summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--package-lock.json14
-rw-r--r--package.json2
-rw-r--r--src/routes/channels/#channel_id/messages/index.ts35
-rw-r--r--src/routes/channels/#channel_id/pins.ts43
4 files changed, 43 insertions, 51 deletions
diff --git a/package-lock.json b/package-lock.json

index 6b29af59..552a0972 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,7 @@
 			"hasInstallScript": true,
 			"license": "ISC",
 			"dependencies": {
-				"@fosscord/server-util": "^1.0.7",
+				"@fosscord/server-util": "^1.0.8",
 				"@types/jest": "^26.0.22",
 				"bcrypt": "^5.0.0",
 				"body-parser": "^1.19.0",
@@ -529,9 +529,9 @@
 			}
 		},
 		"node_modules/@fosscord/server-util": {
-			"version": "1.0.7",
-			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.7.tgz",
-			"integrity": "sha512-3vBPCt+lwMS7wk+iRvv+V8qBSnEdNifpPxX97Lfjje/TSWI17Kg29y3BmcGJRC5TwIHTLFtgpNLmZmruhv7ziQ==",
+			"version": "1.0.8",
+			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.8.tgz",
+			"integrity": "sha512-VfdjodBIdDZMyOJ8gZ4LmCQ7aENuPfcOUq2Vs8JOTwF2pYO/Z2yTsJcgZHLLqpMkhikBs8hW2XePEsxNNq3VwQ==",
 			"dependencies": {
 				"@types/jsonwebtoken": "^8.5.0",
 				"@types/mongoose-autopopulate": "^0.10.1",
@@ -12688,9 +12688,9 @@
 			}
 		},
 		"@fosscord/server-util": {
-			"version": "1.0.7",
-			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.7.tgz",
-			"integrity": "sha512-3vBPCt+lwMS7wk+iRvv+V8qBSnEdNifpPxX97Lfjje/TSWI17Kg29y3BmcGJRC5TwIHTLFtgpNLmZmruhv7ziQ==",
+			"version": "1.0.8",
+			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.8.tgz",
+			"integrity": "sha512-VfdjodBIdDZMyOJ8gZ4LmCQ7aENuPfcOUq2Vs8JOTwF2pYO/Z2yTsJcgZHLLqpMkhikBs8hW2XePEsxNNq3VwQ==",
 			"requires": {
 				"@types/jsonwebtoken": "^8.5.0",
 				"@types/mongoose-autopopulate": "^0.10.1",
diff --git a/package.json b/package.json

index d10adc8c..ad52ffd9 100644
--- a/package.json
+++ b/package.json
@@ -31,7 +31,7 @@
 	},
 	"homepage": "https://github.com/fosscord/fosscord-api#readme",
 	"dependencies": {
-		"@fosscord/server-util": "^1.0.7",
+		"@fosscord/server-util": "^1.0.8",
 		"@types/jest": "^26.0.22",
 		"bcrypt": "^5.0.0",
 		"body-parser": "^1.19.0",
diff --git a/src/routes/channels/#channel_id/messages/index.ts b/src/routes/channels/#channel_id/messages/index.ts

index a5151d9b..b186343e 100644
--- a/src/routes/channels/#channel_id/messages/index.ts
+++ b/src/routes/channels/#channel_id/messages/index.ts
@@ -57,18 +57,9 @@ router.get("/", async (req, res) => {
 	if (!limit) limit = 50;
 	var halfLimit = Math.floor(limit / 2);
 
-	if ([ChannelType.GUILD_VOICE, ChannelType.GUILD_CATEGORY, ChannelType.GUILD_STORE].includes(channel.type))
-		throw new HTTPError("Not a text channel");
-
-	if (channel.guild_id) {
-		const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel });
-		permissions.hasThrow("VIEW_CHANNEL");
-
-		if (!permissions.has("READ_MESSAGE_HISTORY")) return res.json([]);
-	} else if (channel.recipients) {
-		// group/dm channel
-		if (!channel.recipients.includes(req.user_id)) throw new HTTPError("You don't have permission to view this channel", 401);
-	}
+	const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel });
+	permissions.hasThrow("VIEW_CHANNEL");
+	if (!permissions.has("READ_MESSAGE_HISTORY")) return res.json([]);
 
 	var query: Query<MessageDocument[], MessageDocument>;
 	if (after) query = MessageModel.find({ channel_id, id: { $gt: after } });
@@ -105,15 +96,12 @@ router.post("/", check(MessageCreateSchema), async (req, res) => {
 	if (!channel) throw new HTTPError("Channel not found", 404);
 	// TODO: are tts messages allowed in dm channels? should permission be checked?
 
-	if (channel.guild_id) {
-		const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel });
-		permissions.hasThrow("SEND_MESSAGES");
-		if (body.tts) permissions.hasThrow("SEND_TTS_MESSAGES");
-		if (body.message_reference) {
-			permissions.hasThrow("READ_MESSAGE_HISTORY");
-			if (body.message_reference.guild_id !== channel.guild_id)
-				throw new HTTPError("You can only reference messages from this guild");
-		}
+	const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel });
+	permissions.hasThrow("SEND_MESSAGES");
+	if (body.tts) permissions.hasThrow("SEND_TTS_MESSAGES");
+	if (body.message_reference) {
+		permissions.hasThrow("READ_MESSAGE_HISTORY");
+		if (body.message_reference.guild_id !== channel.guild_id) throw new HTTPError("You can only reference messages from this guild");
 	}
 
 	if (body.message_reference) {
@@ -124,7 +112,7 @@ router.post("/", check(MessageCreateSchema), async (req, res) => {
 	const embeds = [];
 	if (body.embed) embeds.push(body.embed);
 
-	// TODO: check and put all in body in it
+	// TODO: check and put it all in the body
 	const message: Message = {
 		id: Snowflake.generate(),
 		channel_id,
@@ -144,8 +132,7 @@ router.post("/", check(MessageCreateSchema), async (req, res) => {
 		pinned: false,
 	};
 
-	const doc = await new MessageModel(message).populate({ path: "member", select: PublicMemberProjection }).save();
-	const data = toObject(doc);
+	const data = toObject(await new MessageModel(message).populate({ path: "member", select: PublicMemberProjection }).save());
 
 	await emitEvent({ event: "MESSAGE_CREATE", channel_id, data, guild_id: channel.guild_id } as MessageCreateEvent);
 
diff --git a/src/routes/channels/#channel_id/pins.ts b/src/routes/channels/#channel_id/pins.ts

index fc7dfb09..7dde15d0 100644
--- a/src/routes/channels/#channel_id/pins.ts
+++ b/src/routes/channels/#channel_id/pins.ts
@@ -1,37 +1,42 @@
 import { ChannelModel, getPermission, MessageModel, toObject } from "@fosscord/server-util";
 import { Router, Request, Response } from "express";
-import Config from "../../../util/Config"
+import Config from "../../../util/Config";
 import { HTTPError } from "lambert-server";
 
 const router: Router = Router();
 
+// TODO: auto throw error if findOne doesn't find anything
+
 router.put("/:message_id", async (req: Request, res: Response) => {
-    const { channel_id, message_id } = req.params;
-    const channel = await ChannelModel.findOne({ id: channel_id }).exec()
-    if (!channel) throw new HTTPError("Channel not found", 404)
-    const permission = await getPermission(req.user_id, channel.guild_id, channel_id)
-    permission.hasThrow("VIEW_CHANNEL")
-    permission.hasThrow("MANAGE_MESSAGES")
+	const { channel_id, message_id } = req.params;
+	const channel = await ChannelModel.findOne({ id: channel_id }).exec();
+	if (!channel) throw new HTTPError("Channel not found", 404);
+	const permission = await getPermission(req.user_id, channel.guild_id, channel_id);
+	permission.hasThrow("VIEW_CHANNEL");
+
+	// * in dm channels anyone can pin messages -> only check for guilds
+	if (channel.guild_id) permission.hasThrow("MANAGE_MESSAGES");
 
-    const pinned_count = await MessageModel.count({ channel_id, pinned: true }).exec()
-    const { maxPins } = Config.get().limits.channel
-    if (pinned_count >= maxPins) throw new HTTPError("Max pin count reached: " + maxPins)
+	const pinned_count = await MessageModel.count({ channel_id, pinned: true }).exec();
+	const { maxPins } = Config.get().limits.channel;
+	if (pinned_count >= maxPins) throw new HTTPError("Max pin count reached: " + maxPins);
 
-    await MessageModel.updateOne({ id: message_id }, { pinned: true }).exec()
+	await MessageModel.updateOne({ id: message_id }, { pinned: true }).exec();
 
-    res.sendStatus(204)
+	res.sendStatus(204);
 });
 
 router.get("/", async (req: Request, res: Response) => {
-    const { channel_id } = req.params;
+	const { channel_id } = req.params;
 
-    const channel = await ChannelModel.findOne({ id: channel_id }).exec()
-    if (!channel) throw new HTTPError("Channel not found", 404)
-    const permission = await getPermission(req.user_id, channel.guild_id, channel_id)
-    permission.hasThrow("VIEW_CHANNEL")
+	const channel = await ChannelModel.findOne({ id: channel_id }).exec();
+	if (!channel) throw new HTTPError("Channel not found", 404);
+	const permission = await getPermission(req.user_id, channel.guild_id, channel_id);
+	permission.hasThrow("VIEW_CHANNEL");
 
-    let pins = await MessageModel.find({ channel_id: channel_id, pinned: true }).exec()
+	let pins = await MessageModel.find({ channel_id: channel_id, pinned: true }).exec();
 
-    res.send(toObject(pins))
+	res.send(toObject(pins));
 });
+
 export default router;
generated by cgit-magenta 1.5.1 (git 2.48.1) at 2025-07-18 16:55:00 +0000