From 7ff5e1488719c78028f5db50988fe2da198ad51a Mon Sep 17 00:00:00 2001 From: Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> Date: Wed, 1 Sep 2021 11:27:52 +0200 Subject: :sparkles: use DiscordApiErrors and check limits --- api/src/routes/users/@me/relationships.ts | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'api/src/routes/users/@me/relationships.ts') diff --git a/api/src/routes/users/@me/relationships.ts b/api/src/routes/users/@me/relationships.ts index 0b864d88..2bd9c819 100644 --- a/api/src/routes/users/@me/relationships.ts +++ b/api/src/routes/users/@me/relationships.ts @@ -5,10 +5,12 @@ import { RelationshipType, RelationshipRemoveEvent, emitEvent, - Relationship + Relationship, + Config } from "@fosscord/util"; import { Router, Response, Request } from "express"; import { HTTPError } from "lambert-server"; +import { DiscordApiErrors } from "../../../util/Constants"; import { check, Length } from "../../../util/instanceOf"; @@ -31,6 +33,7 @@ async function updateRelationship(req: Request, res: Response, friend: User, typ var relationship = user.relationships.find((x) => x.id === id); const friendRequest = friend.relationships.find((x) => x.id === req.user_id); + // TODO: you can add infinitely many blocked users (should this be prevented?) if (type === RelationshipType.blocked) { if (relationship) { if (relationship.type === RelationshipType.blocked) throw new HTTPError("You already blocked the user"); @@ -67,6 +70,9 @@ async function updateRelationship(req: Request, res: Response, friend: User, typ return res.sendStatus(204); } + const { maxFriends } = Config.get().limits.user; + if (user.relationships.length >= maxFriends) throw DiscordApiErrors.MAXIMUM_FRIENDS.withParams(maxFriends); + var incoming_relationship = new Relationship({ nickname: undefined, type: RelationshipType.incoming, id: req.user_id }); var outgoing_relationship = new Relationship({ nickname: undefined, type: RelationshipType.outgoing, id }); -- cgit 1.5.1