diff --git a/src/api/middlewares/Authentication.ts b/src/api/middlewares/Authentication.ts
index 9e41b453..a6cad51c 100644
--- a/src/api/middlewares/Authentication.ts
+++ b/src/api/middlewares/Authentication.ts
@@ -16,8 +16,8 @@
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
-import { checkToken, Rights } from "@spacebar/util";
import * as Sentry from "@sentry/node";
+import { checkToken, Rights } from "@spacebar/util";
import { NextFunction, Request, Response } from "express";
import { HTTPError } from "lambert-server";
@@ -32,7 +32,7 @@ export const NO_AUTHORIZATION_ROUTES = [
"/auth/forgot",
"/auth/reset",
// Routes with a seperate auth system
- "/webhooks/",
+ /\/webhooks\/\d+\/\w+\/?/, // no token requires auth
// Public information endpoints
"/ping",
"/gateway",
diff --git a/src/api/routes/channels/#channel_id/webhooks.ts b/src/api/routes/channels/#channel_id/webhooks.ts
index d54756a1..4c1ccbdf 100644
--- a/src/api/routes/channels/#channel_id/webhooks.ts
+++ b/src/api/routes/channels/#channel_id/webhooks.ts
@@ -26,8 +26,8 @@ import {
WebhookCreateSchema,
WebhookType,
handleFile,
- trimSpecial,
isTextChannel,
+ trimSpecial,
} from "@spacebar/util";
import crypto from "crypto";
import { Request, Response, Router } from "express";
@@ -35,10 +35,12 @@ import { HTTPError } from "lambert-server";
const router: Router = Router();
-//TODO: implement webhooks
router.get(
"/",
route({
+ description:
+ "Returns a list of channel webhook objects. Requires the MANAGE_WEBHOOKS permission.",
+ permission: "MANAGE_WEBHOOKS",
responses: {
200: {
body: "APIWebhookArray",
@@ -46,7 +48,18 @@ router.get(
},
}),
async (req: Request, res: Response) => {
- res.json([]);
+ const { channel_id } = req.params;
+ const webhooks = await Webhook.find({
+ where: { channel_id },
+ relations: [
+ "user",
+ "guild",
+ "source_guild",
+ "application" /*"source_channel"*/,
+ ],
+ });
+
+ return res.json(webhooks);
},
);
@@ -89,15 +102,15 @@ router.post(
if (avatar) avatar = await handleFile(`/avatars/${channel_id}`, avatar);
- const hook = Webhook.create({
+ const hook = await Webhook.create({
type: WebhookType.Incoming,
name,
avatar,
guild_id: channel.guild_id,
channel_id: channel.id,
user_id: req.user_id,
- token: crypto.randomBytes(24).toString("base64"),
- });
+ token: crypto.randomBytes(24).toString("base64url"),
+ }).save();
const user = await User.getPublicUser(req.user_id);
diff --git a/src/api/routes/guilds/#guild_id/webhooks.ts b/src/api/routes/guilds/#guild_id/webhooks.ts
index d58659a4..a2ef7d69 100644
--- a/src/api/routes/guilds/#guild_id/webhooks.ts
+++ b/src/api/routes/guilds/#guild_id/webhooks.ts
@@ -16,12 +16,37 @@
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
-import { Router, Response, Request } from "express";
import { route } from "@spacebar/api";
+import { Webhook } from "@spacebar/util";
+import { Request, Response, Router } from "express";
const router = Router();
-//TODO: implement webhooks
-router.get("/", route({}), async (req: Request, res: Response) => {
- res.json([]);
-});
+router.get(
+ "/",
+ route({
+ description:
+ "Returns a list of guild webhook objects. Requires the MANAGE_WEBHOOKS permission.",
+ permission: "MANAGE_WEBHOOKS",
+ responses: {
+ 200: {
+ body: "APIWebhookArray",
+ },
+ },
+ }),
+ async (req: Request, res: Response) => {
+ const { guild_id } = req.params;
+ const webhooks = await Webhook.find({
+ where: { guild_id },
+ relations: [
+ "user",
+ "guild",
+ "source_guild",
+ "application" /*"source_channel"*/,
+ ],
+ });
+
+ return res.json(webhooks);
+ },
+);
+
export default router;
diff --git a/src/api/routes/webhooks/#webhook_id/#token/index.ts b/src/api/routes/webhooks/#webhook_id/#token/index.ts
new file mode 100644
index 00000000..b47502b4
--- /dev/null
+++ b/src/api/routes/webhooks/#webhook_id/#token/index.ts
@@ -0,0 +1,215 @@
+import { handleMessage, route } from "@spacebar/api";
+import {
+ Attachment,
+ Config,
+ DiscordApiErrors,
+ FieldErrors,
+ Message,
+ Webhook,
+ WebhookExecuteSchema,
+ uploadFile,
+} from "@spacebar/util";
+import { Request, Response, Router } from "express";
+import { HTTPError } from "lambert-server";
+import multer from "multer";
+import { MoreThan } from "typeorm";
+const router = Router();
+
+router.get(
+ "/",
+ route({
+ description: "Returns a webhook object for the given id.",
+ responses: {
+ 200: {
+ body: "APIWebhook",
+ },
+ 404: {},
+ },
+ }),
+ async (req: Request, res: Response) => {
+ const { webhook_id, token } = req.params;
+ const webhook = await Webhook.findOne({
+ where: {
+ id: webhook_id,
+ },
+ relations: ["channel", "guild", "application"],
+ });
+
+ if (!webhook) {
+ throw DiscordApiErrors.UNKNOWN_WEBHOOK;
+ }
+
+ if (webhook.token !== token) {
+ throw DiscordApiErrors.INVALID_WEBHOOK_TOKEN_PROVIDED;
+ }
+
+ return res.json(webhook);
+ },
+);
+
+// TODO: config max upload size
+const messageUpload = multer({
+ limits: {
+ fileSize: Config.get().limits.message.maxAttachmentSize,
+ fields: 10,
+ // files: 1
+ },
+ storage: multer.memoryStorage(),
+}); // max upload 50 mb
+
+// https://discord.com/developers/docs/resources/webhook#execute-webhook
+router.post(
+ "/",
+ messageUpload.any(),
+ (req, res, next) => {
+ if (req.body.payload_json) {
+ req.body = JSON.parse(req.body.payload_json);
+ }
+
+ next();
+ },
+ route({
+ requestBody: "WebhookExecuteSchema",
+ query: {
+ wait: {
+ type: "boolean",
+ required: false,
+ description:
+ "waits for server confirmation of message send before response, and returns the created message body",
+ },
+ thread_id: {
+ type: "string",
+ required: false,
+ description:
+ "Send a message to the specified thread within a webhook's channel.",
+ },
+ },
+ responses: {
+ 204: {},
+ 400: {
+ body: "APIErrorResponse",
+ },
+ 404: {},
+ },
+ }),
+ async (req: Request, res: Response) => {
+ const { webhook_id, token } = req.params;
+ const body = req.body as WebhookExecuteSchema;
+ const attachments: Attachment[] = [];
+
+ // ensure one of content, embeds, components, or file is present
+ if (
+ !body.content &&
+ !body.embeds &&
+ !body.components &&
+ !body.file &&
+ !body.attachments
+ ) {
+ throw DiscordApiErrors.CANNOT_SEND_EMPTY_MESSAGE;
+ }
+
+ // block username from containing certain words
+ // TODO: configurable additions
+ const blockedContains = ["discord", "clyde", "spacebar"];
+ for (const word of blockedContains) {
+ if (body.username?.toLowerCase().includes(word)) {
+ return res.status(400).json({
+ username: [`Username cannot contain "${word}"`],
+ });
+ }
+ }
+
+ // block username from being certain words
+ // TODO: configurable additions
+ const blockedEquals = ["everyone", "here"];
+ for (const word of blockedEquals) {
+ if (body.username?.toLowerCase() === word) {
+ return res.status(400).json({
+ username: [`Username cannot be "${word}"`],
+ });
+ }
+ }
+
+ const webhook = await Webhook.findOne({
+ where: {
+ id: webhook_id,
+ },
+ relations: ["channel", "guild", "application"],
+ });
+
+ if (!webhook) {
+ throw DiscordApiErrors.UNKNOWN_WEBHOOK;
+ }
+
+ if (!webhook.channel.isWritable()) {
+ throw new HTTPError(
+ `Cannot send messages to channel of type ${webhook.channel.type}`,
+ 400,
+ );
+ }
+
+ if (webhook.token !== token) {
+ throw DiscordApiErrors.INVALID_WEBHOOK_TOKEN_PROVIDED;
+ }
+
+ // TODO: creating messages by users checks if the user can bypass rate limits, we cant do that on webhooks, but maybe we could check the application if there is one?
+ const limits = Config.get().limits;
+ if (limits.absoluteRate.register.enabled) {
+ const count = await Message.count({
+ where: {
+ channel_id: webhook.channel_id,
+ timestamp: MoreThan(
+ new Date(
+ Date.now() - limits.absoluteRate.sendMessage.window,
+ ),
+ ),
+ },
+ });
+
+ if (count >= limits.absoluteRate.sendMessage.limit)
+ throw FieldErrors({
+ channel_id: {
+ code: "TOO_MANY_MESSAGES",
+ message: req.t("common:toomany.MESSAGE"),
+ },
+ });
+ }
+
+ const files = (req.files as Express.Multer.File[]) ?? [];
+ for (const currFile of files) {
+ try {
+ const file = await uploadFile(
+ `/attachments/${webhook.channel.id}`,
+ currFile,
+ );
+ attachments.push(
+ Attachment.create({ ...file, proxy_url: file.url }),
+ );
+ } catch (error) {
+ return res.status(400).json({ message: error?.toString() });
+ }
+ }
+
+ // TODO: set username and avatar based on body
+
+ const embeds = body.embeds || [];
+ const message = await handleMessage({
+ ...body,
+ type: 0,
+ pinned: false,
+ webhook_id: webhook.id,
+ application_id: webhook.application?.id,
+ embeds,
+ channel_id: webhook.channel_id,
+ attachments,
+ timestamp: new Date(),
+ });
+ // eslint-disable-next-line @typescript-eslint/ban-ts-comment
+ //@ts-ignore dont care2
+ message.edited_timestamp = null;
+
+ webhook.channel.last_message_id = message.id;
+ },
+);
+
+export default router;
diff --git a/src/api/routes/webhooks/#webhook_id/index.ts b/src/api/routes/webhooks/#webhook_id/index.ts
new file mode 100644
index 00000000..cc8c0386
--- /dev/null
+++ b/src/api/routes/webhooks/#webhook_id/index.ts
@@ -0,0 +1,32 @@
+import { route } from "@spacebar/api";
+import { Webhook } from "@spacebar/util";
+import { Request, Response, Router } from "express";
+const router = Router();
+
+router.get(
+ "/",
+ route({
+ description: "Returns a webhook object for the given id.",
+ responses: {
+ 200: {
+ body: "APIWebhook",
+ },
+ 404: {},
+ },
+ }),
+ async (req: Request, res: Response) => {
+ const { webhook_id } = req.params;
+ const webhook = await Webhook.findOneOrFail({
+ where: { id: webhook_id },
+ relations: [
+ "user",
+ "guild",
+ "source_guild",
+ "application" /*"source_channel"*/,
+ ],
+ });
+ return res.json(webhook);
+ },
+);
+
+export default router;
diff --git a/src/util/schemas/MessageCreateSchema.ts b/src/util/schemas/MessageCreateSchema.ts
index 57abf62f..8093a10a 100644
--- a/src/util/schemas/MessageCreateSchema.ts
+++ b/src/util/schemas/MessageCreateSchema.ts
@@ -18,7 +18,7 @@
import { Embed } from "@spacebar/util";
-type Attachment = {
+export type MessageCreateAttachment = {
id: string;
filename: string;
};
@@ -52,7 +52,7 @@ export interface MessageCreateSchema {
TODO: we should create an interface for attachments
TODO: OpenWAAO<-->attachment-style metadata conversion
**/
- attachments?: Attachment[];
+ attachments?: MessageCreateAttachment[];
sticker_ids?: string[];
// eslint-disable-next-line @typescript-eslint/no-explicit-any
components?: any[];
diff --git a/src/util/schemas/WebhookCreateSchema.ts b/src/util/schemas/WebhookCreateSchema.ts
index f92cb63e..7bd0afa8 100644
--- a/src/util/schemas/WebhookCreateSchema.ts
+++ b/src/util/schemas/WebhookCreateSchema.ts
@@ -16,7 +16,6 @@
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
-// TODO: webhooks
export interface WebhookCreateSchema {
/**
* @maxLength 80
diff --git a/src/util/schemas/WebhookExecuteSchema.ts b/src/util/schemas/WebhookExecuteSchema.ts
new file mode 100644
index 00000000..943cbe9e
--- /dev/null
+++ b/src/util/schemas/WebhookExecuteSchema.ts
@@ -0,0 +1,46 @@
+/*
+ Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
+ Copyright (C) 2023 Spacebar and Spacebar Contributors
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as published
+ by the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+*/
+
+import { Embed } from "../entities";
+import { MessageCreateAttachment } from "./MessageCreateSchema";
+
+export interface WebhookExecuteSchema {
+ content?: string;
+ username?: string;
+ avatar_url?: string;
+ tts?: boolean;
+ embeds?: Embed[];
+ allowed_mentions?: {
+ parse?: string[];
+ roles?: string[];
+ users?: string[];
+ replied_user?: boolean;
+ };
+ // eslint-disable-next-line @typescript-eslint/no-explicit-any
+ components?: any[];
+ file?: { filename: string };
+ payload_json?: string;
+ /**
+ TODO: we should create an interface for attachments
+ TODO: OpenWAAO<-->attachment-style metadata conversion
+ **/
+ attachments?: MessageCreateAttachment[];
+ flags?: number;
+ thread_name?: string;
+ applied_tags?: string[];
+}
diff --git a/src/util/schemas/index.ts b/src/util/schemas/index.ts
index 44a504cd..4812b535 100644
--- a/src/util/schemas/index.ts
+++ b/src/util/schemas/index.ts
@@ -79,5 +79,6 @@ export * from "./VoiceStateUpdateSchema";
export * from "./VoiceVideoSchema";
export * from "./WebAuthnSchema";
export * from "./WebhookCreateSchema";
+export * from "./WebhookExecuteSchema";
export * from "./WidgetModifySchema";
export * from "./responses";
diff --git a/src/util/util/Constants.ts b/src/util/util/Constants.ts
index e68bb0b7..112b0cc4 100644
--- a/src/util/util/Constants.ts
+++ b/src/util/util/Constants.ts
@@ -576,7 +576,7 @@ export const DiscordApiErrors = {
UNKNOWN_TOKEN: new ApiError("Unknown token", 10012),
UNKNOWN_USER: new ApiError("Unknown user", 10013),
UNKNOWN_EMOJI: new ApiError("Unknown emoji", 10014),
- UNKNOWN_WEBHOOK: new ApiError("Unknown webhook", 10015),
+ UNKNOWN_WEBHOOK: new ApiError("Unknown webhook", 10015, 404),
UNKNOWN_WEBHOOK_SERVICE: new ApiError("Unknown webhook service", 10016),
UNKNOWN_CONNECTION: new ApiError("Unknown connection", 10017, 400),
UNKNOWN_SESSION: new ApiError("Unknown session", 10020),
|
