) throw new HTTPError("Channel not found", 404);
@@ -31,14 +40,12 @@ router.put(
 			// @ts-ignore
 			overwrite = {
 				id: overwrite_id,
-				type: body.type,
-				allow: body.allow,
-				deny: body.deny
+				type: body.type
 			};
 			channel.permission_overwrites!.push(overwrite);
 		}
-		overwrite.allow = body.allow;
-		overwrite.deny = body.deny;
+		overwrite.allow = String(req.permission!.bitfield & (BigInt(body.allow) || 0n));
+		overwrite.deny = String(req.permission!.bitfield & (BigInt(body.deny) || 0n));
 
 		await Promise.all([
 			channel.save(),
diff --git a/api/src/routes/gateway.ts b/api/src/routes/gateway.ts

index 88d9dfda..4b3a0ea6 100644
--- a/api/src/routes/gateway.ts
+++ b/api/src/routes/gateway.ts
@@ -5,14 +5,14 @@ import { route } from "@fosscord/api";
 const router = Router();
 
 router.get("/", route({}), (req: Request, res: Response) => {
-	const { endpoint } = Config.get().gateway;
-	res.json({ url: endpoint || process.env.GATEWAY || "ws://localhost:3002" });
+	const { endpointPublic } = Config.get().gateway;
+	res.json({ url: endpointPublic || process.env.GATEWAY || "ws://localhost:3002" });
 });
 
 router.get("/bot", route({}), (req: Request, res: Response) => {
-	const { endpoint } = Config.get().gateway;
+	const { endpointPublic } = Config.get().gateway;
 	res.json({
-		url: endpoint || process.env.GATEWAY || "ws://localhost:3002",
+		url: endpointPublic || process.env.GATEWAY || "ws://localhost:3002",
 		shards: 1,
 		session_start_limit: {
 			total: 1000,
diff --git a/api/src/routes/guilds/index.ts b/api/src/routes/guilds/index.ts

index abde147d..6a325ae2 100644
--- a/api/src/routes/guilds/index.ts
+++ b/api/src/routes/guilds/index.ts
@@ -87,19 +87,21 @@ router.post("/", route({ body: "GuildCreateSchema" }), async (req: Request, res:
 	});
 
 	await Promise.all(
-		body.channels?.map((x) => {
-			var id = ids.get(x.id) || Snowflake.generate();
-
-			// TODO: should we abort if parent_id is a category? (to disallow sub category channels)
-			var parent_id = ids.get(x.parent_id);
-
-			return Channel.createChannel({ ...x, guild_id, id, parent_id }, req.user_id, {
-				keepId: true,
-				skipExistsCheck: true,
-				skipPermissionCheck: true,
-				skipEventEmit: true
-			});
-		})
+		body.channels
+			?.sort((a, b) => (a.parent_id ? -1 : 1))
+			.map((x) => {
+				var id = ids.get(x.id) || Snowflake.generate();
+
+				// TODO: should we abort if parent_id is a category? (to disallow sub category channels)
+				var parent_id = ids.get(x.parent_id);
+
+				return Channel.createChannel({ ...x, guild_id, id, parent_id }, req.user_id, {
+					keepId: true,
+					skipExistsCheck: true,
+					skipPermissionCheck: true,
+					skipEventEmit: true
+				});
+			})
 	);
 
 	await Member.addToGuild(req.user_id, guild_id);
diff --git a/api/src/util/cdn.ts b/api/src/util/cdn.ts
deleted file mode 100644

index 8c6e9ac9..00000000
--- a/api/src/util/cdn.ts
+++ /dev/null
@@ -1,53 +0,0 @@
-import { Config } from "@fosscord/util";
-import FormData from "form-data";
-import { HTTPError } from "lambert-server";
-import fetch from "node-fetch";
-
-export async function uploadFile(path: string, file: Express.Multer.File) {
-	const form = new FormData();
-	form.append("file", file.buffer, {
-		contentType: file.mimetype,
-		filename: file.originalname
-	});
-
-	const response = await fetch(`${Config.get().cdn.endpoint || "http://localhost:3003"}${path}`, {
-		headers: {
-			signature: Config.get().security.requestSignature,
-			...form.getHeaders()
-		},
-		method: "POST",
-		body: form
-	});
-	const result = await response.json();
-
-	if (response.status !== 200) throw result;
-	return result;
-}
-
-export async function handleFile(path: string, body?: string): Promise<string | undefined> {
-	if (!body || !body.startsWith("data:")) return body;
-	try {
-		const mimetype = body.split(":")[1].split(";")[0];
-		const buffer = Buffer.from(body.split(",")[1], "base64");
-
-		// @ts-ignore
-		const { id } = await uploadFile(path, { buffer, mimetype, originalname: "banner" });
-		return id;
-	} catch (error) {
-		console.error(error);
-		throw new HTTPError("Invalid " + path);
-	}
-}
-
-export async function deleteFile(path: string) {
-	const response = await fetch(`${Config.get().cdn.endpoint || "http://localhost:3003"}${path}`, {
-		headers: {
-			signature: Config.get().security.requestSignature
-		},
-		method: "DELETE"
-	});
-	const result = await response.json();
-
-	if (response.status !== 200) throw result;
-	return result;
-}
diff --git a/api/src/util/route.ts b/api/src/util/route.ts

index e7c7ed1c..45882d8a 100644
--- a/api/src/util/route.ts
+++ b/api/src/util/route.ts
@@ -81,10 +81,10 @@ export function route(opts: RouteOptions) {
 	return async (req: Request, res: Response, next: NextFunction) => {
 		if (opts.permission) {
 			const required = new Permissions(opts.permission);
-			const permission = await getPermission(req.user_id, req.params.guild_id, req.params.channel_id);
+			req.permission = await getPermission(req.user_id, req.params.guild_id, req.params.channel_id);
 
 			// bitfield comparison: check if user lacks certain permission
-			if (!permission.has(required)) {
+			if (!req.permission.has(required)) {
 				throw DiscordApiErrors.MISSING_PERMISSIONS.withParams(opts.permission as string);
 			}
 		}