From b51e687793aa9c752d9643cf7a9ac4c3dade6bd2 Mon Sep 17 00:00:00 2001 From: RealMANI <96433859+ImAaronFR@users.noreply.github.com> Date: Sun, 6 Mar 2022 12:20:47 +0330 Subject: [Fix] Changing bio and accent color --- api/src/routes/users/@me/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'api/src') diff --git a/api/src/routes/users/@me/index.ts b/api/src/routes/users/@me/index.ts index 5834921c..78e203a2 100644 --- a/api/src/routes/users/@me/index.ts +++ b/api/src/routes/users/@me/index.ts @@ -58,7 +58,7 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res: } var check_username = body?.username?.replace(/\s/g, ''); - if(!check_username && !body?.avatar && !body?.banner) { + if(!check_username && !body?.avatar && !body?.banner && !body?.bio && !body?.accent_color) { throw FieldErrors({ username: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") } }); -- cgit 1.5.1 From fa750de6fb95fb483ec078f008a417ed166b8183 Mon Sep 17 00:00:00 2001 From: RealMANI <96433859+ImAaronFR@users.noreply.github.com> Date: Sun, 6 Mar 2022 12:37:16 +0330 Subject: Check username --- api/src/routes/users/@me/index.ts | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/users/@me/index.ts b/api/src/routes/users/@me/index.ts index 78e203a2..d32b44f9 100644 --- a/api/src/routes/users/@me/index.ts +++ b/api/src/routes/users/@me/index.ts @@ -57,12 +57,14 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res: user.data.hash = await bcrypt.hash(body.new_password, 12); } - var check_username = body?.username?.replace(/\s/g, ''); - if(!check_username && !body?.avatar && !body?.banner && !body?.bio && !body?.accent_color) { - throw FieldErrors({ - username: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") } - }); - } + if(body.username){ + var check_username = body?.username?.replace(/\s/g, ''); + if(!check_username) { + throw FieldErrors({ + username: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") } + }); + } + } await user.save(); -- cgit 1.5.1 From 4294c6a8753379a06b5f4c21c4d4258352ec139d Mon Sep 17 00:00:00 2001 From: Nobody Date: Tue, 8 Mar 2022 12:01:00 -0300 Subject: fix(api): working ban list We should never use await inside loops --- api/src/routes/guilds/#guild_id/bans.ts | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts index 7ccf34d7..1ce41936 100644 --- a/api/src/routes/guilds/#guild_id/bans.ts +++ b/api/src/routes/guilds/#guild_id/bans.ts @@ -33,17 +33,32 @@ router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: const { guild_id } = req.params; let bans = await Ban.find({ guild_id: guild_id }); + let promisesToAwait: object[] = []; + const bansObj: object[] = []; - /* Filter secret from database registry.*/ + bans.filter((ban) => ban.user_id !== ban.executor_id); // pretend self-bans don't exist to prevent victim chasing - bans.filter(ban => ban.user_id !== ban.executor_id); - // pretend self-bans don't exist to prevent victim chasing - - bans.forEach((registry: BanRegistrySchema) => { - delete registry.ip; + bans.forEach((ban) => { + promisesToAwait.push(User.getPublicUser(ban.user_id)); }); - - return res.json(bans); + + const bannedUsers: object[] = await Promise.all(promisesToAwait); + + bans.forEach((ban, index) => { + const user = bannedUsers[index] as User; + bansObj.push({ + reason: ban.reason, + user: { + username: user.username, + discriminator: user.discriminator, + id: user.id, + avatar: user.avatar, + public_flags: user.public_flags + } + }); + }); + + return res.json(bansObj); }); router.get("/:user", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => { -- cgit 1.5.1 From c097fce8417ea9af344203e5d27430cdea5e110f Mon Sep 17 00:00:00 2001 From: RealMANI <96433859+ImAaronFR@users.noreply.github.com> Date: Tue, 8 Mar 2022 18:35:19 +0330 Subject: Fix bans list (#674) * Fix bans list - Bans list should load properly now * Updated Removed await Removed unnecessary foreach * Update ban.ts await --- api/src/routes/guilds/#guild_id/bans.ts | 20 ++++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/guilds/#guild_id/bans.ts b/api/src/routes/guilds/#guild_id/bans.ts index 7ccf34d7..99adf5ae 100644 --- a/api/src/routes/guilds/#guild_id/bans.ts +++ b/api/src/routes/guilds/#guild_id/bans.ts @@ -33,17 +33,21 @@ router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: const { guild_id } = req.params; let bans = await Ban.find({ guild_id: guild_id }); - - /* Filter secret from database registry.*/ - - bans.filter(ban => ban.user_id !== ban.executor_id); + // pretend self-bans don't exist to prevent victim chasing + bans.filter(ban => ban.user_id !== ban.executor_id); - bans.forEach((registry: BanRegistrySchema) => { - delete registry.ip; - }); + /* Create an separate array to modify and return */ + + var bans_array: object[] = []; + + for (const ban of bans) { + const banned_user = await User.getPublicUser(ban.user_id); + var ban_object = {user: {id: banned_user.id, username: banned_user.username, avatar: banned_user.avatar, discriminator: banned_user.discriminator, public_flags: banned_user.public_flags}, reason: ban.reason}; + bans_array.push(ban_object) + } - return res.json(bans); + return res.json(bans_array); }); router.get("/:user", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => { -- cgit 1.5.1 From 4a617faf02d931e5c69a509aa3764ef2b8999bea Mon Sep 17 00:00:00 2001 From: Nobody Date: Tue, 8 Mar 2022 09:18:19 -0300 Subject: fix(api): always add @everyone in user's roles When you add or delete an user's role, you MUST always add "@everyone" role to the roles map --- api/src/routes/guilds/#guild_id/members/#member_id/index.ts | 3 +++ 1 file changed, 3 insertions(+) (limited to 'api/src') diff --git a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts index 24c74af7..c33eb2fe 100644 --- a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts +++ b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts @@ -28,6 +28,9 @@ router.patch("/", route({ body: "MemberChangeSchema" }), async (req: Request, re if (body.roles) { permission.hasThrow("MANAGE_ROLES"); + + const everyone = await Role.findOneOrFail({ guild_id: guild_id, name: "@everyone", position: 0 }); + body.roles.push(everyone?.id); member.roles = body.roles.map((x) => new Role({ id: x })); // foreign key constraint will fail if role doesn't exist } -- cgit 1.5.1 From b20746bd17e6b5b177b35bcf26434b5d0e1b38d6 Mon Sep 17 00:00:00 2001 From: Nobody Date: Tue, 8 Mar 2022 09:25:14 -0300 Subject: fix(api): prevent @everyone role duplication If user already has @everyone role, then don't push it to the array --- api/src/routes/guilds/#guild_id/members/#member_id/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'api/src') diff --git a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts index c33eb2fe..3234a405 100644 --- a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts +++ b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts @@ -30,7 +30,7 @@ router.patch("/", route({ body: "MemberChangeSchema" }), async (req: Request, re permission.hasThrow("MANAGE_ROLES"); const everyone = await Role.findOneOrFail({ guild_id: guild_id, name: "@everyone", position: 0 }); - body.roles.push(everyone?.id); + if (body.roles.indexOf(everyone.id) === -1) body.roles.push(everyone.id); member.roles = body.roles.map((x) => new Role({ id: x })); // foreign key constraint will fail if role doesn't exist } -- cgit 1.5.1 From 0bb00e044b736596a48a609c575786d557b26f59 Mon Sep 17 00:00:00 2001 From: Nobody Date: Tue, 8 Mar 2022 09:36:21 -0300 Subject: fix(api): don't send @everyone in route response The response of `PATCH /guilds/{guild.id}/members/{user.id}` should not include "@everyone" role --- api/src/routes/guilds/#guild_id/members/#member_id/index.ts | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'api/src') diff --git a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts index 3234a405..34836292 100644 --- a/api/src/routes/guilds/#guild_id/members/#member_id/index.ts +++ b/api/src/routes/guilds/#guild_id/members/#member_id/index.ts @@ -25,16 +25,19 @@ router.patch("/", route({ body: "MemberChangeSchema" }), async (req: Request, re const member = await Member.findOneOrFail({ where: { id: member_id, guild_id }, relations: ["roles", "user"] }); const permission = await getPermission(req.user_id, guild_id); + const everyone = await Role.findOneOrFail({ guild_id: guild_id, name: "@everyone", position: 0 }); if (body.roles) { permission.hasThrow("MANAGE_ROLES"); - const everyone = await Role.findOneOrFail({ guild_id: guild_id, name: "@everyone", position: 0 }); if (body.roles.indexOf(everyone.id) === -1) body.roles.push(everyone.id); member.roles = body.roles.map((x) => new Role({ id: x })); // foreign key constraint will fail if role doesn't exist } await member.save(); + + member.roles = member.roles.filter((x) => x.id !== everyone.id); + // do not use promise.all as we have to first write to db before emitting the event to catch errors await emitEvent({ event: "GUILD_MEMBER_UPDATE", -- cgit 1.5.1 From 4adf6602deb67c4d2b613d4a3787d2c5eca9da0c Mon Sep 17 00:00:00 2001 From: RealMANI <96433859+ImAaronFR@users.noreply.github.com> Date: Tue, 8 Mar 2022 01:27:32 +0330 Subject: Temporary notes fix Temporary fix for getting stuck on loading user note. //TODO --- api/src/routes/users/@me/notes.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/users/@me/notes.ts b/api/src/routes/users/@me/notes.ts index 2ef27bc0..96067bf5 100644 --- a/api/src/routes/users/@me/notes.ts +++ b/api/src/routes/users/@me/notes.ts @@ -6,9 +6,9 @@ const router: Router = Router(); router.put("/:id", route({}), async (req: Request, res: Response) => { //TODO res.json({ - message: "400: Bad Request", - code: 0 - }).status(400); + message: "Unknown User", + code: 10013 + }).status(404); }); export default router; -- cgit 1.5.1 From 64f0b1f1a16c89c7f47facf2d0a73400e377cbe2 Mon Sep 17 00:00:00 2001 From: Nobody Date: Wed, 9 Mar 2022 06:04:50 -0300 Subject: fix(api): working replies in dm channels --- api/src/util/handlers/Message.ts | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'api/src') diff --git a/api/src/util/handlers/Message.ts b/api/src/util/handlers/Message.ts index 21664368..2d9f7032 100644 --- a/api/src/util/handlers/Message.ts +++ b/api/src/util/handlers/Message.ts @@ -82,10 +82,12 @@ export async function handleMessage(opts: MessageOptions): Promise { if (opts.message_reference) { permission.hasThrow("READ_MESSAGE_HISTORY"); // code below has to be redone when we add custom message routing and cross-channel replies - const guild = await Guild.findOneOrFail({ id: channel.guild_id }); - if (!guild.features.includes("CROSS_CHANNEL_REPLIES")) { - if (opts.message_reference.guild_id !== channel.guild_id) throw new HTTPError("You can only reference messages from this guild"); - if (opts.message_reference.channel_id !== opts.channel_id) throw new HTTPError("You can only reference messages from this channel"); + if (message.guild_id !== null) { + const guild = await Guild.findOneOrFail({ id: channel.guild_id }); + if (!guild.features.includes("CROSS_CHANNEL_REPLIES")) { + if (opts.message_reference.guild_id !== channel.guild_id) throw new HTTPError("You can only reference messages from this guild"); + if (opts.message_reference.channel_id !== opts.channel_id) throw new HTTPError("You can only reference messages from this channel"); + } } // TODO: should be checked if the referenced message exists? // @ts-ignore -- cgit 1.5.1 From 134d746ebf41fe0682d8525b20c10bf8bcde25f8 Mon Sep 17 00:00:00 2001 From: Nobody <17956512+n0bodysec@users.noreply.github.com> Date: Wed, 9 Mar 2022 11:35:19 -0300 Subject: fix(api): add vanity urls creation/update (#665) * fix(api): add vanity urls creation/update * refactor(api): multiple vanity urls Old vanty urls will not be updated, instead a new one will be created. * feat(api): add ALIASABLE_NAMES feature Reference: https://github.com/fosscord/fosscord-server/issues/407 --- api/src/routes/guilds/#guild_id/vanity-url.ts | 33 +++++++++++++++++++++++---- 1 file changed, 28 insertions(+), 5 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/guilds/#guild_id/vanity-url.ts b/api/src/routes/guilds/#guild_id/vanity-url.ts index 63173345..29cd25e2 100644 --- a/api/src/routes/guilds/#guild_id/vanity-url.ts +++ b/api/src/routes/guilds/#guild_id/vanity-url.ts @@ -9,11 +9,19 @@ const InviteRegex = /\W/g; router.get("/", route({ permission: "MANAGE_GUILD" }), async (req: Request, res: Response) => { const { guild_id } = req.params; + const guild = await Guild.findOneOrFail({ id: guild_id }); - const invite = await Invite.findOne({ where: { guild_id: guild_id, vanity_url: true } }); - if (!invite) return res.json({ code: null }); + if (!guild.features.includes("ALIASABLE_NAMES")) { + const invite = await Invite.findOne({ where: { guild_id: guild_id, vanity_url: true } }); + if (!invite) return res.json({ code: null }); - return res.json({ code: invite.code, uses: invite.uses }); + return res.json({ code: invite.code, uses: invite.uses }); + } else { + const invite = await Invite.find({ where: { guild_id: guild_id, vanity_url: true } }); + if (!invite || invite.length == 0) return res.json({ code: null }); + + return res.json(invite.map((x) => ({ code: x.code, uses: x.uses }))); + } }); export interface VanityUrlSchema { @@ -24,18 +32,33 @@ export interface VanityUrlSchema { code?: string; } -// TODO: check if guild is elgible for vanity url router.patch("/", route({ body: "VanityUrlSchema", permission: "MANAGE_GUILD" }), async (req: Request, res: Response) => { const { guild_id } = req.params; const body = req.body as VanityUrlSchema; const code = body.code?.replace(InviteRegex, ""); + const guild = await Guild.findOneOrFail({ id: guild_id }); + if (!guild.features.includes("VANITY_URL")) throw new HTTPError("Your guild doesn't support vanity urls"); + + if (!code || code.length === 0) throw new HTTPError("Code cannot be null or empty"); + const invite = await Invite.findOne({ code }); if (invite) throw new HTTPError("Invite already exists"); const { id } = await Channel.findOneOrFail({ guild_id, type: ChannelType.GUILD_TEXT }); - await Invite.update({ vanity_url: true, guild_id }, { code: code, channel_id: id }); + await new Invite({ + vanity_url: true, + code: code, + temporary: false, + uses: 0, + max_uses: 0, + max_age: 0, + created_at: new Date(), + expires_at: new Date(), + guild_id: guild_id, + channel_id: id + }).save(); return res.json({ code: code }); }); -- cgit 1.5.1 From 54ffd87e8e58ed8e04023f4c100e1b7167557ef7 Mon Sep 17 00:00:00 2001 From: Madeline <46743919+MaddyUnderStars@users.noreply.github.com> Date: Thu, 31 Mar 2022 01:21:40 +1100 Subject: Fix typo in table 'client_relase' -> 'client_release' ( and other of the same typo ) (#703) * Fixed typo in table name 'client_relase' -> 'client_release'. Fixed more typos of the same typo. * Fixed migration ( but dirty lol ) --- api/scripts/droptables.sql | 2 +- api/src/routes/downloads.ts | 6 ++--- .../store/published-listings/applications.ts | 2 +- api/src/routes/store/published-listings/skus.ts | 2 +- api/src/routes/updates.ts | 12 +++++----- bundle/package.json | 2 +- util/src/entities/ClientRelase.ts | 26 ---------------------- util/src/entities/ClientRelease.ts | 26 ++++++++++++++++++++++ util/src/entities/Config.ts | 10 ++++----- util/src/entities/index.ts | 2 +- util/src/migrations/1648643945733-ReleaseTypo.ts | 16 +++++++++++++ 11 files changed, 61 insertions(+), 45 deletions(-) delete mode 100644 util/src/entities/ClientRelase.ts create mode 100644 util/src/entities/ClientRelease.ts create mode 100644 util/src/migrations/1648643945733-ReleaseTypo.ts (limited to 'api/src') diff --git a/api/scripts/droptables.sql b/api/scripts/droptables.sql index 57d1b271..8a852048 100644 --- a/api/scripts/droptables.sql +++ b/api/scripts/droptables.sql @@ -26,6 +26,6 @@ DROP TABLE webhooks; DROP TABLE channels; DROP TABLE members; DROP TABLE guilds; -DROP TABLE client_relase; +DROP TABLE client_release; -- DROP TABLE users; -- DROP TABLE config; \ No newline at end of file diff --git a/api/src/routes/downloads.ts b/api/src/routes/downloads.ts index ad78b62f..ddfc080c 100644 --- a/api/src/routes/downloads.ts +++ b/api/src/routes/downloads.ts @@ -1,6 +1,6 @@ import { Router, Response, Request } from "express"; import { route } from "@fosscord/api"; -import { Relase, Config } from "@fosscord/util"; +import { Release, Config } from "@fosscord/util"; const router = Router(); @@ -12,9 +12,9 @@ router.get("/:branch", route({}), async (req: Request, res: Response) => { if(!platform || !["linux", "osx", "win"].includes(platform.toString())) return res.status(404) - const relase = await Relase.findOneOrFail({ name: client.relases.upstreamVersion }); + const release = await Release.findOneOrFail({ name: client.releases.upstreamVersion }); - res.redirect(relase[`win_url`]); + res.redirect(release[`win_url`]); }); export default router; diff --git a/api/src/routes/store/published-listings/applications.ts b/api/src/routes/store/published-listings/applications.ts index f06a01e4..060a4c3d 100644 --- a/api/src/routes/store/published-listings/applications.ts +++ b/api/src/routes/store/published-listings/applications.ts @@ -18,7 +18,7 @@ router.get("/:id", route({}), async (req: Request, res: Response) => { access_type: 2, name: "", features: [], - relase_date: "", + release_date: "", premium: false, slug: "", flags: 4, diff --git a/api/src/routes/store/published-listings/skus.ts b/api/src/routes/store/published-listings/skus.ts index f06a01e4..060a4c3d 100644 --- a/api/src/routes/store/published-listings/skus.ts +++ b/api/src/routes/store/published-listings/skus.ts @@ -18,7 +18,7 @@ router.get("/:id", route({}), async (req: Request, res: Response) => { access_type: 2, name: "", features: [], - relase_date: "", + release_date: "", premium: false, slug: "", flags: 4, diff --git a/api/src/routes/updates.ts b/api/src/routes/updates.ts index 4682ce7c..cb4577c8 100644 --- a/api/src/routes/updates.ts +++ b/api/src/routes/updates.ts @@ -1,19 +1,19 @@ import { Router, Response, Request } from "express"; import { route } from "@fosscord/api"; -import { Config, Relase } from "@fosscord/util"; +import { Config, Release } from "@fosscord/util"; const router = Router(); router.get("/", route({}), async (req: Request, res: Response) => { const { client } = Config.get(); - const relase = await Relase.findOneOrFail({ name: client.relases.upstreamVersion}) + const release = await Release.findOneOrFail({ name: client.releases.upstreamVersion}) res.json({ - name: relase.name, - pub_date: relase.pub_date, - url: relase.url, - notes: relase.notes + name: release.name, + pub_date: release.pub_date, + url: release.url, + notes: release.notes }); }); diff --git a/bundle/package.json b/bundle/package.json index 3754a3bf..7d68427f 100644 --- a/bundle/package.json +++ b/bundle/package.json @@ -111,4 +111,4 @@ "typescript-json-schema": "^0.50.1", "ws": "^7.4.2" } -} +} \ No newline at end of file diff --git a/util/src/entities/ClientRelase.ts b/util/src/entities/ClientRelase.ts deleted file mode 100644 index e021b82b..00000000 --- a/util/src/entities/ClientRelase.ts +++ /dev/null @@ -1,26 +0,0 @@ -import { Column, Entity} from "typeorm"; -import { BaseClass } from "./BaseClass"; - -@Entity("client_relase") -export class Relase extends BaseClass { - @Column() - name: string; - - @Column() - pub_date: string; - - @Column() - url: string; - - @Column() - deb_url: string; - - @Column() - osx_url: string; - - @Column() - win_url: string; - - @Column({ nullable: true }) - notes?: string; -} diff --git a/util/src/entities/ClientRelease.ts b/util/src/entities/ClientRelease.ts new file mode 100644 index 00000000..c5afd307 --- /dev/null +++ b/util/src/entities/ClientRelease.ts @@ -0,0 +1,26 @@ +import { Column, Entity} from "typeorm"; +import { BaseClass } from "./BaseClass"; + +@Entity("client_release") +export class Release extends BaseClass { + @Column() + name: string; + + @Column() + pub_date: string; + + @Column() + url: string; + + @Column() + deb_url: string; + + @Column() + osx_url: string; + + @Column() + win_url: string; + + @Column({ nullable: true }) + notes?: string; +} diff --git a/util/src/entities/Config.ts b/util/src/entities/Config.ts index f4a266dc..8d29b387 100644 --- a/util/src/entities/Config.ts +++ b/util/src/entities/Config.ts @@ -188,8 +188,8 @@ export interface ConfigValue { }, client: { useTestClient: Boolean; - relases: { - useLocalRelases: Boolean; //TODO + releases: { + useLocalRelease: Boolean; //TODO upstreamVersion: string; } }, @@ -222,7 +222,7 @@ export const DefaultConfigOptions: ConfigValue = { }, general: { instanceName: "Fosscord Instance", - instanceDescription: "This is a Fosscord instance made in pre-relase days", + instanceDescription: "This is a Fosscord instance made in pre-release days", frontPage: null, tosPage: null, correspondenceEmail: "noreply@localhost.local", @@ -389,8 +389,8 @@ export const DefaultConfigOptions: ConfigValue = { }, client: { useTestClient: true, - relases: { - useLocalRelases: true, + releases: { + useLocalRelease: true, upstreamVersion: "0.0.264" } }, diff --git a/util/src/entities/index.ts b/util/src/entities/index.ts index fc18d422..f023d5a6 100644 --- a/util/src/entities/index.ts +++ b/util/src/entities/index.ts @@ -27,4 +27,4 @@ export * from "./Template"; export * from "./User"; export * from "./VoiceState"; export * from "./Webhook"; -export * from "./ClientRelase"; \ No newline at end of file +export * from "./ClientRelease"; \ No newline at end of file diff --git a/util/src/migrations/1648643945733-ReleaseTypo.ts b/util/src/migrations/1648643945733-ReleaseTypo.ts new file mode 100644 index 00000000..944b9dd9 --- /dev/null +++ b/util/src/migrations/1648643945733-ReleaseTypo.ts @@ -0,0 +1,16 @@ +import { MigrationInterface, QueryRunner } from "typeorm"; + +export class ReleaseTypo1648643945733 implements MigrationInterface { + name = "ReleaseTypo1648643945733"; + + public async up(queryRunner: QueryRunner): Promise { + //drop table first because typeorm creates it before migrations run + await queryRunner.dropTable("client_release", true); + await queryRunner.renameTable("client_relase", "client_release"); + } + + public async down(queryRunner: QueryRunner): Promise { + await queryRunner.dropTable("client_relase", true); + await queryRunner.renameTable("client_release", "client_relase"); + } +} -- cgit 1.5.1 From ecf59d30c55181b25493c170819d2bb223ef28ba Mon Sep 17 00:00:00 2001 From: Madeline <46743919+MaddyUnderStars@users.noreply.github.com> Date: Tue, 5 Apr 2022 19:58:34 +1000 Subject: User Notes (#707) * Notes implementation. Bug: Client does not save note locally after uploading to server. Client does save after reloading page. Is this due to the response being sent by PUT? * I don't know why the client doesn't do optimistic UI updates with this, or any updates at all without reloading the page * Added USER_NOTE_UPDATE event, thanks @TheRealGeoDash2019 ! --- api/src/routes/users/@me/notes.ts | 35 ++++++++++++++++++++++++++++++----- util/src/entities/User.ts | 4 ++++ util/src/interfaces/Event.ts | 1 + 3 files changed, 35 insertions(+), 5 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/users/@me/notes.ts b/api/src/routes/users/@me/notes.ts index 96067bf5..4887b191 100644 --- a/api/src/routes/users/@me/notes.ts +++ b/api/src/routes/users/@me/notes.ts @@ -1,14 +1,39 @@ import { Request, Response, Router } from "express"; import { route } from "@fosscord/api"; +import { User, emitEvent } from "@fosscord/util"; const router: Router = Router(); +router.get("/:id", route({}), async (req: Request, res: Response) => { + const { id } = req.params; + const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["notes"] }); + + const note = user.notes[id]; + return res.json({ + note: note, + note_user_id: id, + user_id: user.id, + }); +}); + router.put("/:id", route({}), async (req: Request, res: Response) => { - //TODO - res.json({ - message: "Unknown User", - code: 10013 - }).status(404); + const { id } = req.params; + const user = await User.findOneOrFail({ where: { id: req.user_id } }); + const noteUser = await User.findOneOrFail({ where: { id: id }}); //if noted user does not exist throw + const { note } = req.body; + + await User.update({ id: req.user_id }, { notes: { ...user.notes, [noteUser.id]: note } }); + + await emitEvent({ + event: "USER_NOTE_UPDATE", + data: { + note: note, + id: noteUser.id + }, + user_id: user.id, + }) + + return res.status(204); }); export default router; diff --git a/util/src/entities/User.ts b/util/src/entities/User.ts index ed7bd4ce..7091ee24 100644 --- a/util/src/entities/User.ts +++ b/util/src/entities/User.ts @@ -164,6 +164,9 @@ export class User extends BaseClass { @Column({ type: "simple-json", select: false }) settings: UserSettings; + @Column({ type: "simple-json" }) + notes: { [key: string]: string }; //key is ID of user + toPublicUser() { const user: any = {}; PublicUserProjection.forEach((x) => { @@ -271,6 +274,7 @@ export class User extends BaseClass { }, settings: { ...defaultSettings, locale: language }, fingerprints: [], + notes: {}, }); await user.save(); diff --git a/util/src/interfaces/Event.ts b/util/src/interfaces/Event.ts index a5253c09..416082ed 100644 --- a/util/src/interfaces/Event.ts +++ b/util/src/interfaces/Event.ts @@ -623,6 +623,7 @@ export type EVENT = | "PRESENCE_UPDATE" | "TYPING_START" | "USER_UPDATE" + | "USER_NOTE_UPDATE" | "WEBHOOKS_UPDATE" | "INTERACTION_CREATE" | "VOICE_STATE_UPDATE" -- cgit 1.5.1 From 7dc105ce89dd56773c44b0f15fa4bef6825da105 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Thu, 7 Apr 2022 23:13:43 +0300 Subject: scheduled maintenances --- api/src/routes/scheduled-maintenances/upcoming_json.ts | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 api/src/routes/scheduled-maintenances/upcoming_json.ts (limited to 'api/src') diff --git a/api/src/routes/scheduled-maintenances/upcoming_json.ts b/api/src/routes/scheduled-maintenances/upcoming_json.ts new file mode 100644 index 00000000..83092e44 --- /dev/null +++ b/api/src/routes/scheduled-maintenances/upcoming_json.ts @@ -0,0 +1,12 @@ +import { Router, Request, Response } from "express"; +import { route } from "@fosscord/api"; +const router = Router(); + +router.get("/scheduled-maintenances/upcoming.json",route({}), async (req: Request, res: Response) => { + res.json({ + "page": {}, + "scheduled_maintenances": {} + }); +}); + +export default router; -- cgit 1.5.1 From d0fea6be4b22670d3e08f1f7d074d1d6ead5f449 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Thu, 7 Apr 2022 23:15:41 +0300 Subject: added the maintenance listing endpoint --- api/src/middlewares/Authentication.ts | 1 + 1 file changed, 1 insertion(+) (limited to 'api/src') diff --git a/api/src/middlewares/Authentication.ts b/api/src/middlewares/Authentication.ts index 429cf11e..5a08caf3 100644 --- a/api/src/middlewares/Authentication.ts +++ b/api/src/middlewares/Authentication.ts @@ -15,6 +15,7 @@ export const NO_AUTHORIZATION_ROUTES = [ "/experiments", "/updates", "/downloads/", + "/scheduled-maintenances/upcoming.json", // Public kubernetes integration "/-/readyz", "/-/healthz", -- cgit 1.5.1 From a8bd754d0c52dc41887c5e664d59dec505037a6d Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 00:00:22 +0300 Subject: Update index.ts --- .../channels/#channel_id/messages/#message_id/index.ts | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts index 7f7de264..bdc34a81 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts +++ b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts @@ -1,4 +1,4 @@ -import { Channel, emitEvent, getPermission, MessageDeleteEvent, Message, MessageUpdateEvent } from "@fosscord/util"; +import { Channel, emitEvent, getPermission, getRight MessageDeleteEvent, Message, MessageUpdateEvent } from "@fosscord/util"; import { Router, Response, Request } from "express"; import { route } from "@fosscord/api"; import { handleMessage, postHandleMessage } from "@fosscord/api"; @@ -7,18 +7,21 @@ import { MessageCreateSchema } from "../index"; const router = Router(); // TODO: message content/embed string length limit -router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES" }), async (req: Request, res: Response) => { +router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGES", right: "SEND_MESSAGES" }), async (req: Request, res: Response) => { const { message_id, channel_id } = req.params; var body = req.body as MessageCreateSchema; const message = await Message.findOneOrFail({ where: { id: message_id, channel_id }, relations: ["attachments"] }); const permissions = await getPermission(req.user_id, undefined, channel_id); + + const rights = await getRights(req.user_id); - if (req.user_id !== message.author_id) { + if ((req.user_id !== message.author_id)) { + if (rights.has("MANAGE_MESSAGES")) break; permissions.hasThrow("MANAGE_MESSAGES"); body = { flags: body.flags }; // admins can only suppress embeds of other messages - } + } else rights.hasThrow("SELF_EDIT_MESSAGES"); const new_message = await handleMessage({ ...message, @@ -46,17 +49,17 @@ router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGE return res.json(message); }); -// permission check only if deletes messagr from other user router.delete("/", route({}), async (req: Request, res: Response) => { const { message_id, channel_id } = req.params; const channel = await Channel.findOneOrFail({ id: channel_id }); const message = await Message.findOneOrFail({ id: message_id }); - if (message.author_id !== req.user_id) { + if ((message.author_id !== req.user_id)) { + if (rights.has("MANAGE_MESSAGES")) break; const permission = await getPermission(req.user_id, channel.guild_id, channel_id); permission.hasThrow("MANAGE_MESSAGES"); - } + } else rights.hasThrow("SELF_DELETE_MESSAGES"); await Message.delete({ id: message_id }); -- cgit 1.5.1 From 6482b112c427727d46efbb65b0f0ce78893e5049 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 10:26:20 +0300 Subject: fix the build mistakes from yesternight --- .../#channel_id/messages/#message_id/index.ts | 19 ++++++++++++------- util/src/util/Rights.ts | 17 ++++++++--------- 2 files changed, 20 insertions(+), 16 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts index bdc34a81..58dfb1cc 100644 --- a/api/src/routes/channels/#channel_id/messages/#message_id/index.ts +++ b/api/src/routes/channels/#channel_id/messages/#message_id/index.ts @@ -1,4 +1,4 @@ -import { Channel, emitEvent, getPermission, getRight MessageDeleteEvent, Message, MessageUpdateEvent } from "@fosscord/util"; +import { Channel, emitEvent, getPermission, getRights, MessageDeleteEvent, Message, MessageUpdateEvent } from "@fosscord/util"; import { Router, Response, Request } from "express"; import { route } from "@fosscord/api"; import { handleMessage, postHandleMessage } from "@fosscord/api"; @@ -18,9 +18,11 @@ router.patch("/", route({ body: "MessageCreateSchema", permission: "SEND_MESSAGE const rights = await getRights(req.user_id); if ((req.user_id !== message.author_id)) { - if (rights.has("MANAGE_MESSAGES")) break; - permissions.hasThrow("MANAGE_MESSAGES"); - body = { flags: body.flags }; // admins can only suppress embeds of other messages + if (!rights.has("MANAGE_MESSAGES")) { + permissions.hasThrow("MANAGE_MESSAGES"); + body = { flags: body.flags }; +// guild admins can only suppress embeds of other messages, no such restriction imposed to instance-wide admins + } } else rights.hasThrow("SELF_EDIT_MESSAGES"); const new_message = await handleMessage({ @@ -54,11 +56,14 @@ router.delete("/", route({}), async (req: Request, res: Response) => { const channel = await Channel.findOneOrFail({ id: channel_id }); const message = await Message.findOneOrFail({ id: message_id }); + + const rights = await getRights(req.user_id); if ((message.author_id !== req.user_id)) { - if (rights.has("MANAGE_MESSAGES")) break; - const permission = await getPermission(req.user_id, channel.guild_id, channel_id); - permission.hasThrow("MANAGE_MESSAGES"); + if (!rights.has("MANAGE_MESSAGES")) { + const permission = await getPermission(req.user_id, channel.guild_id, channel_id); + permission.hasThrow("MANAGE_MESSAGES"); + } } else rights.hasThrow("SELF_DELETE_MESSAGES"); await Message.delete({ id: message_id }); diff --git a/util/src/util/Rights.ts b/util/src/util/Rights.ts index dedbfe30..35ad9514 100644 --- a/util/src/util/Rights.ts +++ b/util/src/util/Rights.ts @@ -87,15 +87,14 @@ export class Rights extends BitField { throw new HTTPError(`You are missing the following rights ${permission}`, 403); } - export async function getRight( - user_id: string, - /** opts: { - in_behalf?: (keyof User)[]; - } = {} **/) - { - user = await User.findOneOrFail({ where: { id: user_id } }); - return new Rights(user.right); - } } const ALL_RIGHTS = Object.values(Rights.FLAGS).reduce((total, val) => total | val, BigInt(0)); + +export async function getRights( user_id: string + /**, opts: { + in_behalf?: (keyof User)[]; + } = {} **/) { + let user = await User.findOneOrFail({ where: { id: user_id } }); + return new Rights(user.rights); +} -- cgit 1.5.1 From 75e546cf72e4313429ad2bcb30167d9ab3abbc4a Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 11:02:11 +0300 Subject: enforce the rights --- api/src/util/handlers/Message.ts | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'api/src') diff --git a/api/src/util/handlers/Message.ts b/api/src/util/handlers/Message.ts index 2d9f7032..f0ecf416 100644 --- a/api/src/util/handlers/Message.ts +++ b/api/src/util/handlers/Message.ts @@ -7,6 +7,7 @@ import { MessageCreateEvent, MessageUpdateEvent, getPermission, + getRights, CHANNEL_MENTION, Snowflake, USER_MENTION, @@ -61,17 +62,18 @@ export async function handleMessage(opts: MessageOptions): Promise { throw new HTTPError("Content length over max character limit") } - // TODO: are tts messages allowed in dm channels? should permission be checked? if (opts.author_id) { message.author = await User.getPublicUser(opts.author_id); - } + const rights = await getRights(opts.author_id); + rights.hasThrow("SEND_MESSAGES"); + } if (opts.application_id) { message.application = await Application.findOneOrFail({ id: opts.application_id }); } if (opts.webhook_id) { message.webhook = await Webhook.findOneOrFail({ id: opts.webhook_id }); } - + const permission = await getPermission(opts.author_id, channel.guild_id, opts.channel_id); permission.hasThrow("SEND_MESSAGES"); // TODO: add the rights check if (permission.cache.member) { -- cgit 1.5.1 From 28a15f364358d8d0a42a6233c330ae7b8aa43767 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 11:05:19 +0300 Subject: remove todos that are implemented --- api/src/util/handlers/Message.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'api/src') diff --git a/api/src/util/handlers/Message.ts b/api/src/util/handlers/Message.ts index f0ecf416..5a5ac666 100644 --- a/api/src/util/handlers/Message.ts +++ b/api/src/util/handlers/Message.ts @@ -75,7 +75,7 @@ export async function handleMessage(opts: MessageOptions): Promise { } const permission = await getPermission(opts.author_id, channel.guild_id, opts.channel_id); - permission.hasThrow("SEND_MESSAGES"); // TODO: add the rights check + permission.hasThrow("SEND_MESSAGES"); if (permission.cache.member) { message.member = permission.cache.member; } @@ -83,7 +83,7 @@ export async function handleMessage(opts: MessageOptions): Promise { if (opts.tts) permission.hasThrow("SEND_TTS_MESSAGES"); if (opts.message_reference) { permission.hasThrow("READ_MESSAGE_HISTORY"); - // code below has to be redone when we add custom message routing and cross-channel replies + // code below has to be redone when we add custom message routing if (message.guild_id !== null) { const guild = await Guild.findOneOrFail({ id: channel.guild_id }); if (!guild.features.includes("CROSS_CHANNEL_REPLIES")) { @@ -91,7 +91,7 @@ export async function handleMessage(opts: MessageOptions): Promise { if (opts.message_reference.channel_id !== opts.channel_id) throw new HTTPError("You can only reference messages from this channel"); } } - // TODO: should be checked if the referenced message exists? + // Q: should be checked if the referenced message exists? ANSWER: NO // @ts-ignore message.type = MessageType.REPLY; } -- cgit 1.5.1 From 327100afb9a3f9c4e5b4ceda401b20b258ae0b35 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 11:23:09 +0300 Subject: MANAGE_GUILDS --- api/src/routes/guilds/#guild_id/index.ts | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/guilds/#guild_id/index.ts b/api/src/routes/guilds/#guild_id/index.ts index 991c3f93..8e1e74f7 100644 --- a/api/src/routes/guilds/#guild_id/index.ts +++ b/api/src/routes/guilds/#guild_id/index.ts @@ -1,5 +1,5 @@ import { Request, Response, Router } from "express"; -import { emitEvent, getPermission, Guild, GuildUpdateEvent, handleFile, Member } from "@fosscord/util"; +import { DiscordApiErrors, emitEvent, getPermission, getRights, Guild, GuildUpdateEvent, handleFile, Member } from "@fosscord/util"; import { HTTPError } from "lambert-server"; import { route } from "@fosscord/api"; import "missing-native-js-functions"; @@ -37,9 +37,17 @@ router.get("/", route({}), async (req: Request, res: Response) => { return res.send(guild); }); -router.patch("/", route({ body: "GuildUpdateSchema", permission: "MANAGE_GUILD" }), async (req: Request, res: Response) => { +router.patch("/", route({ body: "GuildUpdateSchema"}), async (req: Request, res: Response) => { const body = req.body as GuildUpdateSchema; const { guild_id } = req.params; + + + const rights = await getRight(req.user_id); + const permission = await getPermission(req.user_id, guild_id); + + if (!rights.has("MANAGE_GUILDS")||!permission.has("MANAGE_GUILD")) + throw DiscordApiErrors.MISSING_PERMISSIONS("MANAGE_GUILD"); + // TODO: guild update check image if (body.icon) body.icon = await handleFile(`/icons/${guild_id}`, body.icon); -- cgit 1.5.1 From 14bb6972d38eade8d9450c7384019277d7eb2782 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 11:29:04 +0300 Subject: rights enforcement in guild create --- api/src/routes/guilds/index.ts | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/guilds/index.ts b/api/src/routes/guilds/index.ts index 7b676211..10721413 100644 --- a/api/src/routes/guilds/index.ts +++ b/api/src/routes/guilds/index.ts @@ -1,5 +1,5 @@ import { Router, Request, Response } from "express"; -import { Role, Guild, Snowflake, Config, Member, Channel, DiscordApiErrors, handleFile } from "@fosscord/util"; +import { Role, Guild, Snowflake, Config, getRights, Member, Channel, DiscordApiErrors, handleFile } from "@fosscord/util"; import { route } from "@fosscord/api"; import { ChannelModifySchema } from "../channels/#channel_id"; @@ -20,12 +20,13 @@ export interface GuildCreateSchema { //TODO: create default channel -router.post("/", route({ body: "GuildCreateSchema" }), async (req: Request, res: Response) => { +router.post("/", route({ body: "GuildCreateSchema", right: "CREATE_GUILDS" }), async (req: Request, res: Response) => { const body = req.body as GuildCreateSchema; const { maxGuilds } = Config.get().limits.user; const guild_count = await Member.count({ id: req.user_id }); - if (guild_count >= maxGuilds) { + const rights = await getRights(req.user_id); + if ((guild_count >= maxGuilds)&&!rights.has("MANAGE_GUILDS")) { throw DiscordApiErrors.MAXIMUM_GUILDS.withParams(maxGuilds); } -- cgit 1.5.1 From 20e1f6394ef6c24ad7497fec094b8899cf0c7c4f Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 11:32:00 +0300 Subject: JOIN_GUILDS --- api/src/routes/invites/index.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'api/src') diff --git a/api/src/routes/invites/index.ts b/api/src/routes/invites/index.ts index 37e9e05a..21da2d18 100644 --- a/api/src/routes/invites/index.ts +++ b/api/src/routes/invites/index.ts @@ -13,7 +13,7 @@ router.get("/:code", route({}), async (req: Request, res: Response) => { res.status(200).send(invite); }); -router.post("/:code", route({}), async (req: Request, res: Response) => { +router.post("/:code", route({right: "JOIN_GUILDS"}), async (req: Request, res: Response) => { const { code } = req.params; const { guild_id } = await Invite.findOneOrFail({ code }) const { features } = await Guild.findOneOrFail({ id: guild_id}); -- cgit 1.5.1 From a8c57a878d15ba1e3a6bc10ec2e61251c500a26e Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 11:34:01 +0300 Subject: invite right enforced --- api/src/routes/channels/#channel_id/invites.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'api/src') diff --git a/api/src/routes/channels/#channel_id/invites.ts b/api/src/routes/channels/#channel_id/invites.ts index 6d2c625d..208a0705 100644 --- a/api/src/routes/channels/#channel_id/invites.ts +++ b/api/src/routes/channels/#channel_id/invites.ts @@ -19,7 +19,8 @@ export interface InviteCreateSchema { target_user_type?: number; } -router.post("/", route({ body: "InviteCreateSchema", permission: "CREATE_INSTANT_INVITE" }), async (req: Request, res: Response) => { +router.post("/", route({ body: "InviteCreateSchema", permission: "CREATE_INSTANT_INVITE", right: "CREATE_INSTANT_INVITE" }), + async (req: Request, res: Response) => { const { user_id } = req; const { channel_id } = req.params; const channel = await Channel.findOneOrFail({ where: { id: channel_id }, select: ["id", "name", "type", "guild_id"] }); -- cgit 1.5.1 From 4c3eec0b1a0e23d170b773b3bc6186c4a9797a45 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Fri, 8 Apr 2022 17:30:55 +0300 Subject: correct right name --- api/src/routes/channels/#channel_id/invites.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'api/src') diff --git a/api/src/routes/channels/#channel_id/invites.ts b/api/src/routes/channels/#channel_id/invites.ts index 208a0705..6367a8b6 100644 --- a/api/src/routes/channels/#channel_id/invites.ts +++ b/api/src/routes/channels/#channel_id/invites.ts @@ -19,7 +19,7 @@ export interface InviteCreateSchema { target_user_type?: number; } -router.post("/", route({ body: "InviteCreateSchema", permission: "CREATE_INSTANT_INVITE", right: "CREATE_INSTANT_INVITE" }), +router.post("/", route({ body: "InviteCreateSchema", permission: "CREATE_INVITES", right: "CREATE_INSTANT_INVITE" }), async (req: Request, res: Response) => { const { user_id } = req; const { channel_id } = req.params; -- cgit 1.5.1 From 969c99173a814443096b16e9674f4dd77b374f9a Mon Sep 17 00:00:00 2001 From: binsky Date: Sat, 9 Apr 2022 04:11:10 +0200 Subject: fix invite right enforcement --- api/src/routes/channels/#channel_id/invites.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'api/src') diff --git a/api/src/routes/channels/#channel_id/invites.ts b/api/src/routes/channels/#channel_id/invites.ts index 6367a8b6..9c361164 100644 --- a/api/src/routes/channels/#channel_id/invites.ts +++ b/api/src/routes/channels/#channel_id/invites.ts @@ -19,7 +19,7 @@ export interface InviteCreateSchema { target_user_type?: number; } -router.post("/", route({ body: "InviteCreateSchema", permission: "CREATE_INVITES", right: "CREATE_INSTANT_INVITE" }), +router.post("/", route({ body: "InviteCreateSchema", permission: "CREATE_INSTANT_INVITE", right: "CREATE_INVITES" }), async (req: Request, res: Response) => { const { user_id } = req; const { channel_id } = req.params; -- cgit 1.5.1 From edc5426369f31d4ad70f54ab8cbece5482738f7e Mon Sep 17 00:00:00 2001 From: binsky Date: Sat, 9 Apr 2022 04:12:16 +0200 Subject: fix MANAGE_GUILDS; rename getRight to getRights --- api/src/routes/guilds/#guild_id/index.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/guilds/#guild_id/index.ts b/api/src/routes/guilds/#guild_id/index.ts index 8e1e74f7..4ec3df72 100644 --- a/api/src/routes/guilds/#guild_id/index.ts +++ b/api/src/routes/guilds/#guild_id/index.ts @@ -42,11 +42,11 @@ router.patch("/", route({ body: "GuildUpdateSchema"}), async (req: Request, res: const { guild_id } = req.params; - const rights = await getRight(req.user_id); + const rights = await getRights(req.user_id); const permission = await getPermission(req.user_id, guild_id); if (!rights.has("MANAGE_GUILDS")||!permission.has("MANAGE_GUILD")) - throw DiscordApiErrors.MISSING_PERMISSIONS("MANAGE_GUILD"); + throw DiscordApiErrors.MISSING_PERMISSIONS.withParams("MANAGE_GUILD"); // TODO: guild update check image -- cgit 1.5.1 From 662026507752095417c4d122615a1aab8f52f68d Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Sat, 9 Apr 2022 21:45:45 +0300 Subject: add an elegant entropy check --- api/src/util/utility/passwordStrength.ts | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) (limited to 'api/src') diff --git a/api/src/util/utility/passwordStrength.ts b/api/src/util/utility/passwordStrength.ts index 047df008..81ac2559 100644 --- a/api/src/util/utility/passwordStrength.ts +++ b/api/src/util/utility/passwordStrength.ts @@ -13,6 +13,7 @@ const blocklist: string[] = []; // TODO: update ones passwordblocklist is stored * - min numbers * - min symbols * - min uppercase chars + * - shannon entropy divided by password entropy * * Returns: 0 > pw > 1 */ @@ -22,28 +23,38 @@ export function checkPassword(password: string): number { // checks for total password len if (password.length >= minLength - 1) { - strength += 0.25; + strength += 0.05; } // checks for amount of Numbers if (password.count(reNUMBER) >= minNumbers - 1) { - strength += 0.25; + strength += 0.05; } // checks for amount of Uppercase Letters if (password.count(reUPPERCASELETTER) >= minUpperCase - 1) { - strength += 0.25; + strength += 0.05; } // checks for amount of symbols if (password.replace(reSYMBOLS, "").length >= minSymbols - 1) { - strength += 0.25; + strength += 0.05; } // checks if password only consists of numbers or only consists of chars if (password.length == password.count(reNUMBER) || password.length === password.count(reUPPERCASELETTER)) { strength = 0; } - + + var entropyMap; + for (let i = 0; i < password.length; i++) { + if (entropyMap[password[i]]) entropyMap[password[i]]++; + else entropyMap[password[i]] = 1; + } + + let entropies = Array(entropyMap); + + entropies.map(x => (x / entropyMap.length)); + strength += entropies.reduceRight((a, x), a - (x * Math.log2(x))) / Math.log2(password.length); return strength; } -- cgit 1.5.1 From 07ed88ff6ade2769c4d0c2664aeb1da9b2262983 Mon Sep 17 00:00:00 2001 From: Erkin Alp Güney Date: Sat, 9 Apr 2022 21:48:25 +0300 Subject: Update passwordStrength.ts --- api/src/util/utility/passwordStrength.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'api/src') diff --git a/api/src/util/utility/passwordStrength.ts b/api/src/util/utility/passwordStrength.ts index 81ac2559..e75e48f6 100644 --- a/api/src/util/utility/passwordStrength.ts +++ b/api/src/util/utility/passwordStrength.ts @@ -46,7 +46,7 @@ export function checkPassword(password: string): number { strength = 0; } - var entropyMap; + let entropyMap; for (let i = 0; i < password.length; i++) { if (entropyMap[password[i]]) entropyMap[password[i]]++; else entropyMap[password[i]] = 1; -- cgit 1.5.1