diff --git a/src/routes/api/v8/channels/#channel_id/messages.ts b/src/routes/api/v8/channels/#channel_id/messages.ts
index 0826cf94..b11c0015 100644
--- a/src/routes/api/v8/channels/#channel_id/messages.ts
+++ b/src/routes/api/v8/channels/#channel_id/messages.ts
@@ -1,6 +1,7 @@
import { Router } from "express";
import { ChannelModel, ChannelType, getPermission, MessageModel } from "fosscord-server-util";
import { HTTPError } from "lambert-server";
+import { instanceOf, Length } from "../../../../../util/instanceOf";
const router: Router = Router();
export default router;
@@ -14,14 +15,34 @@ router.get("/", async (req, res) => {
if (!channel) throw new HTTPError("Channel not found", 404);
const type: ChannelType = channel.type;
+ switch (type) {
+ case ChannelType.GUILD_VOICE:
+ case ChannelType.GUILD_CATEGORY:
+ throw new HTTPError("not a text channel", 400);
+ case ChannelType.DM:
+ case ChannelType.GROUP_DM:
+ case ChannelType.GUILD_NEWS:
+ case ChannelType.GUILD_STORE:
+ case ChannelType.GUILD_TEXT:
+ break;
+ }
- getPermission(req.userid, channel.guild_id, channel_id);
+ instanceOf({ $around: BigInt, $after: BigInt, $before: BigInt, $limit: new Length(Number, 1, 100) }, req.query, {
+ path: "query",
+ req,
+ });
if (channel.guild_id) {
- channel.permission_overwrites;
+ const permissions = await getPermission(req.userid, channel.guild_id, channel_id, { channel });
+ if (!permissions.has("VIEW_CHANNEL"))
+ throw new HTTPError("You don't have permission to view this channel", 401);
+ if (permissions.has("READ_MESSAGE_HISTORY")) return res.json([]);
} else if (channel.recipients) {
// group/dm channel
+ if (!channel.recipients.includes(req.userid))
+ throw new HTTPError("You don't have permission to view this channel", 401);
} else {
// idk what this channel is, can probably be removed
+ throw new HTTPError("Unkown channel type", 500);
}
});
|
