summary refs log tree commit diff
path: root/src/routes
diff options
context:
space:
mode:
authorPaul Munteanu <luth@luthcode.net>2021-05-28 03:39:33 +0300
committerPaul Munteanu <luth@luthcode.net>2021-05-28 03:39:33 +0300
commitc6ab039787346f0930881ad7a5893e4ea555f852 (patch)
treea115223aa7a3d95c65e3c3432dd3df49e32b9d85 /src/routes
parentMerge branch 'fosscord:master' into master (diff)
parent:construction: permissions (diff)
downloadserver-c6ab039787346f0930881ad7a5893e4ea555f852.tar.xz
Merge branch 'master' of https://github.com/fosscord/fosscord-api
Diffstat (limited to 'src/routes')
-rw-r--r--src/routes/auth/login.ts11
-rw-r--r--src/routes/auth/register.ts59
-rw-r--r--src/routes/channels/#channel_id/messages/bulk-delete.ts3
-rw-r--r--src/routes/channels/#channel_id/messages/index.ts4
-rw-r--r--src/routes/channels/#channel_id/permissions.ts40
-rw-r--r--src/routes/channels/#channel_id/pins.ts11
-rw-r--r--src/routes/gateway.ts7
-rw-r--r--src/routes/guilds/#guild_id/bans.ts24
-rw-r--r--src/routes/guilds/index.ts3
-rw-r--r--src/routes/guilds/templates/index.ts9
-rw-r--r--src/routes/users/@me/delete.ts30
-rw-r--r--src/routes/users/@me/disable.ts10
12 files changed, 148 insertions, 63 deletions
diff --git a/src/routes/auth/login.ts b/src/routes/auth/login.ts

index a0fc1190..2c4084ea 100644 --- a/src/routes/auth/login.ts +++ b/src/routes/auth/login.ts
@@ -2,8 +2,7 @@ import { Request, Response, Router } from "express"; import { check, FieldErrors, Length } from "../../util/instanceOf"; import bcrypt from "bcrypt"; import jwt from "jsonwebtoken"; -import { UserModel } from "@fosscord/server-util"; -import Config from "../../util/Config"; +import { Config, UserModel } from "@fosscord/server-util"; import { adjustEmail } from "./register"; const router: Router = Router(); @@ -17,7 +16,7 @@ router.post( $undelete: Boolean, $captcha_key: String, $login_source: String, - $gift_code_sku_id: String, + $gift_code_sku_id: String }), async (req: Request, res: Response) => { const { login, password, captcha_key } = req.body; @@ -25,6 +24,8 @@ router.post( const query: any[] = [{ phone: login }]; if (email) query.push({ email }); + // TODO: Rewrite this to have the proper config syntax on the new method + const config = Config.get(); if (config.login.requireCaptcha && config.security.captcha.enabled) { @@ -33,7 +34,7 @@ router.post( return res.status(400).json({ captcha_key: ["captcha-required"], captcha_sitekey: sitekey, - captcha_service: service, + captcha_service: service }); } @@ -71,7 +72,7 @@ export async function generateToken(id: string) { { id: id, iat }, Config.get().security.jwtSecret, { - algorithm, + algorithm }, (err, token) => { if (err) return rej(err); diff --git a/src/routes/auth/register.ts b/src/routes/auth/register.ts
index 265516d7..e24485da 100644 --- a/src/routes/auth/register.ts +++ b/src/routes/auth/register.ts
@@ -1,6 +1,5 @@ import { Request, Response, Router } from "express"; -import Config from "../../util/Config"; -import { trimSpecial, User, Snowflake, UserModel } from "@fosscord/server-util"; +import { trimSpecial, User, Snowflake, UserModel, Config } from "@fosscord/server-util"; import bcrypt from "bcrypt"; import { check, Email, EMAIL_REGEX, FieldErrors, Length } from "../../util/instanceOf"; import "missing-native-js-functions"; @@ -21,7 +20,7 @@ router.post( $invite: String, $date_of_birth: Date, // "2000-04-03" $gift_code_sku_id: String, - $captcha_key: String, + $captcha_key: String }), async (req: Request, res: Response) => { const { @@ -33,14 +32,14 @@ router.post( invite, date_of_birth, gift_code_sku_id, // ? what is this - captcha_key, + captcha_key } = req.body; // TODO: automatically join invite // TODO: gift_code_sku_id? // TODO: check password strength // adjusted_email will be slightly modified version of the user supplied email -> e.g. protection against GMail Trick - let adjusted_email: string | undefined = adjustEmail(email); + let adjusted_email: string | null = adjustEmail(email); // adjusted_password will be the hash of the password let adjusted_password: string = ""; @@ -57,21 +56,21 @@ router.post( // check if registration is allowed if (!register.allowNewRegistration) { throw FieldErrors({ - email: { code: "REGISTRATION_DISABLED", message: req.t("auth:register.REGISTRATION_DISABLED") }, + email: { code: "REGISTRATION_DISABLED", message: req.t("auth:register.REGISTRATION_DISABLED") } }); } // check if the user agreed to the Terms of Service if (!consent) { throw FieldErrors({ - consent: { code: "CONSENT_REQUIRED", message: req.t("auth:register.CONSENT_REQUIRED") }, + consent: { code: "CONSENT_REQUIRED", message: req.t("auth:register.CONSENT_REQUIRED") } }); } // require invite to register -> e.g. for organizations to send invites to their employees if (register.requireInvite && !invite) { throw FieldErrors({ - email: { code: "INVITE_ONLY", message: req.t("auth:register.INVITE_ONLY") }, + email: { code: "INVITE_ONLY", message: req.t("auth:register.INVITE_ONLY") } }); } @@ -86,19 +85,19 @@ router.post( throw FieldErrors({ email: { code: "EMAIL_ALREADY_REGISTERED", - message: req.t("auth.register.EMAIL_ALREADY_REGISTERED"), - }, + message: req.t("auth:register.EMAIL_ALREADY_REGISTERED") + } }); } - } else if (register.email.required) { + } else if (register.email.necessary) { throw FieldErrors({ - email: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") }, + email: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") } }); } - if (register.dateOfBirth.required && !date_of_birth) { + if (register.dateOfBirth.necessary && !date_of_birth) { throw FieldErrors({ - date_of_birth: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") }, + date_of_birth: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") } }); } else if (register.dateOfBirth.minimum) { const minimum = new Date(); @@ -109,8 +108,8 @@ router.post( throw FieldErrors({ date_of_birth: { code: "DATE_OF_BIRTH_UNDERAGE", - message: req.t("auth:register.DATE_OF_BIRTH_UNDERAGE", { years: register.dateOfBirth.minimum }), - }, + message: req.t("auth:register.DATE_OF_BIRTH_UNDERAGE", { years: register.dateOfBirth.minimum }) + } }); } } @@ -123,8 +122,8 @@ router.post( throw FieldErrors({ email: { code: "EMAIL_ALREADY_REGISTERED", - message: req.t("auth:register.EMAIL_ALREADY_REGISTERED"), - }, + message: req.t("auth:register.EMAIL_ALREADY_REGISTERED") + } }); } } @@ -135,7 +134,7 @@ router.post( return res.status(400).json({ captcha_key: ["captcha-required"], captcha_sitekey: sitekey, - captcha_service: service, + captcha_service: service }); } @@ -160,8 +159,8 @@ router.post( throw FieldErrors({ username: { code: "USERNAME_TOO_MANY_USERS", - message: req.t("auth:register.USERNAME_TOO_MANY_USERS"), - }, + message: req.t("auth:register.USERNAME_TOO_MANY_USERS") + } }); } @@ -181,17 +180,19 @@ router.post( mobile: false, premium: false, premium_type: 0, - phone: undefined, + phone: null, mfa_enabled: false, verified: false, + disabled: false, + deleted: false, presence: { activities: [], client_status: { desktop: undefined, mobile: undefined, - web: undefined, + web: undefined }, - status: "offline", + status: "offline" }, email: adjusted_email, nsfw_allowed: true, // TODO: depending on age @@ -203,7 +204,7 @@ router.post( valid_tokens_since: new Date(), relationships: [], connected_accounts: [], - fingerprints: [], + fingerprints: [] }, user_settings: { afk_timeout: 300, @@ -216,7 +217,7 @@ router.post( emoji_id: null, emoji_name: null, expires_at: null, - text: null, + text: null }, default_guilds_restricted: false, detect_platform_accounts: true, @@ -241,9 +242,9 @@ router.post( status: "offline", stream_notifications_enabled: true, theme: "dark", - timezone_offset: 0, + timezone_offset: 0 // timezone_offset: // TODO: timezone from request - }, + } }; // insert user into database @@ -253,7 +254,7 @@ router.post( } ); -export function adjustEmail(email: string): string | undefined { +export function adjustEmail(email: string): string | null { // body parser already checked if it is a valid email const parts = <RegExpMatchArray>email.match(EMAIL_REGEX); // @ts-ignore diff --git a/src/routes/channels/#channel_id/messages/bulk-delete.ts b/src/routes/channels/#channel_id/messages/bulk-delete.ts
index ac032c0e..24724d34 100644 --- a/src/routes/channels/#channel_id/messages/bulk-delete.ts +++ b/src/routes/channels/#channel_id/messages/bulk-delete.ts
@@ -1,7 +1,6 @@ import { Router } from "express"; -import { ChannelModel, getPermission, MessageDeleteBulkEvent, MessageModel } from "@fosscord/server-util"; +import { ChannelModel, Config, getPermission, MessageDeleteBulkEvent, MessageModel } from "@fosscord/server-util"; import { HTTPError } from "lambert-server"; -import Config from "../../../../util/Config"; import { emitEvent } from "../../../../util/Event"; import { check } from "../../../../util/instanceOf"; diff --git a/src/routes/channels/#channel_id/messages/index.ts b/src/routes/channels/#channel_id/messages/index.ts
index 7fdff809..cdc46d14 100644 --- a/src/routes/channels/#channel_id/messages/index.ts +++ b/src/routes/channels/#channel_id/messages/index.ts
@@ -71,9 +71,11 @@ router.get("/", async (req, res) => { id: { $gt: (BigInt(around) - BigInt(halfLimit)).toString(), $lt: (BigInt(around) + BigInt(halfLimit)).toString() } }); else { - query = MessageModel.find({ channel_id }).sort({ id: -1 }); + query = MessageModel.find({ channel_id }); } + query = query.sort({ id: -1 }); + const messages = await query.limit(limit).exec(); return res.json( diff --git a/src/routes/channels/#channel_id/permissions.ts b/src/routes/channels/#channel_id/permissions.ts
index 93c33ea5..1a0ec6af 100644 --- a/src/routes/channels/#channel_id/permissions.ts +++ b/src/routes/channels/#channel_id/permissions.ts
@@ -1,5 +1,43 @@ +import { ChannelModel, ChannelPermissionOverwrite, getPermission, MemberModel, RoleModel } from "@fosscord/server-util"; import { Router } from "express"; +import { HTTPError } from "lambert-server"; +import { check } from "../../../util/instanceOf"; const router: Router = Router(); -// TODO: + +// TODO: Only permissions your bot has in the guild or channel can be allowed/denied (unless your bot has a MANAGE_ROLES overwrite in the channel) + +router.put("/:overwrite_id", check({ allow: BigInt, deny: BigInt, type: Number }), async (req, res) => { + const { channel_id, overwrite_id } = req.params; + const body = req.body as { allow: bigint; deny: bigint; type: number }; + + const channel = await ChannelModel.findOne({ id: channel_id }).exec(); + if (!channel || !channel.guild_id) throw new HTTPError("Channel not found", 404); + + const permissions = await getPermission(req.user_id, channel.guild_id, channel_id); + permissions.hasThrow("MANAGE_ROLES"); + + if (body.type === 0) { + if (!(await RoleModel.exists({ id: overwrite_id }))) throw new HTTPError("role not found", 404); + } else if (body.type === 1) { + if (await MemberModel.exists({ id: overwrite_id })) throw new HTTPError("user not found", 404); + } else throw new HTTPError("type not supported"); + + // @ts-ignore + var overwrite: ChannelPermissionOverwrite = channel.permission_overwrites.find((x) => x.id === overwrite_id); + if (!overwrite) { + // @ts-ignore + overwrite = { + id: overwrite_id, + type: body.type + }; + channel.permission_overwrites.push(overwrite); + } + overwrite.allow = body.allow; + overwrite.deny = body.deny; + + await ChannelModel.updateOne({ id: channel_id }, channel).exec(); + + return res.sendStatus(204); +}); export default router; diff --git a/src/routes/channels/#channel_id/pins.ts b/src/routes/channels/#channel_id/pins.ts
index 9d36b5c1..43c504d8 100644 --- a/src/routes/channels/#channel_id/pins.ts +++ b/src/routes/channels/#channel_id/pins.ts
@@ -1,6 +1,13 @@ -import { ChannelModel, ChannelPinsUpdateEvent, getPermission, MessageModel, MessageUpdateEvent, toObject } from "@fosscord/server-util"; +import { + ChannelModel, + ChannelPinsUpdateEvent, + Config, + getPermission, + MessageModel, + MessageUpdateEvent, + toObject +} from "@fosscord/server-util"; import { Router, Request, Response } from "express"; -import Config from "../../../util/Config"; import { HTTPError } from "lambert-server"; import { emitEvent } from "../../../util/Event"; diff --git a/src/routes/gateway.ts b/src/routes/gateway.ts
index 5b6a87e7..ffbbe74c 100644 --- a/src/routes/gateway.ts +++ b/src/routes/gateway.ts
@@ -1,12 +1,11 @@ +import { Config } from "@fosscord/server-util"; import { Router } from "express"; -import Config from "../util/Config"; const router = Router(); router.get("/", (req, res) => { - const endpoint = Config.getAll()?.gateway?.endpoint; - - res.send({ url: endpoint || "ws://localhost:3002" }); + const { endpoint } = Config.get().gateway; + res.send({ url: endpoint || process.env.GATEWAY || "ws://localhost:3002" }); }); export default router; diff --git a/src/routes/guilds/#guild_id/bans.ts b/src/routes/guilds/#guild_id/bans.ts
index f84950f9..87d2e7f8 100644 --- a/src/routes/guilds/#guild_id/bans.ts +++ b/src/routes/guilds/#guild_id/bans.ts
@@ -11,17 +11,17 @@ import { getPublicUser } from "../../../util/User"; const router: Router = Router(); router.get("/", async (req: Request, res: Response) => { - const guild_id = req.params.id; + const { guild_id } = req.params; const guild = await GuildModel.exists({ id: guild_id }); if (!guild) throw new HTTPError("Guild not found", 404); - var bans = await BanModel.find({ guild_id: guild_id }).exec(); + var bans = await BanModel.find({ guild_id: guild_id }, { user: true, reason: true }).exec(); return res.json(toObject(bans)); }); router.get("/:user", async (req: Request, res: Response) => { - const guild_id = req.params.id; + const { guild_id } = req.params; const user_id = req.params.ban; var ban = await BanModel.findOne({ guild_id: guild_id, user_id: user_id }).exec(); @@ -29,8 +29,8 @@ router.get("/:user", async (req: Request, res: Response) => { return res.json(ban); }); -router.post("/:user_id", check(BanCreateSchema), async (req: Request, res: Response) => { - const guild_id = req.params.id; +router.put("/:user_id", check(BanCreateSchema), async (req: Request, res: Response) => { + const { guild_id } = req.params; const banned_user_id = req.params.user_id; const banned_user = await getPublicUser(banned_user_id); @@ -45,19 +45,19 @@ router.post("/:user_id", check(BanCreateSchema), async (req: Request, res: Respo guild_id: guild_id, ip: getIpAdress(req), executor_id: req.user_id, - reason: req.body.reason, // || otherwise empty + reason: req.body.reason // || otherwise empty }).save(); await emitEvent({ event: "GUILD_BAN_ADD", data: { guild_id: guild_id, - user: banned_user, + user: banned_user }, - guild_id: guild_id, + guild_id: guild_id } as GuildBanAddEvent); - return res.json(ban).send(); + return res.json(toObject(ban)); }); router.delete("/:user_id", async (req: Request, res: Response) => { @@ -73,16 +73,16 @@ router.delete("/:user_id", async (req: Request, res: Response) => { await BanModel.deleteOne({ user_id: banned_user_id, - guild_id, + guild_id }).exec(); await emitEvent({ event: "GUILD_BAN_REMOVE", data: { guild_id, - user: banned_user, + user: banned_user }, - guild_id, + guild_id } as GuildBanRemoveEvent); return res.status(204).send(); diff --git a/src/routes/guilds/index.ts b/src/routes/guilds/index.ts
index c286ad51..17ade355 100644 --- a/src/routes/guilds/index.ts +++ b/src/routes/guilds/index.ts
@@ -1,9 +1,8 @@ import { Router, Request, Response } from "express"; -import { RoleModel, GuildModel, Snowflake, Guild, RoleDocument } from "@fosscord/server-util"; +import { RoleModel, GuildModel, Snowflake, Guild, RoleDocument, Config } from "@fosscord/server-util"; import { HTTPError } from "lambert-server"; import { check } from "./../../util/instanceOf"; import { GuildCreateSchema } from "../../schema/Guild"; -import Config from "../../util/Config"; import { getPublicUser } from "../../util/User"; import { addMember } from "../../util/Member"; import { createChannel } from "../../util/Channel"; diff --git a/src/routes/guilds/templates/index.ts b/src/routes/guilds/templates/index.ts
index 7e32e94c..f23d4fbe 100644 --- a/src/routes/guilds/templates/index.ts +++ b/src/routes/guilds/templates/index.ts
@@ -1,11 +1,10 @@ import { Request, Response, Router } from "express"; const router: Router = Router(); -import { TemplateModel, GuildModel, toObject, UserModel, RoleModel, Snowflake, Guild } from "@fosscord/server-util"; +import { TemplateModel, GuildModel, toObject, UserModel, RoleModel, Snowflake, Guild, Config } from "@fosscord/server-util"; import { HTTPError } from "lambert-server"; import { GuildTemplateCreateSchema } from "../../../schema/Guild"; import { getPublicUser } from "../../../util/User"; import { check } from "../../../util/instanceOf"; -import Config from "../../../util/Config"; import { addMember } from "../../../util/Member"; router.get("/:code", async (req: Request, res: Response) => { @@ -37,7 +36,7 @@ router.post("/:code", check(GuildTemplateCreateSchema), async (req: Request, res ...body, ...template.serialized_source_guild, id: guild_id, - owner_id: req.user_id, + owner_id: req.user_id }; const [guild_doc, role] = await Promise.all([ @@ -52,8 +51,8 @@ router.post("/:code", check(GuildTemplateCreateSchema), async (req: Request, res name: "@everyone", permissions: 2251804225n, position: 0, - tags: null, - }).save(), + tags: null + }).save() ]); await addMember(req.user_id, guild_id, { guild: guild_doc }); diff --git a/src/routes/users/@me/delete.ts b/src/routes/users/@me/delete.ts new file mode 100644
index 00000000..ec4cc223 --- /dev/null +++ b/src/routes/users/@me/delete.ts
@@ -0,0 +1,30 @@ +import { Router, Request, Response } from "express"; +import { UserModel,UserDocument, toObject } from "@fosscord/server-util"; +import { getPublicUser } from "../../../util/User"; +import { HTTPError } from "lambert-server"; +import { UserUpdateSchema } from "../../../schema/User"; +import { check, FieldErrors, Length } from "../../../util/instanceOf"; +import { db } from "@fosscord/server-util"; +import bcrypt from "bcrypt"; +const router = Router(); + +router.post("/", async (req: Request, res: Response) => { + + const user = await UserModel.findOne( + { id: req.user_id }, + + ).exec(); //User object + + let correctpass = await bcrypt.compare(req.body.password,user!.user_data.hash) //Not sure if user typed right password :/ + if(correctpass){ + await UserModel.deleteOne({id: req.user_id}).exec() //Yeetus user deletus + + res.sendStatus(204); + } + else{ + res.sendStatus(401); + + } +}); + +export default router; diff --git a/src/routes/users/@me/disable.ts b/src/routes/users/@me/disable.ts new file mode 100644
index 00000000..ab3ce58c --- /dev/null +++ b/src/routes/users/@me/disable.ts
@@ -0,0 +1,10 @@ +import { Router } from "express"; + +const router = Router(); + +router.post("/", (req, res) => { + // TODO: + res.sendStatus(204); +}); + +export default router;