summary refs log tree commit diff
path: root/src/api
diff options
context:
space:
mode:
authorMadeline <46743919+MaddyUnderStars@users.noreply.github.com>2022-12-18 23:45:29 +1100
committerMadeline <46743919+MaddyUnderStars@users.noreply.github.com>2022-12-18 23:45:29 +1100
commitb74453d802d8a616d97b9e06f152f6fc2d041405 (patch)
treed9feb794d785f8a63a55514090be967ca87ef81c /src/api
parentWhoops (diff)
downloadserver-b74453d802d8a616d97b9e06f152f6fc2d041405.tar.xz
Refactor applications
Diffstat (limited to 'src/api')
-rw-r--r--src/api/routes/applications/#id/bot/index.ts113
-rw-r--r--src/api/routes/applications/#id/index.ts51
-rw-r--r--src/api/routes/applications/index.ts24
3 files changed, 104 insertions, 84 deletions
diff --git a/src/api/routes/applications/#id/bot/index.ts b/src/api/routes/applications/#id/bot/index.ts
index ad2399b8..ed5d6a70 100644
--- a/src/api/routes/applications/#id/bot/index.ts
+++ b/src/api/routes/applications/#id/bot/index.ts
@@ -1,81 +1,78 @@
 import { Request, Response, Router } from "express";
 import { route } from "@fosscord/api";
-import { Application, Config, FieldErrors, generateToken, OrmUtils, Snowflake, trimSpecial, User } from "@fosscord/util";
+import { Application, generateToken, User, BotModifySchema, handleFile, DiscordApiErrors } from "@fosscord/util";
 import { HTTPError } from "lambert-server";
 import { verifyToken } from "node-2fa";
 
 const router: Router = Router();
 
 router.post("/", route({}), async (req: Request, res: Response) => {
-	const app = await Application.findOne({where: {id: req.params.id}});
-	if(!app) return res.status(404);
-	const username = trimSpecial(app.name);
-	const discriminator = await User.generateDiscriminator(username);
-	if (!discriminator) {
-		// We've failed to generate a valid and unused discriminator
-		throw FieldErrors({
-			username: {
-				code: "USERNAME_TOO_MANY_USERS",
-				message: req?.t("auth:register.USERNAME_TOO_MANY_USERS"),
-			},
-		});
-	}
-
-	const user = OrmUtils.mergeDeep(new User(), {
-		created_at: new Date(),
-		username: username,
-		discriminator,
-		id: app.id,
-		bot: true,
-		system: false,
-		premium_since: new Date(),
-		desktop: false,
-		mobile: false,
-		premium: true,
-		premium_type: 2,
-		bio: app.description,
-		mfa_enabled: false,
-		totp_secret: "",
-		totp_backup_codes: [],
-		verified: true,
-		disabled: false,
-		deleted: false,
-		email: null,
-		rights: Config.get().security.defaultRights,
-		nsfw_allowed: true,
-		public_flags: "0",
-		flags: "0",
-		data: {
-			hash: null,
-			valid_tokens_since: new Date(),
-		},
-		settings: {},
-		extended_settings: {},
-		fingerprints: [],
-		notes: {},
+	const app = await Application.findOneOrFail({ where: { id: req.params.id }, relations: ["owner"] });
+
+	if (app.owner.id != req.user_id)
+		throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
+
+	const user = await User.register({
+		username: app.name,
+		password: undefined,
+		req,
 	});
+
+	user.id = app.id;
+	user.premium_since = new Date();
+	user.bot = true;
+
 	await user.save();
-	app.bot = user;
+
+	// flags is NaN here?
+	app.assign({ bot: user, flags: app.flags || 0 });
+
 	await app.save();
-	res.send().status(204)
+
+	res.send().status(204);
 });
 
 router.post("/reset", route({}), async (req: Request, res: Response) => {
-	let bot = await User.findOne({where: {id: req.params.id}});
-	let owner = await User.findOne({where: {id: req.user_id}});
-	if(!bot) return res.status(404);
-	if(owner?.totp_secret && (!req.body.code || verifyToken(owner.totp_secret, req.body.code))) {
+	let bot = await User.findOneOrFail({ where: { id: req.params.id } });
+	let owner = await User.findOneOrFail({ where: { id: req.user_id } });
+
+	if (owner.id != req.user_id)
+		throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
+
+	if (owner.totp_secret && (!req.body.code || verifyToken(owner.totp_secret, req.body.code)))
 		throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008);
-	}
+
 	bot.data = { hash: undefined, valid_tokens_since: new Date() };
+
 	await bot.save();
+
 	let token = await generateToken(bot.id);
-	res.json({token}).status(200);
+
+	res.json({ token }).status(200);
 });
 
-router.patch("/", route({}), async (req: Request, res: Response) => {
-	delete req.body.avatar;
-	let app = OrmUtils.mergeDeep(await User.findOne({where: {id: req.params.id}}), req.body);
+router.patch("/", route({ body: "BotModifySchema" }), async (req: Request, res: Response) => {
+	const body = req.body as BotModifySchema;
+	if (!body.avatar?.trim()) delete body.avatar;
+
+	const app = await Application.findOneOrFail({ where: { id: req.params.id }, relations: ["bot", "owner"] });
+
+	if (!app.bot)
+		throw DiscordApiErrors.BOT_ONLY_ENDPOINT;
+
+	if (app.owner.id != req.user_id)
+		throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
+
+	if (body.avatar)
+		body.avatar = await handleFile(
+			`/avatars/${app.id}`,
+			body.avatar as string,
+		);
+
+	app.bot.assign(body);
+
+	app.bot.save();
+
 	await app.save();
 	res.json(app).status(200);
 });
diff --git a/src/api/routes/applications/#id/index.ts b/src/api/routes/applications/#id/index.ts
index 0aced582..79df256a 100644
--- a/src/api/routes/applications/#id/index.ts
+++ b/src/api/routes/applications/#id/index.ts
@@ -1,28 +1,55 @@
 import { Request, Response, Router } from "express";
 import { route } from "@fosscord/api";
-import { Application, OrmUtils, Team, trimSpecial, User } from "@fosscord/util";
+import { Application, OrmUtils, DiscordApiErrors, ApplicationModifySchema, User } from "@fosscord/util";
+import { verifyToken } from "node-2fa";
+import { HTTPError } from "lambert-server";
 
 const router: Router = Router();
 
 router.get("/", route({}), async (req: Request, res: Response) => {
-	let results = await Application.findOne({where: {id: req.params.id}, relations: ["owner", "bot"] });
-	res.json(results).status(200);
+	const app = await Application.findOneOrFail({ where: { id: req.params.id }, relations: ["owner", "bot"] });
+	if (app.owner.id != req.user_id)
+		throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
+
+	return res.json(app);
 });
 
-router.patch("/", route({}), async (req: Request, res: Response) => {
-	delete req.body.icon;
-	let app = OrmUtils.mergeDeep(await Application.findOne({where: {id: req.params.id}, relations: ["owner", "bot"]}), req.body);
-	if(app.bot) {
-		app.bot.bio = req.body.description
-		app.bot?.save();
+router.patch("/", route({ body: "ApplicationModifySchema" }), async (req: Request, res: Response) => {
+	const body = req.body as ApplicationModifySchema;
+
+	const app = await Application.findOneOrFail({ where: { id: req.params.id }, relations: ["owner", "bot"] });
+
+	if (app.owner.id != req.user_id)
+		throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
+
+	if (app.owner.totp_secret && (!req.body.code || verifyToken(app.owner.totp_secret, req.body.code)))
+		throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008);
+
+	if (app.bot) {
+		app.bot.assign({ bio: body.description });
+		await app.bot.save();
 	}
-	if(req.body.tags) app.tags = req.body.tags;
+
+	app.assign(body);
+
 	await app.save();
-	res.json(app).status(200);
+
+	return res.json(app);
 });
 
 router.post("/delete", route({}), async (req: Request, res: Response) => {
-	await Application.delete(req.params.id);
+	const app = await Application.findOneOrFail({ where: { id: req.params.id }, relations: ["bot", "owner"] });
+	if (app.owner.id != req.user_id)
+		throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION;
+
+	if (app.owner.totp_secret && (!req.body.code || verifyToken(app.owner.totp_secret, req.body.code)))
+		throw new HTTPError(req.t("auth:login.INVALID_TOTP_CODE"), 60008);
+
+	if (app.bot)
+		await User.delete({ id: app.bot.id });
+
+	await Application.delete({ id: app.id });
+
 	res.send().status(200);
 });
 
diff --git a/src/api/routes/applications/index.ts b/src/api/routes/applications/index.ts
index 41ce35b5..70af84e6 100644
--- a/src/api/routes/applications/index.ts
+++ b/src/api/routes/applications/index.ts
@@ -1,35 +1,31 @@
 import { Request, Response, Router } from "express";
 import { route } from "@fosscord/api";
-import { Application, OrmUtils, Team, trimSpecial, User } from "@fosscord/util";
+import { Application, ApplicationCreateSchema, trimSpecial, User } from "@fosscord/util";
 
 const router: Router = Router();
 
-export interface ApplicationCreateSchema {
-	name: string;
-	team_id?: string | number;
-}
-
 router.get("/", route({}), async (req: Request, res: Response) => {
-	//TODO
-	let results = await Application.find({where: {owner: {id: req.user_id}}, relations: ["owner", "bot"] });
+	let results = await Application.find({ where: { owner: { id: req.user_id } }, relations: ["owner", "bot"] });
 	res.json(results).status(200);
 });
 
-router.post("/", route({}), async (req: Request, res: Response) => {
+router.post("/", route({ body: "ApplicationCreateSchema" }), async (req: Request, res: Response) => {
 	const body = req.body as ApplicationCreateSchema;
-	const user = await User.findOne({where: {id: req.user_id}})
-	if(!user) res.status(420);
-	let app = OrmUtils.mergeDeep(new Application(), {
+	const user = await User.findOneOrFail({ where: { id: req.user_id } });
+
+	const app = Application.create({
 		name: trimSpecial(body.name),
 		description: "",
 		bot_public: true,
 		bot_require_code_grant: false,
 		owner: user,
 		verify_key: "IMPLEMENTME",
-		flags: ""
+		flags: 0,
 	});
+
 	await app.save();
-	res.json(app).status(200);
+
+	res.json(app);
 });
 
 export default router;
\ No newline at end of file