4 files changed, 90 insertions, 62 deletions
diff --git a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
index c285abb3..2ff89eae 100644
--- a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
+++ b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts
@@ -7,6 +7,7 @@ const router = Router();
 
 export interface MemberChangeSchema {
 	roles?: string[];
+	nick?: string;
 }
 
 router.get("/", route({}), async (req: Request, res: Response) => {
@@ -34,6 +35,8 @@ router.patch("/", route({ body: "MemberChangeSchema" }), async (req: Request, re
 		member.roles = body.roles.map((x) => new Role({ id: x })); // foreign key constraint will fail if role doesn't exist
 	}
 
+	if (body.nick) member.nick = body.nick;
+
 	await member.save();
 
 	member.roles = member.roles.filter((x) => x.id !== everyone.id);
diff --git a/api/src/routes/guilds/#guild_id/roles/#role_id/index.ts b/api/src/routes/guilds/#guild_id/roles/#role_id/index.ts
new file mode 100644
index 00000000..2ad01682
--- /dev/null
+++ b/api/src/routes/guilds/#guild_id/roles/#role_id/index.ts
@@ -0,0 +1,68 @@
+import { Router, Request, Response } from "express";
+import { Role, Member, GuildRoleUpdateEvent, GuildRoleDeleteEvent, emitEvent, handleFile } from "@fosscord/util";
+import { route } from "@fosscord/api";
+import { HTTPError } from "lambert-server";
+import { RoleModifySchema } from "../";
+
+const router = Router();
+
+router.get("/", route({}), async (req: Request, res: Response) => {
+	const { guild_id, role_id } = req.params;
+	await Member.IsInGuildOrFail(req.user_id, guild_id);
+	const role = await Role.findOneOrFail({ guild_id, id: role_id });
+	return res.json(role);
+});
+
+router.delete("/", route({ permission: "MANAGE_ROLES" }), async (req: Request, res: Response) => {
+	const { guild_id, role_id } = req.params;
+	if (role_id === guild_id) throw new HTTPError("You can't delete the @everyone role");
+
+	await Promise.all([
+		Role.delete({
+			id: role_id,
+			guild_id: guild_id
+		}),
+		emitEvent({
+			event: "GUILD_ROLE_DELETE",
+			guild_id,
+			data: {
+				guild_id,
+				role_id
+			}
+		} as GuildRoleDeleteEvent)
+	]);
+
+	res.sendStatus(204);
+});
+
+// TODO: check role hierarchy
+
+router.patch("/", route({ body: "RoleModifySchema", permission: "MANAGE_ROLES" }), async (req: Request, res: Response) => {
+	const { role_id, guild_id } = req.params;
+	const body = req.body as RoleModifySchema;
+
+	if (body.icon) body.icon = await handleFile(`/role-icons/${role_id}`, body.icon as string);
+
+	const role = new Role({
+		...body,
+		id: role_id,
+		guild_id,
+		permissions: String(req.permission!.bitfield & BigInt(body.permissions || "0"))
+	});
+
+	await Promise.all([
+		role.save(),
+		emitEvent({
+			event: "GUILD_ROLE_UPDATE",
+			guild_id,
+			data: {
+				guild_id,
+				role
+			}
+		} as GuildRoleUpdateEvent)
+	]);
+
+	res.json(role);
+});
+
+export default router;
diff --git a/api/src/routes/guilds/#guild_id/roles.ts b/api/src/routes/guilds/#guild_id/roles/index.ts
index b6894e3f..53465105 100644
--- a/api/src/routes/guilds/#guild_id/roles.ts
+++ b/api/src/routes/guilds/#guild_id/roles/index.ts
@@ -81,59 +81,6 @@ router.post("/", route({ body: "RoleModifySchema", permission: "MANAGE_ROLES" })
 	res.json(role);
 });
 
-router.delete("/:role_id", route({ permission: "MANAGE_ROLES" }), async (req: Request, res: Response) => {
-	const guild_id = req.params.guild_id;
-	const { role_id } = req.params;
-	if (role_id === guild_id) throw new HTTPError("You can't delete the @everyone role");
-
-	await Promise.all([
-		Role.delete({
-			id: role_id,
-			guild_id: guild_id
-		}),
-		emitEvent({
-			event: "GUILD_ROLE_DELETE",
-			guild_id,
-			data: {
-				guild_id,
-				role_id
-			}
-		} as GuildRoleDeleteEvent)
-	]);
-
-	res.sendStatus(204);
-});
-
-// TODO: check role hierarchy
-
-router.patch("/:role_id", route({ body: "RoleModifySchema", permission: "MANAGE_ROLES" }), async (req: Request, res: Response) => {
-	const { role_id, guild_id } = req.params;
-	const body = req.body as RoleModifySchema;
-
-	if (body.icon) body.icon = await handleFile(`/role-icons/${role_id}`, body.icon as string); 
-
-	const role = new Role({
-		...body,
-		id: role_id,
-		guild_id,
-		permissions: String(req.permission!.bitfield & BigInt(body.permissions || "0"))
-	});
-
-	await Promise.all([
-		role.save(),
-		emitEvent({
-			event: "GUILD_ROLE_UPDATE",
-			guild_id,
-			data: {
-				guild_id,
-				role
-			}
-		} as GuildRoleUpdateEvent)
-	]);
-
-	res.json(role);
-});
-
 router.patch("/", route({ body: "RolePositionUpdateSchema" }), async (req: Request, res: Response) => {
 	const { guild_id } = req.params;
 	const body = req.body as RolePositionUpdateSchema;
diff --git a/api/src/routes/users/@me/index.ts b/api/src/routes/users/@me/index.ts
index 1af413c4..7ab30f03 100644
--- a/api/src/routes/users/@me/index.ts
+++ b/api/src/routes/users/@me/index.ts
@@ -1,7 +1,8 @@
 import { Router, Request, Response } from "express";
-import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors } from "@fosscord/util";
+import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors, adjustEmail } from "@fosscord/util";
 import { route } from "@fosscord/api";
 import bcrypt from "bcrypt";
+import { HTTPError } from "lambert-server";
 
 const router: Router = Router();
 
@@ -21,6 +22,7 @@ export interface UserModifySchema {
 	password?: string;
 	new_password?: string;
 	code?: string;
+	email?: string;
 }
 
 router.get("/", route({}), async (req: Request, res: Response) => {
@@ -28,6 +30,8 @@ router.get("/", route({}), async (req: Request, res: Response) => {
 });
 
 router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res: Response) => {
+	if (req.user_id === "992772978150273216") throw new HTTPError("Demo user, sorry", 400);
+
 	const body = req.body as UserModifySchema;
 
 	if (body.avatar) body.avatar = await handleFile(`/avatars/${req.user_id}`, body.avatar as string);
@@ -46,6 +50,12 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res:
 		}
 	}
 
+	if (body.email) {
+		body.email = adjustEmail(body.email);
+		if (!body.email)
+			throw FieldErrors({ email: { message: req.t("auth:register.EMAIL_INVALID"), code: "EMAIL_INVALID" } });
+	}
+
 	if (body.new_password) {
 		if (!body.password && !user.email) {
 			throw FieldErrors({
@@ -55,14 +65,14 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res:
 		user.data.hash = await bcrypt.hash(body.new_password, 12);
 	}
 
-    if(body.username){
-        var check_username = body?.username?.replace(/\s/g, '');
-        if(!check_username) {
-            throw FieldErrors({
-                username: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") }
-            });
-        }
-    }
+	if (body.username) {
+		var check_username = body?.username?.replace(/\s/g, '');
+		if (!check_username) {
+			throw FieldErrors({
+				username: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") }
+			});
+		}
+	}
 
 	user.assign(body);
 	await user.save();