From 0d0dd4f6b8433a3a90b5b0eebab7e3991bda2302 Mon Sep 17 00:00:00 2001 From: Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> Date: Tue, 30 Mar 2021 15:37:43 +0200 Subject: move routes to top level no more /api/v8 -> use reverse proxy instead --- src/routes/api/v8/auth/login.ts | 93 -------- src/routes/api/v8/auth/register.ts | 262 --------------------- .../api/v8/channels/#channel_id/followers.ts | 4 - src/routes/api/v8/channels/#channel_id/index.ts | 4 - src/routes/api/v8/channels/#channel_id/invites.ts | 67 ------ .../channels/#channel_id/messages/bulk-delete.ts | 37 --- .../api/v8/channels/#channel_id/messages/index.ts | 136 ----------- .../api/v8/channels/#channel_id/permissions.ts | 4 - src/routes/api/v8/channels/#channel_id/pins.ts | 4 - .../api/v8/channels/#channel_id/recipients.ts | 4 - src/routes/api/v8/channels/#channel_id/typing.ts | 4 - src/routes/api/v8/channels/#channel_id/webhooks.ts | 4 - src/routes/api/v8/guilds/#id/bans.ts | 93 -------- src/routes/api/v8/guilds/#id/channels.ts | 51 ---- src/routes/api/v8/guilds/#id/index.ts | 73 ------ src/routes/api/v8/guilds/#id/members.ts | 54 ----- src/routes/api/v8/guilds/index.ts | 81 ------- src/routes/api/v8/guilds/templates/index.ts | 4 - src/routes/api/v8/invites/index.ts | 4 - src/routes/api/v8/users/@me/guilds.ts | 50 ---- src/routes/api/v8/users/@me/index.ts | 15 -- src/routes/assets/index.ts | 34 --- src/routes/auth/login.ts | 93 ++++++++ src/routes/auth/register.ts | 262 +++++++++++++++++++++ src/routes/channels/#channel_id/followers.ts | 4 + src/routes/channels/#channel_id/index.ts | 4 + src/routes/channels/#channel_id/invites.ts | 67 ++++++ .../channels/#channel_id/messages/bulk-delete.ts | 37 +++ src/routes/channels/#channel_id/messages/index.ts | 136 +++++++++++ src/routes/channels/#channel_id/permissions.ts | 4 + src/routes/channels/#channel_id/pins.ts | 4 + src/routes/channels/#channel_id/recipients.ts | 4 + src/routes/channels/#channel_id/typing.ts | 4 + src/routes/channels/#channel_id/webhooks.ts | 4 + src/routes/guilds/#id/bans.ts | 93 ++++++++ src/routes/guilds/#id/channels.ts | 51 ++++ src/routes/guilds/#id/index.ts | 73 ++++++ src/routes/guilds/#id/members.ts | 54 +++++ src/routes/guilds/index.ts | 81 +++++++ src/routes/guilds/templates/index.ts | 4 + src/routes/invites/index.ts | 4 + src/routes/test.ts | 14 -- src/routes/users/@me/guilds.ts | 50 ++++ src/routes/users/@me/index.ts | 15 ++ 44 files changed, 1048 insertions(+), 1096 deletions(-) delete mode 100644 src/routes/api/v8/auth/login.ts delete mode 100644 src/routes/api/v8/auth/register.ts delete mode 100644 src/routes/api/v8/channels/#channel_id/followers.ts delete mode 100644 src/routes/api/v8/channels/#channel_id/index.ts delete mode 100644 src/routes/api/v8/channels/#channel_id/invites.ts delete mode 100644 src/routes/api/v8/channels/#channel_id/messages/bulk-delete.ts delete mode 100644 src/routes/api/v8/channels/#channel_id/messages/index.ts delete mode 100644 src/routes/api/v8/channels/#channel_id/permissions.ts delete mode 100644 src/routes/api/v8/channels/#channel_id/pins.ts delete mode 100644 src/routes/api/v8/channels/#channel_id/recipients.ts delete mode 100644 src/routes/api/v8/channels/#channel_id/typing.ts delete mode 100644 src/routes/api/v8/channels/#channel_id/webhooks.ts delete mode 100644 src/routes/api/v8/guilds/#id/bans.ts delete mode 100644 src/routes/api/v8/guilds/#id/channels.ts delete mode 100644 src/routes/api/v8/guilds/#id/index.ts delete mode 100644 src/routes/api/v8/guilds/#id/members.ts delete mode 100644 src/routes/api/v8/guilds/index.ts delete mode 100644 src/routes/api/v8/guilds/templates/index.ts delete mode 100644 src/routes/api/v8/invites/index.ts delete mode 100644 src/routes/api/v8/users/@me/guilds.ts delete mode 100644 src/routes/api/v8/users/@me/index.ts delete mode 100644 src/routes/assets/index.ts create mode 100644 src/routes/auth/login.ts create mode 100644 src/routes/auth/register.ts create mode 100644 src/routes/channels/#channel_id/followers.ts create mode 100644 src/routes/channels/#channel_id/index.ts create mode 100644 src/routes/channels/#channel_id/invites.ts create mode 100644 src/routes/channels/#channel_id/messages/bulk-delete.ts create mode 100644 src/routes/channels/#channel_id/messages/index.ts create mode 100644 src/routes/channels/#channel_id/permissions.ts create mode 100644 src/routes/channels/#channel_id/pins.ts create mode 100644 src/routes/channels/#channel_id/recipients.ts create mode 100644 src/routes/channels/#channel_id/typing.ts create mode 100644 src/routes/channels/#channel_id/webhooks.ts create mode 100644 src/routes/guilds/#id/bans.ts create mode 100644 src/routes/guilds/#id/channels.ts create mode 100644 src/routes/guilds/#id/index.ts create mode 100644 src/routes/guilds/#id/members.ts create mode 100644 src/routes/guilds/index.ts create mode 100644 src/routes/guilds/templates/index.ts create mode 100644 src/routes/invites/index.ts delete mode 100644 src/routes/test.ts create mode 100644 src/routes/users/@me/guilds.ts create mode 100644 src/routes/users/@me/index.ts (limited to 'src') diff --git a/src/routes/api/v8/auth/login.ts b/src/routes/api/v8/auth/login.ts deleted file mode 100644 index 3f924e7c..00000000 --- a/src/routes/api/v8/auth/login.ts +++ /dev/null @@ -1,93 +0,0 @@ -import { Request, Response, Router } from "express"; -import { check, FieldErrors, Length } from "../../../../util/instanceOf"; -import bcrypt from "bcrypt"; -import jwt from "jsonwebtoken"; -import { User, UserModel } from "fosscord-server-util"; -import Config from "../../../../util/Config"; -import { adjustEmail } from "./register"; - -const router: Router = Router(); -export default router; - -router.post( - "/", - check({ - login: new Length(String, 2, 100), // email or telephone - password: new Length(String, 8, 64), - $undelete: Boolean, - $captcha_key: String, - $login_source: String, - $gift_code_sku_id: String, - }), - async (req: Request, res: Response) => { - const { login, password } = req.body; - const email = adjustEmail(login); - const query: any[] = [{ phone: login }]; - if (email) query.push({ email }); - - // * MongoDB Specific query for user with same email or phone number - const user = await UserModel.findOne( - { - $or: query, - }, - `hash id user_settings.locale user_settings.theme` - ).exec(); - - if (!user) { - throw FieldErrors({ - login: { message: req.t("auth:login.INVALID_LOGIN"), code: "INVALID_LOGIN" }, - }); - } - - // the salt is saved in the password refer to bcrypt docs - const same_password = await bcrypt.compare(password, user.hash); - if (!same_password) { - throw FieldErrors({ - password: { message: req.t("auth:login.INVALID_PASSWORD"), code: "INVALID_PASSWORD" }, - }); - } - - const token = await generateToken(user.id); - - // Notice this will have a different token structure, than discord - // Discord header is just the user id as string, which is not possible with npm-jsonwebtoken package - // https://user-images.githubusercontent.com/6506416/81051916-dd8c9900-8ec2-11ea-8794-daf12d6f31f0.png - - res.json({ token, user_settings: user.user_settings }); - } -); - -export async function generateToken(id: bigint) { - const iat = Math.floor(Date.now() / 1000); - const algorithm = "HS256"; - - return new Promise((res, rej) => { - jwt.sign( - { id: `${id}`, iat }, - Config.get().security.jwtSecret, - { - algorithm, - }, - (err, token) => { - if (err) return rej(err); - return res(token); - } - ); - }); -} - -/** - * POST /auth/login - * @argument { login: "email@gmail.com", password: "cleartextpassword", undelete: false, captcha_key: null, login_source: null, gift_code_sku_id: null, } - - - * MFA required: - * @returns {"token": null, "mfa": true, "sms": true, "ticket": "SOME TICKET JWT TOKEN"} - - * Captcha required: - * @returns {"captcha_key": ["captcha-required"], "captcha_sitekey": null, "captcha_service": "recaptcha"} - - * Sucess: - * @returns {"token": "USERTOKEN", "user_settings": {"locale": "en", "theme": "dark"}} - - */ diff --git a/src/routes/api/v8/auth/register.ts b/src/routes/api/v8/auth/register.ts deleted file mode 100644 index 99df82f1..00000000 --- a/src/routes/api/v8/auth/register.ts +++ /dev/null @@ -1,262 +0,0 @@ -import { Request, Response, Router } from "express"; -import Config from "../../../../util/Config"; -import { trimSpecial, User, Snowflake, UserModel } from "fosscord-server-util"; -import bcrypt from "bcrypt"; -import { check, Email, EMAIL_REGEX, FieldErrors, Length } from "../../../../util/instanceOf"; -import "missing-native-js-functions"; -import { generateToken } from "./login"; - -const router: Router = Router(); - -router.post( - "/", - check({ - username: new Length(String, 2, 32), - // TODO: check min password length in config - // prevent Denial of Service with max length of 64 chars - password: new Length(String, 8, 64), - consent: Boolean, - $email: new Length(Email, 5, 100), - $fingerprint: String, - $invite: String, - $date_of_birth: Date, // "2000-04-03" - $gift_code_sku_id: String, - $captcha_key: String, - }), - async (req: Request, res: Response) => { - const { - email, - username, - password, - consent, - fingerprint, - invite, - date_of_birth, - gift_code_sku_id, // ? what is this - captcha_key, - } = req.body; - // TODO: automatically join invite - // TODO: gift_code_sku_id? - // TODO: check password strength - - // adjusted_email will be slightly modified version of the user supplied email -> e.g. protection against GMail Trick - let adjusted_email: string | undefined = adjustEmail(email); - - // adjusted_password will be the hash of the password - let adjusted_password: string = ""; - - // trim special uf8 control characters -> Backspace, Newline, ... - let adjusted_username: string = trimSpecial(username); - - // discriminator will be randomly generated - let discriminator = ""; - - // get register Config - const { register } = Config.get(); - - // check if registration is allowed - if (!register.allowNewRegistration) { - throw FieldErrors({ - email: { code: "REGISTRATION_DISABLED", message: req.t("auth:register.REGISTRATION_DISABLED") }, - }); - } - - // check if the user agreed to the Terms of Service - if (!consent) { - throw FieldErrors({ - consent: { code: "CONSENT_REQUIRED", message: req.t("auth:register.CONSENT_REQUIRED") }, - }); - } - - // require invite to register -> e.g. for organizations to send invites to their employees - if (register.requireInvite && !invite) { - throw FieldErrors({ - email: { code: "INVITE_ONLY", message: req.t("auth:register.INVITE_ONLY") }, - }); - } - - if (email) { - // replace all dots and chars after +, if its a gmail.com email - if (!adjusted_email) throw FieldErrors({ email: { code: "INVALID_EMAIL", message: "Invalid Email format" } }); - - // check if there is already an account with this email - const exists = await UserModel.findOne({ email: adjusted_email }).exec(); - - if (exists) { - throw FieldErrors({ - email: { - code: "EMAIL_ALREADY_REGISTERED", - message: req.t("auth.register.EMAIL_ALREADY_REGISTERED"), - }, - }); - } - } else if (register.email.required) { - throw FieldErrors({ - email: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") }, - }); - } - - if (register.dateOfBirth.required && !date_of_birth) { - throw FieldErrors({ - date_of_birth: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") }, - }); - } else if (register.dateOfBirth.minimum) { - const minimum = new Date(); - minimum.setFullYear(minimum.getFullYear() - register.dateOfBirth.minimum); - - // higher is younger - if (date_of_birth > minimum) { - throw FieldErrors({ - date_of_birth: { - code: "DATE_OF_BIRTH_UNDERAGE", - message: req.t("auth:register.DATE_OF_BIRTH_UNDERAGE", { years: register.dateOfBirth.minimum }), - }, - }); - } - } - - if (!register.allowMultipleAccounts) { - // TODO: check if fingerprint was eligible generated - const exists = await UserModel.findOne({ fingerprints: fingerprint }).exec(); - - if (exists) { - throw FieldErrors({ - email: { - code: "EMAIL_ALREADY_REGISTERED", - message: req.t("auth:register.EMAIL_ALREADY_REGISTERED"), - }, - }); - } - } - - if (register.requireCaptcha) { - if (!captcha_key) { - const { sitekey, service } = Config.get().security.captcha; - return res.status(400).json({ - captcha_key: ["captcha-required"], - captcha_sitekey: sitekey, - captcha_service: service, - }); - } - - // TODO: check captcha - } - - // the salt is saved in the password refer to bcrypt docs - adjusted_password = await bcrypt.hash(password, 12); - - let exists; - // randomly generates a discriminator between 1 and 9999 and checks max five times if it already exists - // if it all five times already exists, abort with USERNAME_TOO_MANY_USERS error - // else just continue - // TODO: is there any better way to generate a random discriminator only once, without checking if it already exists in the mongodb database? - for (let tries = 0; tries < 5; tries++) { - discriminator = Math.randomIntBetween(1, 9999).toString().padStart(4, "0"); - exists = await UserModel.findOne({ discriminator, username: adjusted_username }, "id").exec(); - if (!exists) break; - } - - if (exists) { - throw FieldErrors({ - username: { - code: "USERNAME_TOO_MANY_USERS", - message: req.t("auth:register.USERNAME_TOO_MANY_USERS"), - }, - }); - } - - // constructing final user object - // TODO fix: - // @ts-ignore - const user: User = { - id: Snowflake.generate(), - created_at: new Date(), - username: adjusted_username, - discriminator, - avatar: null, - bot: false, - system: false, - mfa_enabled: false, - verified: false, - email: adjusted_email, - flags: 0n, // TODO: generate default flags - hash: adjusted_password, - guilds: [], - valid_tokens_since: new Date(), - user_settings: { - afk_timeout: 300, - allow_accessibility_detection: true, - animate_emoji: true, - animate_stickers: 0, - contact_sync_enabled: false, - convert_emoticons: false, - custom_status: { - emoji_id: null, - emoji_name: null, - expires_at: null, - text: null, - }, - default_guilds_restricted: false, - detect_platform_accounts: true, - developer_mode: false, - disable_games_tab: false, - enable_tts_command: true, - explicit_content_filter: 0, - friend_source_flags: { all: true }, - gateway_connected: false, - gif_auto_play: true, - guild_folders: [], - guild_positions: [], - inline_attachment_media: true, - inline_embed_media: true, - locale: req.language, - message_display_compact: false, - native_phone_integration_enabled: true, - render_embeds: true, - render_reactions: true, - restricted_guilds: [], - show_current_game: true, - status: "offline", - stream_notifications_enabled: true, - theme: "dark", - timezone_offset: 0, - // timezone_offset: // TODO: timezone from request - }, - }; - - // insert user into database - await new UserModel(user).save({}); - - return res.json({ token: await generateToken(user.id) }); - } -); - -export function adjustEmail(email: string): string | undefined { - // body parser already checked if it is a valid email - const parts = email.match(EMAIL_REGEX); - // @ts-ignore - if (!parts || parts.length < 5) return undefined; - const domain = parts[5]; - const user = parts[1]; - - // TODO: check accounts with uncommon email domains - if (domain === "gmail.com" || domain === "googlemail.com") { - // replace .dots and +alternatives -> Gmail Dot Trick https://support.google.com/mail/answer/7436150 and https://generator.email/blog/gmail-generator - return user.replace(/[.]|(\+.*)/g, "") + "@gmail.com"; - } - - return email; -} - -export default router; - -/** - * POST /auth/register - * @argument { "fingerprint":"805826570869932034.wR8vi8lGlFBJerErO9LG5NViJFw", "email":"qo8etzvaf@gmail.com", "username":"qp39gr98", "password":"wtp9gep9gw", "invite":null, "consent":true, "date_of_birth":"2000-04-04", "gift_code_sku_id":null, "captcha_key":null} - * - * Field Error - * @returns { "code": 50035, "errors": { "consent": { "_errors": [{ "code": "CONSENT_REQUIRED", "message": "You must agree to Discord's Terms of Service and Privacy Policy." }]}}, "message": "Invalid Form Body"} - * - * Success 201: - * @returns {token: "OMITTED"} - */ diff --git a/src/routes/api/v8/channels/#channel_id/followers.ts b/src/routes/api/v8/channels/#channel_id/followers.ts deleted file mode 100644 index 9a4e81fa..00000000 --- a/src/routes/api/v8/channels/#channel_id/followers.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Router } from "express"; -const router: Router = Router(); - -export default router; diff --git a/src/routes/api/v8/channels/#channel_id/index.ts b/src/routes/api/v8/channels/#channel_id/index.ts deleted file mode 100644 index 9a4e81fa..00000000 --- a/src/routes/api/v8/channels/#channel_id/index.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Router } from "express"; -const router: Router = Router(); - -export default router; diff --git a/src/routes/api/v8/channels/#channel_id/invites.ts b/src/routes/api/v8/channels/#channel_id/invites.ts deleted file mode 100644 index 4c21e7d4..00000000 --- a/src/routes/api/v8/channels/#channel_id/invites.ts +++ /dev/null @@ -1,67 +0,0 @@ -import { Router, Request, Response } from "express"; -import { HTTPError } from "lambert-server"; - -import { check } from "../../../../../util/instanceOf"; -import { random } from "../../../../../util/RandomInviteID"; -import { emitEvent } from "../../../../../util/Event"; - -import { InviteCreateSchema } from "../../../../../schema/Invite"; - -import { getPermission, ChannelModel, InviteModel, InviteCreateEvent } from "fosscord-server-util"; - -const router: Router = Router(); - -router.post("/", check(InviteCreateSchema), async (req: Request, res: Response) => { - const usID = req.user_id; - const chID = BigInt(req.params.channel_id); - const channel = await ChannelModel.findOne({ id: chID }).exec(); - - if (!channel || !channel.guild_id) { - throw new HTTPError("This channel doesn't exist", 404); - } - const { guild_id: guID } = channel; - - const permission = await getPermission(usID, guID); - - if (!permission.has("CREATE_INSTANT_INVITE")) { - throw new HTTPError("You aren't authorised to access this endpoint", 401); - } - - const invite = { - code: random(), - temporary: req.body.temporary, - uses: 0, - max_uses: req.body.max_uses, - max_age: req.body.max_age, - created_at: new Date(), - guild_id: guID, - channel_id: chID, - inviter_id: usID, - }; - - await new InviteModel(invite).save(); - - await emitEvent({ event: "INVITE_CREATE", data: invite } as InviteCreateEvent); - res.status(201).send(invite); -}); - -router.get("/", async (req: Request, res: Response) => { - const usID = req.user_id; - const chID = BigInt(req.params.channel_id); - const channel = await ChannelModel.findOne({ id: chID }).exec(); - - if (!channel || !channel.guild_id) { - throw new HTTPError("This channel doesn't exist", 404); - } - const { guild_id: guID } = channel; - const permission = await getPermission(usID, guID); - - if (!permission.has("MANAGE_CHANNELS")) { - throw new HTTPError("You aren't authorised to access this endpoint", 401); - } - - const invites = await InviteModel.find({ guild_id: guID }).exec(); - res.status(200).send(invites); -}); - -export default router; diff --git a/src/routes/api/v8/channels/#channel_id/messages/bulk-delete.ts b/src/routes/api/v8/channels/#channel_id/messages/bulk-delete.ts deleted file mode 100644 index c805cf08..00000000 --- a/src/routes/api/v8/channels/#channel_id/messages/bulk-delete.ts +++ /dev/null @@ -1,37 +0,0 @@ -import { Router } from "express"; -import { ChannelModel, getPermission, MessageDeleteBulkEvent, MessageModel } from "fosscord-server-util"; -import { HTTPError } from "lambert-server"; -import Config from "../../../../../../util/Config"; -import { emitEvent } from "../../../../../../util/Event"; -import { check } from "../../../../../../util/instanceOf"; - -const router: Router = Router(); - -export default router; - -// TODO: should users be able to bulk delete messages or only bots? -// TODO: should this request fail, if you provide messages older than 14 days/invalid ids? -// https://discord.com/developers/docs/resources/channel#bulk-delete-messages -router.post("/", check({ messages: [BigInt] }), async (req, res) => { - const channel_id = BigInt(req.params.channel_id); - const channel = await ChannelModel.findOne({ id: channel_id }, { permission_overwrites: true, guild_id: true }).exec(); - if (!channel?.guild_id) throw new HTTPError("Can't bulk delete dm channel messages", 400); - - const permission = await getPermission(req.user_id, channel?.guild_id, channel_id, { channel }); - if (!permission.has("MANAGE_MESSAGES")) throw new HTTPError("You are missing the MANAGE_MESSAGES permissions"); - - const { maxBulkDelete } = Config.get().limits.message; - - const { messages } = req.body as { messages: bigint[] }; - if (messages.length < 2) throw new HTTPError("You must at least specify 2 messages to bulk delete"); - if (messages.length > maxBulkDelete) throw new HTTPError(`You cannot delete more than ${maxBulkDelete} messages`); - - await MessageModel.deleteMany({ id: { $in: messages } }).exec(); - await emitEvent({ - event: "MESSAGE_DELETE_BULK", - channel_id, - data: { ids: messages, channel_id, guild_id: channel.guild_id }, - } as MessageDeleteBulkEvent); - - res.status(204).send(); -}); diff --git a/src/routes/api/v8/channels/#channel_id/messages/index.ts b/src/routes/api/v8/channels/#channel_id/messages/index.ts deleted file mode 100644 index ade048a0..00000000 --- a/src/routes/api/v8/channels/#channel_id/messages/index.ts +++ /dev/null @@ -1,136 +0,0 @@ -import { Router } from "express"; -import { ChannelModel, ChannelType, getPermission, Message, MessageCreateEvent, MessageModel, Snowflake } from "fosscord-server-util"; -import { HTTPError } from "lambert-server"; -import { MessageCreateSchema } from "../../../../../../schema/Message"; -import { check, instanceOf, Length } from "../../../../../../util/instanceOf"; -import { PublicUserProjection } from "../../../../../../util/User"; -import multer from "multer"; -import { emitEvent } from "../../../../../../util/Event"; -const router: Router = Router(); - -export default router; - -function isTextChannel(type: ChannelType): boolean { - switch (type) { - case ChannelType.GUILD_VOICE: - case ChannelType.GUILD_CATEGORY: - throw new HTTPError("not a text channel", 400); - case ChannelType.DM: - case ChannelType.GROUP_DM: - case ChannelType.GUILD_NEWS: - case ChannelType.GUILD_STORE: - case ChannelType.GUILD_TEXT: - return true; - } -} - -// https://discord.com/developers/docs/resources/channel#create-message -// get messages -router.get("/", async (req, res) => { - const channel_id = BigInt(req.params.channel_id); - const channel = await ChannelModel.findOne({ id: channel_id }, { guild_id: true, type: true, permission_overwrites: true }).exec(); - if (!channel) throw new HTTPError("Channel not found", 404); - - isTextChannel(channel.type); - - try { - instanceOf({ $around: BigInt, $after: BigInt, $before: BigInt, $limit: new Length(Number, 1, 100) }, req.query, { - path: "query", - req, - }); - } catch (error) { - return res.status(400).json({ code: 50035, message: "Invalid Query", success: false, errors: error }); - } - var { around, after, before, limit }: { around?: bigint; after?: bigint; before?: bigint; limit?: number } = req.query; - if (!limit) limit = 50; - var halfLimit = BigInt(Math.floor(limit / 2)); - - if ([ChannelType.GUILD_VOICE, ChannelType.GUILD_CATEGORY, ChannelType.GUILD_STORE].includes(channel.type)) - throw new HTTPError("Not a text channel"); - - if (channel.guild_id) { - const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel }); - if (!permissions.has("VIEW_CHANNEL")) throw new HTTPError("You don't have permission to view this channel", 401); - if (!permissions.has("READ_MESSAGE_HISTORY")) return res.json([]); - } else if (channel.recipients) { - // group/dm channel - if (!channel.recipients.includes(req.user_id)) throw new HTTPError("You don't have permission to view this channel", 401); - } - - var query: any; - if (after) query = MessageModel.find({ channel_id, id: { $gt: after } }); - else if (before) query = MessageModel.find({ channel_id, id: { $lt: before } }); - else if (around) query = MessageModel.find({ channel_id, id: { $gt: around - halfLimit, $lt: around + halfLimit } }); - else { - query = MessageModel.find({ channel_id }).sort({ id: -1 }); - } - - const messages = await query - .limit(limit) - .populate({ path: "author", select: PublicUserProjection }) - .populate({ path: "mentions", select: PublicUserProjection }) - .populate({ path: "mention_channels", select: { id: true, guild_id: true, type: true, name: true } }) - .populate("mention_roles") - // .populate({ path: "member", select: PublicMemberProjection }) - .exec(); - - return res.json(messages); -}); - -// TODO: config max upload size -const messageUpload = multer({ limits: { fieldSize: 1024 * 1024 * 1024 * 50 } }); // max upload 50 mb - -// TODO: dynamically change limit of MessageCreateSchema with config -// TODO: check: sum of all characters in an embed structure must not exceed 6000 characters - -// https://discord.com/developers/docs/resources/channel#create-message -// TODO: text channel slowdown -// TODO: trim and replace message content and every embed field -// Send message -router.post("/", check(MessageCreateSchema), async (req, res) => { - const channel_id = BigInt(req.params.channel_id); - const body = req.body as MessageCreateSchema; - - const channel = await ChannelModel.findOne({ id: channel_id }, { guild_id: true, type: true, permission_overwrites: true }).exec(); - if (!channel) throw new HTTPError("Channel not found", 404); - - if (channel.guild_id) { - const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel }); - if (!permissions.has("SEND_MESSAGES")) throw new HTTPError("You don't have the SEND_MESSAGES permission"); - if (body.tts && !permissions.has("SEND_TTS_MESSAGES")) throw new HTTPError("You are missing the SEND_TTS_MESSAGES permission"); - if (body.message_reference) { - if (!permissions.has("READ_MESSAGE_HISTORY")) - throw new HTTPError("You are missing the READ_MESSAGE_HISTORY permission to reply"); - if (body.message_reference.guild_id !== channel.guild_id) - throw new HTTPError("You can only reference messages from this guild"); - } - } - - if (body.message_reference) { - if (body.message_reference.channel_id !== channel_id) throw new HTTPError("You can only reference messages from this channel"); - // TODO: should it be checked if the message exists? - } - - const embeds = []; - if (body.embed) embeds.push(body.embed); - - const message: Message = { - id: Snowflake.generate(), - channel_id, - guild_id: channel.guild_id, - author_id: req.user_id, - content: req.body, - timestamp: new Date(), - mention_channels_ids: [], - mention_role_ids: [], - mention_user_ids: [], - attachments: [], - embeds: [], - reactions: [], - type: 0, - }; - - await new MessageModel(message).save(); - - await emitEvent({ event: "MESSAGE_CREATE", channel_id, data: {} } as MessageCreateEvent); -}); diff --git a/src/routes/api/v8/channels/#channel_id/permissions.ts b/src/routes/api/v8/channels/#channel_id/permissions.ts deleted file mode 100644 index 9a4e81fa..00000000 --- a/src/routes/api/v8/channels/#channel_id/permissions.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Router } from "express"; -const router: Router = Router(); - -export default router; diff --git a/src/routes/api/v8/channels/#channel_id/pins.ts b/src/routes/api/v8/channels/#channel_id/pins.ts deleted file mode 100644 index 9a4e81fa..00000000 --- a/src/routes/api/v8/channels/#channel_id/pins.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Router } from "express"; -const router: Router = Router(); - -export default router; diff --git a/src/routes/api/v8/channels/#channel_id/recipients.ts b/src/routes/api/v8/channels/#channel_id/recipients.ts deleted file mode 100644 index 9a4e81fa..00000000 --- a/src/routes/api/v8/channels/#channel_id/recipients.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Router } from "express"; -const router: Router = Router(); - -export default router; diff --git a/src/routes/api/v8/channels/#channel_id/typing.ts b/src/routes/api/v8/channels/#channel_id/typing.ts deleted file mode 100644 index 9a4e81fa..00000000 --- a/src/routes/api/v8/channels/#channel_id/typing.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Router } from "express"; -const router: Router = Router(); - -export default router; diff --git a/src/routes/api/v8/channels/#channel_id/webhooks.ts b/src/routes/api/v8/channels/#channel_id/webhooks.ts deleted file mode 100644 index 9a4e81fa..00000000 --- a/src/routes/api/v8/channels/#channel_id/webhooks.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Router } from "express"; -const router: Router = Router(); - -export default router; diff --git a/src/routes/api/v8/guilds/#id/bans.ts b/src/routes/api/v8/guilds/#id/bans.ts deleted file mode 100644 index 5133ee3c..00000000 --- a/src/routes/api/v8/guilds/#id/bans.ts +++ /dev/null @@ -1,93 +0,0 @@ -import { Request, Response, Router } from "express"; -import { BanModel, getPermission, GuildBanAddEvent, GuildBanRemoveEvent, GuildModel } from "fosscord-server-util"; -import { HTTPError } from "lambert-server"; -import { getIpAdress } from "../../../../../middlewares/GlobalRateLimit"; -import { BanCreateSchema } from "../../../../../schema/Ban"; -import { emitEvent } from "../../../../../util/Event"; -import { check } from "../../../../../util/instanceOf"; -import { removeMember } from "../../../../../util/Member"; -import { getPublicUser } from "../../../../../util/User"; - -const router: Router = Router(); - -router.get("/", async (req: Request, res: Response) => { - const guild_id = BigInt(req.params.id); - - const guild = await GuildModel.findOne({ id: guild_id }).exec(); - if (!guild) throw new HTTPError("Guild not found", 404); - - var bans = await BanModel.find({ guild_id: guild_id }).exec(); - return res.json(bans); -}); - -router.get("/:user", async (req: Request, res: Response) => { - const guild_id = BigInt(req.params.id); - const user_id = BigInt(req.params.ban); - - var ban = await BanModel.findOne({ guild_id: guild_id, user_id: user_id }).exec(); - if (!ban) throw new HTTPError("Ban not found", 404); - return res.json(ban); -}); - -router.post("/:user_id", check(BanCreateSchema), async (req: Request, res: Response) => { - const guild_id = BigInt(req.params.id); - const banned_user_id = BigInt(req.params.user_id); - - const banned_user = await getPublicUser(banned_user_id); - const perms = await getPermission(req.user_id, guild_id); - if (!perms.has("BAN_MEMBERS")) throw new HTTPError("You don't have the permission to ban members", 403); - if (req.user_id === banned_user_id) throw new HTTPError("You can't ban yourself", 400); - - await removeMember(banned_user_id, guild_id); - - const ban = await new BanModel({ - user_id: banned_user_id, - guild_id: guild_id, - ip: getIpAdress(req), - executor_id: req.user_id, - reason: req.body.reason, // || otherwise empty - }).save(); - - await emitEvent({ - event: "GUILD_BAN_ADD", - data: { - guild_id: guild_id, - user: banned_user, - }, - guild_id: guild_id, - } as GuildBanAddEvent); - - return res.json(ban).send(); -}); - -router.delete("/:user_id", async (req: Request, res: Response) => { - var guild_id = BigInt(req.params.id); - var banned_user_id = BigInt(req.params.user_id); - - const banned_user = await getPublicUser(banned_user_id); - const guild = await GuildModel.findOne({ id: guild_id }, { id: true }).exec(); - if (!guild) throw new HTTPError("Guild not found", 404); - - const perms = await getPermission(req.user_id, guild.id); - if (!perms.has("BAN_MEMBERS")) { - throw new HTTPError("No permissions", 403); - } - - await BanModel.deleteOne({ - user_id: banned_user_id, - guild_id: guild.id, - }).exec(); - - await emitEvent({ - event: "GUILD_BAN_REMOVE", - data: { - guild_id: guild.id, - user: banned_user, - }, - guild_id: guild.id, - } as GuildBanRemoveEvent); - - return res.status(204).send(); -}); - -export default router; diff --git a/src/routes/api/v8/guilds/#id/channels.ts b/src/routes/api/v8/guilds/#id/channels.ts deleted file mode 100644 index 1316a2ca..00000000 --- a/src/routes/api/v8/guilds/#id/channels.ts +++ /dev/null @@ -1,51 +0,0 @@ -import { Router } from "express"; -import { ChannelModel, ChannelType, GuildModel, Snowflake } from "fosscord-server-util"; -import { HTTPError } from "lambert-server"; -import { ChannelModifySchema } from "../../../../../schema/Channel"; -import { check } from "../../../../../util/instanceOf"; -const router = Router(); - -router.get("/", async (req, res) => { - const guild_id = BigInt(req.params.id); - const channels = await ChannelModel.find({ guild_id }).exec(); - - res.json(channels); -}); - -router.post("/", check(ChannelModifySchema), async (req, res) => { - const guild_id = BigInt(req.params.id); - const body = req.body as ChannelModifySchema; - if (!body.permission_overwrites) body.permission_overwrites = []; - if (!body.topic) body.topic = ""; - if (!body.rate_limit_per_user) body.rate_limit_per_user = 0; - switch (body.type) { - case ChannelType.DM: - case ChannelType.GROUP_DM: - throw new HTTPError("You can't create a dm channel in a guild"); - // TODO: - case ChannelType.GUILD_STORE: - throw new HTTPError("Not yet supported"); - case ChannelType.GUILD_NEWS: - // TODO: check if guild is community server - } - - if (body.parent_id) { - const exists = ChannelModel.findOne({ channel_id: body.parent_id }).exec(); - if (!exists) throw new HTTPError("Parent id channel doesn't exist", 400); - } - - const guild = await GuildModel.findOne({ id: guild_id }, { id: true }).exec(); - if (!guild) throw new HTTPError("Guild not found", 4040); - - const channel = { - ...body, - id: Snowflake.generate(), - created_at: new Date(), - guild_id, - }; - await new ChannelModel(channel).save(); - - res.json(channel); -}); - -export default router; diff --git a/src/routes/api/v8/guilds/#id/index.ts b/src/routes/api/v8/guilds/#id/index.ts deleted file mode 100644 index e86d9416..00000000 --- a/src/routes/api/v8/guilds/#id/index.ts +++ /dev/null @@ -1,73 +0,0 @@ -import { Request, Response, Router } from "express"; -import { - ChannelModel, - EmojiModel, - getPermission, - GuildDeleteEvent, - GuildModel, - InviteModel, - MemberModel, - MessageModel, - RoleModel, - UserModel, -} from "fosscord-server-util"; -import { HTTPError } from "lambert-server"; -import { GuildUpdateSchema } from "../../../../../schema/Guild"; -import { emitEvent } from "../../../../../util/Event"; -import { check } from "../../../../../util/instanceOf"; - -const router = Router(); - -router.get("/", async (req: Request, res: Response) => { - const guild_id = BigInt(req.params.id); - - const guild = await GuildModel.findOne({ id: guild_id }).exec(); - if (!guild) throw new HTTPError("Guild does not exist", 404); - - const member = await MemberModel.findOne({ guild_id: guild_id, id: req.user_id }, "id").exec(); - if (!member) throw new HTTPError("You are not a member of the guild you are trying to access", 401); - - return res.json(guild); -}); - -router.patch("/", check(GuildUpdateSchema), async (req: Request, res: Response) => { - const body = req.body as GuildUpdateSchema; - const guild_id = BigInt(req.params.id); - - const guild = await GuildModel.findOne({ id: guild_id }).exec(); - if (!guild) throw new HTTPError("This guild does not exist", 404); - - const perms = await getPermission(req.user_id, guild_id); - if (!perms.has("MANAGE_GUILD")) throw new HTTPError("You do not have the MANAGE_GUILD permission", 401); - - await GuildModel.updateOne({ id: guild_id }, body).exec(); - return res.status(204); -}); - -router.delete("/", async (req: Request, res: Response) => { - var guild_id = BigInt(req.params.id); - - const guild = await GuildModel.findOne({ id: guild_id }, "owner_id").exec(); - if (!guild) throw new HTTPError("This guild does not exist", 404); - if (guild.owner_id !== req.user_id) throw new HTTPError("You are not the owner of this guild", 401); - - await emitEvent({ - event: "GUILD_DELETE", - data: { - id: guild_id, - }, - guild_id: guild_id, - } as GuildDeleteEvent); - - await GuildModel.deleteOne({ id: guild_id }).exec(); - await UserModel.updateMany({ guilds: guild_id }, { $pull: { guilds: guild_id } }).exec(); - await RoleModel.deleteMany({ guild_id }).exec(); - await ChannelModel.deleteMany({ guild_id }).exec(); - await EmojiModel.deleteMany({ guild_id }).exec(); - await InviteModel.deleteMany({ guild_id }).exec(); - await MessageModel.deleteMany({ guild_id }).exec(); - - return res.status(204).send(); -}); - -export default router; diff --git a/src/routes/api/v8/guilds/#id/members.ts b/src/routes/api/v8/guilds/#id/members.ts deleted file mode 100644 index 0aed61ae..00000000 --- a/src/routes/api/v8/guilds/#id/members.ts +++ /dev/null @@ -1,54 +0,0 @@ -import { Request, Response, Router } from "express"; -import { GuildModel, MemberModel } from "fosscord-server-util"; -import { HTTPError } from "lambert-server"; -import { instanceOf, Length } from "../../../../../util/instanceOf"; -import { PublicMemberProjection } from "../../../../../util/Member"; -import { PublicUserProjection } from "../../../../../util/User"; - -const router = Router(); - -// TODO: not allowed for user -> only allowed for bots with privileged intents -// TODO: send over websocket -router.get("/", async (req: Request, res: Response) => { - const guild_id = BigInt(req.params.id); - const guild = await GuildModel.findOne({ id: guild_id }).exec(); - if (!guild) throw new HTTPError("Guild not found", 404); - - try { - instanceOf({ $limit: new Length(Number, 1, 1000), $after: BigInt }, req.query, { - path: "query", - req, - ref: { obj: null, key: "" }, - }); - } catch (error) { - return res.status(400).json({ code: 50035, message: "Invalid Query", success: false, errors: error }); - } - - // @ts-ignore - if (!req.query.limit) req.query.limit = 1; - const { limit, after } = (req.query) as { limit: number; after: bigint }; - const query = after ? { id: { $gt: after } } : {}; - - var members = await MemberModel.find({ guild_id, ...query }, PublicMemberProjection) - .limit(limit) - .populate({ path: "user", select: PublicUserProjection }) - .exec(); - - return res.json(members); -}); - -router.get("/:member", async (req: Request, res: Response) => { - const guild_id = BigInt(req.params.id); - const user_id = BigInt(req.params.member); - - const member = await MemberModel.findOne({ id: user_id, guild_id }).populate({ path: "user", select: PublicUserProjection }).exec(); - if (!member) throw new HTTPError("Member not found", 404); - - return res.json(member); -}); - -router.put("/:member", async (req: Request, res: Response) => { - // https://discord.com/developers/docs/resources/guild#add-guild-member -}); - -export default router; diff --git a/src/routes/api/v8/guilds/index.ts b/src/routes/api/v8/guilds/index.ts deleted file mode 100644 index 319184ad..00000000 --- a/src/routes/api/v8/guilds/index.ts +++ /dev/null @@ -1,81 +0,0 @@ -import { Router, Request, Response } from "express"; -import { RoleModel, GuildModel, Snowflake, Guild } from "fosscord-server-util"; -import { HTTPError } from "lambert-server"; -import { check } from "./../../../../util/instanceOf"; -import { GuildCreateSchema } from "../../../../schema/Guild"; -import Config from "../../../../util/Config"; -import { getPublicUser } from "../../../../util/User"; -import { addMember } from "../../../../util/Member"; - -const router: Router = Router(); - -router.post("/", check(GuildCreateSchema), async (req: Request, res: Response) => { - const body = req.body as GuildCreateSchema; - - const { maxGuilds } = Config.get().limits.user; - const user = await getPublicUser(req.user_id, { guilds: true }); - - if (user.guilds.length >= maxGuilds) { - throw new HTTPError(`Maximum number of guilds reached ${maxGuilds}`, 403); - } - - const guild_id = Snowflake.generate(); - const guild: Guild = { - name: body.name, - region: body.region || "en-US", - owner_id: req.user_id, - icon: undefined, - afk_channel_id: undefined, - afk_timeout: 300, - application_id: undefined, - banner: undefined, - default_message_notifications: undefined, - description: undefined, - splash: undefined, - discovery_splash: undefined, - explicit_content_filter: undefined, - features: [], - id: guild_id, - large: undefined, - max_members: 250000, - max_presences: 250000, - max_video_channel_users: 25, - presence_count: 0, - member_count: 0, // will automatically be increased by addMember() - mfa_level: 0, - preferred_locale: "en-US", - premium_subscription_count: 0, - premium_tier: 0, - public_updates_channel_id: undefined, - rules_channel_id: undefined, - system_channel_flags: undefined, - system_channel_id: undefined, - unavailable: false, - vanity_url_code: undefined, - verification_level: undefined, - welcome_screen: [], - widget_channel_id: undefined, - widget_enabled: false, - }; - - await Promise.all([ - new GuildModel(guild).save(), - new RoleModel({ - id: guild_id, - guild_id: guild_id, - color: 0, - hoist: false, - managed: true, - mentionable: true, - name: "@everyone", - permissions: 2251804225n, - position: 0, - tags: null, - }).save(), - ]); - await addMember(req.user_id, guild_id, { guild }); - - res.status(201).json({ id: guild.id }); -}); - -export default router; diff --git a/src/routes/api/v8/guilds/templates/index.ts b/src/routes/api/v8/guilds/templates/index.ts deleted file mode 100644 index 9a4e81fa..00000000 --- a/src/routes/api/v8/guilds/templates/index.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Router } from "express"; -const router: Router = Router(); - -export default router; diff --git a/src/routes/api/v8/invites/index.ts b/src/routes/api/v8/invites/index.ts deleted file mode 100644 index 9a4e81fa..00000000 --- a/src/routes/api/v8/invites/index.ts +++ /dev/null @@ -1,4 +0,0 @@ -import { Router } from "express"; -const router: Router = Router(); - -export default router; diff --git a/src/routes/api/v8/users/@me/guilds.ts b/src/routes/api/v8/users/@me/guilds.ts deleted file mode 100644 index a2a64ce6..00000000 --- a/src/routes/api/v8/users/@me/guilds.ts +++ /dev/null @@ -1,50 +0,0 @@ -import { Router, Request, Response } from "express"; -import { GuildModel, MemberModel, UserModel, GuildDeleteEvent, GuildMemberRemoveEvent } from "fosscord-server-util"; -import { HTTPError } from "lambert-server"; -import { emitEvent } from "../../../../../util/Event"; -import { getPublicUser } from "../../../../../util/User"; - -const router: Router = Router(); - -router.get("/", async (req: Request, res: Response) => { - const user = await UserModel.findOne({ id: req.user_id }, { guilds: true }).exec(); - if (!user) throw new HTTPError("User not found", 404); - - var guildIDs = user.guilds || []; - var guild = await GuildModel.find({ id: { $in: guildIDs } }).exec(); - res.json(guild); -}); - -// user send to leave a certain guild -router.delete("/:id", async (req: Request, res: Response) => { - const guildID = BigInt(req.params.id); - const guild = await GuildModel.findOne({ id: guildID }).exec(); - - if (!guild) throw new HTTPError("Guild doesn't exist", 404); - if (guild.owner_id === req.user_id) throw new HTTPError("You can't leave your own guild", 400); - - await MemberModel.deleteOne({ id: req.user_id, guild_id: guildID }).exec(); - await UserModel.updateOne({ id: req.user_id }, { $pull: { guilds: guildID } }).exec(); - const user = await getPublicUser(req.user_id); - - await emitEvent({ - event: "GUILD_DELETE", - data: { - id: guildID, - }, - user_id: req.user_id, - } as GuildDeleteEvent); - - await emitEvent({ - event: "GUILD_MEMBER_REMOVE", - data: { - guild_id: guildID, - user: user, - }, - guild_id: guildID, - } as GuildMemberRemoveEvent); - - return res.status(204).send(); -}); - -export default router; diff --git a/src/routes/api/v8/users/@me/index.ts b/src/routes/api/v8/users/@me/index.ts deleted file mode 100644 index 32877dcc..00000000 --- a/src/routes/api/v8/users/@me/index.ts +++ /dev/null @@ -1,15 +0,0 @@ -import { Router, Request, Response } from "express"; -import { UserModel } from "fosscord-server-util"; -import { HTTPError } from "lambert-server"; - -const router: Router = Router(); - -router.get("/", async (req: Request, res: Response) => { - // TODO: user projection - const user = await UserModel.findOne({ id: req.user_id }).exec(); - if (!user) throw new HTTPError("User not found", 404); - - res.json(user); -}); - -export default router; diff --git a/src/routes/assets/index.ts b/src/routes/assets/index.ts deleted file mode 100644 index df30d13e..00000000 --- a/src/routes/assets/index.ts +++ /dev/null @@ -1,34 +0,0 @@ -/** - * * patch to redirect requests from cloned client - * (../../client/index.html) - */ -import { Router } from "express"; -import fetch, { Response } from "node-fetch"; - -const router: Router = Router(); -const cache = new Map(); -const assetEndpoint = "https://discord.com/assets/"; - -export async function getCache(key: string): Promise { - let cachedRessource = cache.get(key); - - if (!cachedRessource) { - const res = await fetch(assetEndpoint + key); - // @ts-ignore - res.bufferResponse = await res.buffer(); - cache.set(key, res); - cachedRessource = res; - } - - return cachedRessource; -} - -router.get("/:hash", async (req, res) => { - res.set("Cache-Control", "public, max-age=" + 60 * 60 * 24); - const cache = await getCache(req.params.hash); - res.set("content-type", cache.headers.get("content-type")); - // @ts-ignore - res.send(cache.bufferResponse); -}); - -export default router; diff --git a/src/routes/auth/login.ts b/src/routes/auth/login.ts new file mode 100644 index 00000000..3f924e7c --- /dev/null +++ b/src/routes/auth/login.ts @@ -0,0 +1,93 @@ +import { Request, Response, Router } from "express"; +import { check, FieldErrors, Length } from "../../../../util/instanceOf"; +import bcrypt from "bcrypt"; +import jwt from "jsonwebtoken"; +import { User, UserModel } from "fosscord-server-util"; +import Config from "../../../../util/Config"; +import { adjustEmail } from "./register"; + +const router: Router = Router(); +export default router; + +router.post( + "/", + check({ + login: new Length(String, 2, 100), // email or telephone + password: new Length(String, 8, 64), + $undelete: Boolean, + $captcha_key: String, + $login_source: String, + $gift_code_sku_id: String, + }), + async (req: Request, res: Response) => { + const { login, password } = req.body; + const email = adjustEmail(login); + const query: any[] = [{ phone: login }]; + if (email) query.push({ email }); + + // * MongoDB Specific query for user with same email or phone number + const user = await UserModel.findOne( + { + $or: query, + }, + `hash id user_settings.locale user_settings.theme` + ).exec(); + + if (!user) { + throw FieldErrors({ + login: { message: req.t("auth:login.INVALID_LOGIN"), code: "INVALID_LOGIN" }, + }); + } + + // the salt is saved in the password refer to bcrypt docs + const same_password = await bcrypt.compare(password, user.hash); + if (!same_password) { + throw FieldErrors({ + password: { message: req.t("auth:login.INVALID_PASSWORD"), code: "INVALID_PASSWORD" }, + }); + } + + const token = await generateToken(user.id); + + // Notice this will have a different token structure, than discord + // Discord header is just the user id as string, which is not possible with npm-jsonwebtoken package + // https://user-images.githubusercontent.com/6506416/81051916-dd8c9900-8ec2-11ea-8794-daf12d6f31f0.png + + res.json({ token, user_settings: user.user_settings }); + } +); + +export async function generateToken(id: bigint) { + const iat = Math.floor(Date.now() / 1000); + const algorithm = "HS256"; + + return new Promise((res, rej) => { + jwt.sign( + { id: `${id}`, iat }, + Config.get().security.jwtSecret, + { + algorithm, + }, + (err, token) => { + if (err) return rej(err); + return res(token); + } + ); + }); +} + +/** + * POST /auth/login + * @argument { login: "email@gmail.com", password: "cleartextpassword", undelete: false, captcha_key: null, login_source: null, gift_code_sku_id: null, } + + + * MFA required: + * @returns {"token": null, "mfa": true, "sms": true, "ticket": "SOME TICKET JWT TOKEN"} + + * Captcha required: + * @returns {"captcha_key": ["captcha-required"], "captcha_sitekey": null, "captcha_service": "recaptcha"} + + * Sucess: + * @returns {"token": "USERTOKEN", "user_settings": {"locale": "en", "theme": "dark"}} + + */ diff --git a/src/routes/auth/register.ts b/src/routes/auth/register.ts new file mode 100644 index 00000000..99df82f1 --- /dev/null +++ b/src/routes/auth/register.ts @@ -0,0 +1,262 @@ +import { Request, Response, Router } from "express"; +import Config from "../../../../util/Config"; +import { trimSpecial, User, Snowflake, UserModel } from "fosscord-server-util"; +import bcrypt from "bcrypt"; +import { check, Email, EMAIL_REGEX, FieldErrors, Length } from "../../../../util/instanceOf"; +import "missing-native-js-functions"; +import { generateToken } from "./login"; + +const router: Router = Router(); + +router.post( + "/", + check({ + username: new Length(String, 2, 32), + // TODO: check min password length in config + // prevent Denial of Service with max length of 64 chars + password: new Length(String, 8, 64), + consent: Boolean, + $email: new Length(Email, 5, 100), + $fingerprint: String, + $invite: String, + $date_of_birth: Date, // "2000-04-03" + $gift_code_sku_id: String, + $captcha_key: String, + }), + async (req: Request, res: Response) => { + const { + email, + username, + password, + consent, + fingerprint, + invite, + date_of_birth, + gift_code_sku_id, // ? what is this + captcha_key, + } = req.body; + // TODO: automatically join invite + // TODO: gift_code_sku_id? + // TODO: check password strength + + // adjusted_email will be slightly modified version of the user supplied email -> e.g. protection against GMail Trick + let adjusted_email: string | undefined = adjustEmail(email); + + // adjusted_password will be the hash of the password + let adjusted_password: string = ""; + + // trim special uf8 control characters -> Backspace, Newline, ... + let adjusted_username: string = trimSpecial(username); + + // discriminator will be randomly generated + let discriminator = ""; + + // get register Config + const { register } = Config.get(); + + // check if registration is allowed + if (!register.allowNewRegistration) { + throw FieldErrors({ + email: { code: "REGISTRATION_DISABLED", message: req.t("auth:register.REGISTRATION_DISABLED") }, + }); + } + + // check if the user agreed to the Terms of Service + if (!consent) { + throw FieldErrors({ + consent: { code: "CONSENT_REQUIRED", message: req.t("auth:register.CONSENT_REQUIRED") }, + }); + } + + // require invite to register -> e.g. for organizations to send invites to their employees + if (register.requireInvite && !invite) { + throw FieldErrors({ + email: { code: "INVITE_ONLY", message: req.t("auth:register.INVITE_ONLY") }, + }); + } + + if (email) { + // replace all dots and chars after +, if its a gmail.com email + if (!adjusted_email) throw FieldErrors({ email: { code: "INVALID_EMAIL", message: "Invalid Email format" } }); + + // check if there is already an account with this email + const exists = await UserModel.findOne({ email: adjusted_email }).exec(); + + if (exists) { + throw FieldErrors({ + email: { + code: "EMAIL_ALREADY_REGISTERED", + message: req.t("auth.register.EMAIL_ALREADY_REGISTERED"), + }, + }); + } + } else if (register.email.required) { + throw FieldErrors({ + email: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") }, + }); + } + + if (register.dateOfBirth.required && !date_of_birth) { + throw FieldErrors({ + date_of_birth: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") }, + }); + } else if (register.dateOfBirth.minimum) { + const minimum = new Date(); + minimum.setFullYear(minimum.getFullYear() - register.dateOfBirth.minimum); + + // higher is younger + if (date_of_birth > minimum) { + throw FieldErrors({ + date_of_birth: { + code: "DATE_OF_BIRTH_UNDERAGE", + message: req.t("auth:register.DATE_OF_BIRTH_UNDERAGE", { years: register.dateOfBirth.minimum }), + }, + }); + } + } + + if (!register.allowMultipleAccounts) { + // TODO: check if fingerprint was eligible generated + const exists = await UserModel.findOne({ fingerprints: fingerprint }).exec(); + + if (exists) { + throw FieldErrors({ + email: { + code: "EMAIL_ALREADY_REGISTERED", + message: req.t("auth:register.EMAIL_ALREADY_REGISTERED"), + }, + }); + } + } + + if (register.requireCaptcha) { + if (!captcha_key) { + const { sitekey, service } = Config.get().security.captcha; + return res.status(400).json({ + captcha_key: ["captcha-required"], + captcha_sitekey: sitekey, + captcha_service: service, + }); + } + + // TODO: check captcha + } + + // the salt is saved in the password refer to bcrypt docs + adjusted_password = await bcrypt.hash(password, 12); + + let exists; + // randomly generates a discriminator between 1 and 9999 and checks max five times if it already exists + // if it all five times already exists, abort with USERNAME_TOO_MANY_USERS error + // else just continue + // TODO: is there any better way to generate a random discriminator only once, without checking if it already exists in the mongodb database? + for (let tries = 0; tries < 5; tries++) { + discriminator = Math.randomIntBetween(1, 9999).toString().padStart(4, "0"); + exists = await UserModel.findOne({ discriminator, username: adjusted_username }, "id").exec(); + if (!exists) break; + } + + if (exists) { + throw FieldErrors({ + username: { + code: "USERNAME_TOO_MANY_USERS", + message: req.t("auth:register.USERNAME_TOO_MANY_USERS"), + }, + }); + } + + // constructing final user object + // TODO fix: + // @ts-ignore + const user: User = { + id: Snowflake.generate(), + created_at: new Date(), + username: adjusted_username, + discriminator, + avatar: null, + bot: false, + system: false, + mfa_enabled: false, + verified: false, + email: adjusted_email, + flags: 0n, // TODO: generate default flags + hash: adjusted_password, + guilds: [], + valid_tokens_since: new Date(), + user_settings: { + afk_timeout: 300, + allow_accessibility_detection: true, + animate_emoji: true, + animate_stickers: 0, + contact_sync_enabled: false, + convert_emoticons: false, + custom_status: { + emoji_id: null, + emoji_name: null, + expires_at: null, + text: null, + }, + default_guilds_restricted: false, + detect_platform_accounts: true, + developer_mode: false, + disable_games_tab: false, + enable_tts_command: true, + explicit_content_filter: 0, + friend_source_flags: { all: true }, + gateway_connected: false, + gif_auto_play: true, + guild_folders: [], + guild_positions: [], + inline_attachment_media: true, + inline_embed_media: true, + locale: req.language, + message_display_compact: false, + native_phone_integration_enabled: true, + render_embeds: true, + render_reactions: true, + restricted_guilds: [], + show_current_game: true, + status: "offline", + stream_notifications_enabled: true, + theme: "dark", + timezone_offset: 0, + // timezone_offset: // TODO: timezone from request + }, + }; + + // insert user into database + await new UserModel(user).save({}); + + return res.json({ token: await generateToken(user.id) }); + } +); + +export function adjustEmail(email: string): string | undefined { + // body parser already checked if it is a valid email + const parts = email.match(EMAIL_REGEX); + // @ts-ignore + if (!parts || parts.length < 5) return undefined; + const domain = parts[5]; + const user = parts[1]; + + // TODO: check accounts with uncommon email domains + if (domain === "gmail.com" || domain === "googlemail.com") { + // replace .dots and +alternatives -> Gmail Dot Trick https://support.google.com/mail/answer/7436150 and https://generator.email/blog/gmail-generator + return user.replace(/[.]|(\+.*)/g, "") + "@gmail.com"; + } + + return email; +} + +export default router; + +/** + * POST /auth/register + * @argument { "fingerprint":"805826570869932034.wR8vi8lGlFBJerErO9LG5NViJFw", "email":"qo8etzvaf@gmail.com", "username":"qp39gr98", "password":"wtp9gep9gw", "invite":null, "consent":true, "date_of_birth":"2000-04-04", "gift_code_sku_id":null, "captcha_key":null} + * + * Field Error + * @returns { "code": 50035, "errors": { "consent": { "_errors": [{ "code": "CONSENT_REQUIRED", "message": "You must agree to Discord's Terms of Service and Privacy Policy." }]}}, "message": "Invalid Form Body"} + * + * Success 201: + * @returns {token: "OMITTED"} + */ diff --git a/src/routes/channels/#channel_id/followers.ts b/src/routes/channels/#channel_id/followers.ts new file mode 100644 index 00000000..9a4e81fa --- /dev/null +++ b/src/routes/channels/#channel_id/followers.ts @@ -0,0 +1,4 @@ +import { Router } from "express"; +const router: Router = Router(); + +export default router; diff --git a/src/routes/channels/#channel_id/index.ts b/src/routes/channels/#channel_id/index.ts new file mode 100644 index 00000000..9a4e81fa --- /dev/null +++ b/src/routes/channels/#channel_id/index.ts @@ -0,0 +1,4 @@ +import { Router } from "express"; +const router: Router = Router(); + +export default router; diff --git a/src/routes/channels/#channel_id/invites.ts b/src/routes/channels/#channel_id/invites.ts new file mode 100644 index 00000000..4c21e7d4 --- /dev/null +++ b/src/routes/channels/#channel_id/invites.ts @@ -0,0 +1,67 @@ +import { Router, Request, Response } from "express"; +import { HTTPError } from "lambert-server"; + +import { check } from "../../../../../util/instanceOf"; +import { random } from "../../../../../util/RandomInviteID"; +import { emitEvent } from "../../../../../util/Event"; + +import { InviteCreateSchema } from "../../../../../schema/Invite"; + +import { getPermission, ChannelModel, InviteModel, InviteCreateEvent } from "fosscord-server-util"; + +const router: Router = Router(); + +router.post("/", check(InviteCreateSchema), async (req: Request, res: Response) => { + const usID = req.user_id; + const chID = BigInt(req.params.channel_id); + const channel = await ChannelModel.findOne({ id: chID }).exec(); + + if (!channel || !channel.guild_id) { + throw new HTTPError("This channel doesn't exist", 404); + } + const { guild_id: guID } = channel; + + const permission = await getPermission(usID, guID); + + if (!permission.has("CREATE_INSTANT_INVITE")) { + throw new HTTPError("You aren't authorised to access this endpoint", 401); + } + + const invite = { + code: random(), + temporary: req.body.temporary, + uses: 0, + max_uses: req.body.max_uses, + max_age: req.body.max_age, + created_at: new Date(), + guild_id: guID, + channel_id: chID, + inviter_id: usID, + }; + + await new InviteModel(invite).save(); + + await emitEvent({ event: "INVITE_CREATE", data: invite } as InviteCreateEvent); + res.status(201).send(invite); +}); + +router.get("/", async (req: Request, res: Response) => { + const usID = req.user_id; + const chID = BigInt(req.params.channel_id); + const channel = await ChannelModel.findOne({ id: chID }).exec(); + + if (!channel || !channel.guild_id) { + throw new HTTPError("This channel doesn't exist", 404); + } + const { guild_id: guID } = channel; + const permission = await getPermission(usID, guID); + + if (!permission.has("MANAGE_CHANNELS")) { + throw new HTTPError("You aren't authorised to access this endpoint", 401); + } + + const invites = await InviteModel.find({ guild_id: guID }).exec(); + res.status(200).send(invites); +}); + +export default router; diff --git a/src/routes/channels/#channel_id/messages/bulk-delete.ts b/src/routes/channels/#channel_id/messages/bulk-delete.ts new file mode 100644 index 00000000..c805cf08 --- /dev/null +++ b/src/routes/channels/#channel_id/messages/bulk-delete.ts @@ -0,0 +1,37 @@ +import { Router } from "express"; +import { ChannelModel, getPermission, MessageDeleteBulkEvent, MessageModel } from "fosscord-server-util"; +import { HTTPError } from "lambert-server"; +import Config from "../../../../../../util/Config"; +import { emitEvent } from "../../../../../../util/Event"; +import { check } from "../../../../../../util/instanceOf"; + +const router: Router = Router(); + +export default router; + +// TODO: should users be able to bulk delete messages or only bots? +// TODO: should this request fail, if you provide messages older than 14 days/invalid ids? +// https://discord.com/developers/docs/resources/channel#bulk-delete-messages +router.post("/", check({ messages: [BigInt] }), async (req, res) => { + const channel_id = BigInt(req.params.channel_id); + const channel = await ChannelModel.findOne({ id: channel_id }, { permission_overwrites: true, guild_id: true }).exec(); + if (!channel?.guild_id) throw new HTTPError("Can't bulk delete dm channel messages", 400); + + const permission = await getPermission(req.user_id, channel?.guild_id, channel_id, { channel }); + if (!permission.has("MANAGE_MESSAGES")) throw new HTTPError("You are missing the MANAGE_MESSAGES permissions"); + + const { maxBulkDelete } = Config.get().limits.message; + + const { messages } = req.body as { messages: bigint[] }; + if (messages.length < 2) throw new HTTPError("You must at least specify 2 messages to bulk delete"); + if (messages.length > maxBulkDelete) throw new HTTPError(`You cannot delete more than ${maxBulkDelete} messages`); + + await MessageModel.deleteMany({ id: { $in: messages } }).exec(); + await emitEvent({ + event: "MESSAGE_DELETE_BULK", + channel_id, + data: { ids: messages, channel_id, guild_id: channel.guild_id }, + } as MessageDeleteBulkEvent); + + res.status(204).send(); +}); diff --git a/src/routes/channels/#channel_id/messages/index.ts b/src/routes/channels/#channel_id/messages/index.ts new file mode 100644 index 00000000..ade048a0 --- /dev/null +++ b/src/routes/channels/#channel_id/messages/index.ts @@ -0,0 +1,136 @@ +import { Router } from "express"; +import { ChannelModel, ChannelType, getPermission, Message, MessageCreateEvent, MessageModel, Snowflake } from "fosscord-server-util"; +import { HTTPError } from "lambert-server"; +import { MessageCreateSchema } from "../../../../../../schema/Message"; +import { check, instanceOf, Length } from "../../../../../../util/instanceOf"; +import { PublicUserProjection } from "../../../../../../util/User"; +import multer from "multer"; +import { emitEvent } from "../../../../../../util/Event"; +const router: Router = Router(); + +export default router; + +function isTextChannel(type: ChannelType): boolean { + switch (type) { + case ChannelType.GUILD_VOICE: + case ChannelType.GUILD_CATEGORY: + throw new HTTPError("not a text channel", 400); + case ChannelType.DM: + case ChannelType.GROUP_DM: + case ChannelType.GUILD_NEWS: + case ChannelType.GUILD_STORE: + case ChannelType.GUILD_TEXT: + return true; + } +} + +// https://discord.com/developers/docs/resources/channel#create-message +// get messages +router.get("/", async (req, res) => { + const channel_id = BigInt(req.params.channel_id); + const channel = await ChannelModel.findOne({ id: channel_id }, { guild_id: true, type: true, permission_overwrites: true }).exec(); + if (!channel) throw new HTTPError("Channel not found", 404); + + isTextChannel(channel.type); + + try { + instanceOf({ $around: BigInt, $after: BigInt, $before: BigInt, $limit: new Length(Number, 1, 100) }, req.query, { + path: "query", + req, + }); + } catch (error) { + return res.status(400).json({ code: 50035, message: "Invalid Query", success: false, errors: error }); + } + var { around, after, before, limit }: { around?: bigint; after?: bigint; before?: bigint; limit?: number } = req.query; + if (!limit) limit = 50; + var halfLimit = BigInt(Math.floor(limit / 2)); + + if ([ChannelType.GUILD_VOICE, ChannelType.GUILD_CATEGORY, ChannelType.GUILD_STORE].includes(channel.type)) + throw new HTTPError("Not a text channel"); + + if (channel.guild_id) { + const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel }); + if (!permissions.has("VIEW_CHANNEL")) throw new HTTPError("You don't have permission to view this channel", 401); + if (!permissions.has("READ_MESSAGE_HISTORY")) return res.json([]); + } else if (channel.recipients) { + // group/dm channel + if (!channel.recipients.includes(req.user_id)) throw new HTTPError("You don't have permission to view this channel", 401); + } + + var query: any; + if (after) query = MessageModel.find({ channel_id, id: { $gt: after } }); + else if (before) query = MessageModel.find({ channel_id, id: { $lt: before } }); + else if (around) query = MessageModel.find({ channel_id, id: { $gt: around - halfLimit, $lt: around + halfLimit } }); + else { + query = MessageModel.find({ channel_id }).sort({ id: -1 }); + } + + const messages = await query + .limit(limit) + .populate({ path: "author", select: PublicUserProjection }) + .populate({ path: "mentions", select: PublicUserProjection }) + .populate({ path: "mention_channels", select: { id: true, guild_id: true, type: true, name: true } }) + .populate("mention_roles") + // .populate({ path: "member", select: PublicMemberProjection }) + .exec(); + + return res.json(messages); +}); + +// TODO: config max upload size +const messageUpload = multer({ limits: { fieldSize: 1024 * 1024 * 1024 * 50 } }); // max upload 50 mb + +// TODO: dynamically change limit of MessageCreateSchema with config +// TODO: check: sum of all characters in an embed structure must not exceed 6000 characters + +// https://discord.com/developers/docs/resources/channel#create-message +// TODO: text channel slowdown +// TODO: trim and replace message content and every embed field +// Send message +router.post("/", check(MessageCreateSchema), async (req, res) => { + const channel_id = BigInt(req.params.channel_id); + const body = req.body as MessageCreateSchema; + + const channel = await ChannelModel.findOne({ id: channel_id }, { guild_id: true, type: true, permission_overwrites: true }).exec(); + if (!channel) throw new HTTPError("Channel not found", 404); + + if (channel.guild_id) { + const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel }); + if (!permissions.has("SEND_MESSAGES")) throw new HTTPError("You don't have the SEND_MESSAGES permission"); + if (body.tts && !permissions.has("SEND_TTS_MESSAGES")) throw new HTTPError("You are missing the SEND_TTS_MESSAGES permission"); + if (body.message_reference) { + if (!permissions.has("READ_MESSAGE_HISTORY")) + throw new HTTPError("You are missing the READ_MESSAGE_HISTORY permission to reply"); + if (body.message_reference.guild_id !== channel.guild_id) + throw new HTTPError("You can only reference messages from this guild"); + } + } + + if (body.message_reference) { + if (body.message_reference.channel_id !== channel_id) throw new HTTPError("You can only reference messages from this channel"); + // TODO: should it be checked if the message exists? + } + + const embeds = []; + if (body.embed) embeds.push(body.embed); + + const message: Message = { + id: Snowflake.generate(), + channel_id, + guild_id: channel.guild_id, + author_id: req.user_id, + content: req.body, + timestamp: new Date(), + mention_channels_ids: [], + mention_role_ids: [], + mention_user_ids: [], + attachments: [], + embeds: [], + reactions: [], + type: 0, + }; + + await new MessageModel(message).save(); + + await emitEvent({ event: "MESSAGE_CREATE", channel_id, data: {} } as MessageCreateEvent); +}); diff --git a/src/routes/channels/#channel_id/permissions.ts b/src/routes/channels/#channel_id/permissions.ts new file mode 100644 index 00000000..9a4e81fa --- /dev/null +++ b/src/routes/channels/#channel_id/permissions.ts @@ -0,0 +1,4 @@ +import { Router } from "express"; +const router: Router = Router(); + +export default router; diff --git a/src/routes/channels/#channel_id/pins.ts b/src/routes/channels/#channel_id/pins.ts new file mode 100644 index 00000000..9a4e81fa --- /dev/null +++ b/src/routes/channels/#channel_id/pins.ts @@ -0,0 +1,4 @@ +import { Router } from "express"; +const router: Router = Router(); + +export default router; diff --git a/src/routes/channels/#channel_id/recipients.ts b/src/routes/channels/#channel_id/recipients.ts new file mode 100644 index 00000000..9a4e81fa --- /dev/null +++ b/src/routes/channels/#channel_id/recipients.ts @@ -0,0 +1,4 @@ +import { Router } from "express"; +const router: Router = Router(); + +export default router; diff --git a/src/routes/channels/#channel_id/typing.ts b/src/routes/channels/#channel_id/typing.ts new file mode 100644 index 00000000..9a4e81fa --- /dev/null +++ b/src/routes/channels/#channel_id/typing.ts @@ -0,0 +1,4 @@ +import { Router } from "express"; +const router: Router = Router(); + +export default router; diff --git a/src/routes/channels/#channel_id/webhooks.ts b/src/routes/channels/#channel_id/webhooks.ts new file mode 100644 index 00000000..9a4e81fa --- /dev/null +++ b/src/routes/channels/#channel_id/webhooks.ts @@ -0,0 +1,4 @@ +import { Router } from "express"; +const router: Router = Router(); + +export default router; diff --git a/src/routes/guilds/#id/bans.ts b/src/routes/guilds/#id/bans.ts new file mode 100644 index 00000000..5133ee3c --- /dev/null +++ b/src/routes/guilds/#id/bans.ts @@ -0,0 +1,93 @@ +import { Request, Response, Router } from "express"; +import { BanModel, getPermission, GuildBanAddEvent, GuildBanRemoveEvent, GuildModel } from "fosscord-server-util"; +import { HTTPError } from "lambert-server"; +import { getIpAdress } from "../../../../../middlewares/GlobalRateLimit"; +import { BanCreateSchema } from "../../../../../schema/Ban"; +import { emitEvent } from "../../../../../util/Event"; +import { check } from "../../../../../util/instanceOf"; +import { removeMember } from "../../../../../util/Member"; +import { getPublicUser } from "../../../../../util/User"; + +const router: Router = Router(); + +router.get("/", async (req: Request, res: Response) => { + const guild_id = BigInt(req.params.id); + + const guild = await GuildModel.findOne({ id: guild_id }).exec(); + if (!guild) throw new HTTPError("Guild not found", 404); + + var bans = await BanModel.find({ guild_id: guild_id }).exec(); + return res.json(bans); +}); + +router.get("/:user", async (req: Request, res: Response) => { + const guild_id = BigInt(req.params.id); + const user_id = BigInt(req.params.ban); + + var ban = await BanModel.findOne({ guild_id: guild_id, user_id: user_id }).exec(); + if (!ban) throw new HTTPError("Ban not found", 404); + return res.json(ban); +}); + +router.post("/:user_id", check(BanCreateSchema), async (req: Request, res: Response) => { + const guild_id = BigInt(req.params.id); + const banned_user_id = BigInt(req.params.user_id); + + const banned_user = await getPublicUser(banned_user_id); + const perms = await getPermission(req.user_id, guild_id); + if (!perms.has("BAN_MEMBERS")) throw new HTTPError("You don't have the permission to ban members", 403); + if (req.user_id === banned_user_id) throw new HTTPError("You can't ban yourself", 400); + + await removeMember(banned_user_id, guild_id); + + const ban = await new BanModel({ + user_id: banned_user_id, + guild_id: guild_id, + ip: getIpAdress(req), + executor_id: req.user_id, + reason: req.body.reason, // || otherwise empty + }).save(); + + await emitEvent({ + event: "GUILD_BAN_ADD", + data: { + guild_id: guild_id, + user: banned_user, + }, + guild_id: guild_id, + } as GuildBanAddEvent); + + return res.json(ban).send(); +}); + +router.delete("/:user_id", async (req: Request, res: Response) => { + var guild_id = BigInt(req.params.id); + var banned_user_id = BigInt(req.params.user_id); + + const banned_user = await getPublicUser(banned_user_id); + const guild = await GuildModel.findOne({ id: guild_id }, { id: true }).exec(); + if (!guild) throw new HTTPError("Guild not found", 404); + + const perms = await getPermission(req.user_id, guild.id); + if (!perms.has("BAN_MEMBERS")) { + throw new HTTPError("No permissions", 403); + } + + await BanModel.deleteOne({ + user_id: banned_user_id, + guild_id: guild.id, + }).exec(); + + await emitEvent({ + event: "GUILD_BAN_REMOVE", + data: { + guild_id: guild.id, + user: banned_user, + }, + guild_id: guild.id, + } as GuildBanRemoveEvent); + + return res.status(204).send(); +}); + +export default router; diff --git a/src/routes/guilds/#id/channels.ts b/src/routes/guilds/#id/channels.ts new file mode 100644 index 00000000..1316a2ca --- /dev/null +++ b/src/routes/guilds/#id/channels.ts @@ -0,0 +1,51 @@ +import { Router } from "express"; +import { ChannelModel, ChannelType, GuildModel, Snowflake } from "fosscord-server-util"; +import { HTTPError } from "lambert-server"; +import { ChannelModifySchema } from "../../../../../schema/Channel"; +import { check } from "../../../../../util/instanceOf"; +const router = Router(); + +router.get("/", async (req, res) => { + const guild_id = BigInt(req.params.id); + const channels = await ChannelModel.find({ guild_id }).exec(); + + res.json(channels); +}); + +router.post("/", check(ChannelModifySchema), async (req, res) => { + const guild_id = BigInt(req.params.id); + const body = req.body as ChannelModifySchema; + if (!body.permission_overwrites) body.permission_overwrites = []; + if (!body.topic) body.topic = ""; + if (!body.rate_limit_per_user) body.rate_limit_per_user = 0; + switch (body.type) { + case ChannelType.DM: + case ChannelType.GROUP_DM: + throw new HTTPError("You can't create a dm channel in a guild"); + // TODO: + case ChannelType.GUILD_STORE: + throw new HTTPError("Not yet supported"); + case ChannelType.GUILD_NEWS: + // TODO: check if guild is community server + } + + if (body.parent_id) { + const exists = ChannelModel.findOne({ channel_id: body.parent_id }).exec(); + if (!exists) throw new HTTPError("Parent id channel doesn't exist", 400); + } + + const guild = await GuildModel.findOne({ id: guild_id }, { id: true }).exec(); + if (!guild) throw new HTTPError("Guild not found", 4040); + + const channel = { + ...body, + id: Snowflake.generate(), + created_at: new Date(), + guild_id, + }; + await new ChannelModel(channel).save(); + + res.json(channel); +}); + +export default router; diff --git a/src/routes/guilds/#id/index.ts b/src/routes/guilds/#id/index.ts new file mode 100644 index 00000000..e86d9416 --- /dev/null +++ b/src/routes/guilds/#id/index.ts @@ -0,0 +1,73 @@ +import { Request, Response, Router } from "express"; +import { + ChannelModel, + EmojiModel, + getPermission, + GuildDeleteEvent, + GuildModel, + InviteModel, + MemberModel, + MessageModel, + RoleModel, + UserModel, +} from "fosscord-server-util"; +import { HTTPError } from "lambert-server"; +import { GuildUpdateSchema } from "../../../../../schema/Guild"; +import { emitEvent } from "../../../../../util/Event"; +import { check } from "../../../../../util/instanceOf"; + +const router = Router(); + +router.get("/", async (req: Request, res: Response) => { + const guild_id = BigInt(req.params.id); + + const guild = await GuildModel.findOne({ id: guild_id }).exec(); + if (!guild) throw new HTTPError("Guild does not exist", 404); + + const member = await MemberModel.findOne({ guild_id: guild_id, id: req.user_id }, "id").exec(); + if (!member) throw new HTTPError("You are not a member of the guild you are trying to access", 401); + + return res.json(guild); +}); + +router.patch("/", check(GuildUpdateSchema), async (req: Request, res: Response) => { + const body = req.body as GuildUpdateSchema; + const guild_id = BigInt(req.params.id); + + const guild = await GuildModel.findOne({ id: guild_id }).exec(); + if (!guild) throw new HTTPError("This guild does not exist", 404); + + const perms = await getPermission(req.user_id, guild_id); + if (!perms.has("MANAGE_GUILD")) throw new HTTPError("You do not have the MANAGE_GUILD permission", 401); + + await GuildModel.updateOne({ id: guild_id }, body).exec(); + return res.status(204); +}); + +router.delete("/", async (req: Request, res: Response) => { + var guild_id = BigInt(req.params.id); + + const guild = await GuildModel.findOne({ id: guild_id }, "owner_id").exec(); + if (!guild) throw new HTTPError("This guild does not exist", 404); + if (guild.owner_id !== req.user_id) throw new HTTPError("You are not the owner of this guild", 401); + + await emitEvent({ + event: "GUILD_DELETE", + data: { + id: guild_id, + }, + guild_id: guild_id, + } as GuildDeleteEvent); + + await GuildModel.deleteOne({ id: guild_id }).exec(); + await UserModel.updateMany({ guilds: guild_id }, { $pull: { guilds: guild_id } }).exec(); + await RoleModel.deleteMany({ guild_id }).exec(); + await ChannelModel.deleteMany({ guild_id }).exec(); + await EmojiModel.deleteMany({ guild_id }).exec(); + await InviteModel.deleteMany({ guild_id }).exec(); + await MessageModel.deleteMany({ guild_id }).exec(); + + return res.status(204).send(); +}); + +export default router; diff --git a/src/routes/guilds/#id/members.ts b/src/routes/guilds/#id/members.ts new file mode 100644 index 00000000..0aed61ae --- /dev/null +++ b/src/routes/guilds/#id/members.ts @@ -0,0 +1,54 @@ +import { Request, Response, Router } from "express"; +import { GuildModel, MemberModel } from "fosscord-server-util"; +import { HTTPError } from "lambert-server"; +import { instanceOf, Length } from "../../../../../util/instanceOf"; +import { PublicMemberProjection } from "../../../../../util/Member"; +import { PublicUserProjection } from "../../../../../util/User"; + +const router = Router(); + +// TODO: not allowed for user -> only allowed for bots with privileged intents +// TODO: send over websocket +router.get("/", async (req: Request, res: Response) => { + const guild_id = BigInt(req.params.id); + const guild = await GuildModel.findOne({ id: guild_id }).exec(); + if (!guild) throw new HTTPError("Guild not found", 404); + + try { + instanceOf({ $limit: new Length(Number, 1, 1000), $after: BigInt }, req.query, { + path: "query", + req, + ref: { obj: null, key: "" }, + }); + } catch (error) { + return res.status(400).json({ code: 50035, message: "Invalid Query", success: false, errors: error }); + } + + // @ts-ignore + if (!req.query.limit) req.query.limit = 1; + const { limit, after } = (req.query) as { limit: number; after: bigint }; + const query = after ? { id: { $gt: after } } : {}; + + var members = await MemberModel.find({ guild_id, ...query }, PublicMemberProjection) + .limit(limit) + .populate({ path: "user", select: PublicUserProjection }) + .exec(); + + return res.json(members); +}); + +router.get("/:member", async (req: Request, res: Response) => { + const guild_id = BigInt(req.params.id); + const user_id = BigInt(req.params.member); + + const member = await MemberModel.findOne({ id: user_id, guild_id }).populate({ path: "user", select: PublicUserProjection }).exec(); + if (!member) throw new HTTPError("Member not found", 404); + + return res.json(member); +}); + +router.put("/:member", async (req: Request, res: Response) => { + // https://discord.com/developers/docs/resources/guild#add-guild-member +}); + +export default router; diff --git a/src/routes/guilds/index.ts b/src/routes/guilds/index.ts new file mode 100644 index 00000000..319184ad --- /dev/null +++ b/src/routes/guilds/index.ts @@ -0,0 +1,81 @@ +import { Router, Request, Response } from "express"; +import { RoleModel, GuildModel, Snowflake, Guild } from "fosscord-server-util"; +import { HTTPError } from "lambert-server"; +import { check } from "./../../../../util/instanceOf"; +import { GuildCreateSchema } from "../../../../schema/Guild"; +import Config from "../../../../util/Config"; +import { getPublicUser } from "../../../../util/User"; +import { addMember } from "../../../../util/Member"; + +const router: Router = Router(); + +router.post("/", check(GuildCreateSchema), async (req: Request, res: Response) => { + const body = req.body as GuildCreateSchema; + + const { maxGuilds } = Config.get().limits.user; + const user = await getPublicUser(req.user_id, { guilds: true }); + + if (user.guilds.length >= maxGuilds) { + throw new HTTPError(`Maximum number of guilds reached ${maxGuilds}`, 403); + } + + const guild_id = Snowflake.generate(); + const guild: Guild = { + name: body.name, + region: body.region || "en-US", + owner_id: req.user_id, + icon: undefined, + afk_channel_id: undefined, + afk_timeout: 300, + application_id: undefined, + banner: undefined, + default_message_notifications: undefined, + description: undefined, + splash: undefined, + discovery_splash: undefined, + explicit_content_filter: undefined, + features: [], + id: guild_id, + large: undefined, + max_members: 250000, + max_presences: 250000, + max_video_channel_users: 25, + presence_count: 0, + member_count: 0, // will automatically be increased by addMember() + mfa_level: 0, + preferred_locale: "en-US", + premium_subscription_count: 0, + premium_tier: 0, + public_updates_channel_id: undefined, + rules_channel_id: undefined, + system_channel_flags: undefined, + system_channel_id: undefined, + unavailable: false, + vanity_url_code: undefined, + verification_level: undefined, + welcome_screen: [], + widget_channel_id: undefined, + widget_enabled: false, + }; + + await Promise.all([ + new GuildModel(guild).save(), + new RoleModel({ + id: guild_id, + guild_id: guild_id, + color: 0, + hoist: false, + managed: true, + mentionable: true, + name: "@everyone", + permissions: 2251804225n, + position: 0, + tags: null, + }).save(), + ]); + await addMember(req.user_id, guild_id, { guild }); + + res.status(201).json({ id: guild.id }); +}); + +export default router; diff --git a/src/routes/guilds/templates/index.ts b/src/routes/guilds/templates/index.ts new file mode 100644 index 00000000..9a4e81fa --- /dev/null +++ b/src/routes/guilds/templates/index.ts @@ -0,0 +1,4 @@ +import { Router } from "express"; +const router: Router = Router(); + +export default router; diff --git a/src/routes/invites/index.ts b/src/routes/invites/index.ts new file mode 100644 index 00000000..9a4e81fa --- /dev/null +++ b/src/routes/invites/index.ts @@ -0,0 +1,4 @@ +import { Router } from "express"; +const router: Router = Router(); + +export default router; diff --git a/src/routes/test.ts b/src/routes/test.ts deleted file mode 100644 index b488d6e4..00000000 --- a/src/routes/test.ts +++ /dev/null @@ -1,14 +0,0 @@ -import { Router } from "express"; -import { getPermission, MemberModel, db } from "fosscord-server-util"; -import { Types } from "mongoose"; -const router: Router = Router(); - -router.get("/", async (req, res) => { - // @ts-ignore - const perm = await getPermission(813185668657184768n, 813189959920910336n); - console.log(perm); - if (perm.has("ADD_REACTIONS")) console.log("add"); - res.send("OK"); -}); - -export default router; diff --git a/src/routes/users/@me/guilds.ts b/src/routes/users/@me/guilds.ts new file mode 100644 index 00000000..a2a64ce6 --- /dev/null +++ b/src/routes/users/@me/guilds.ts @@ -0,0 +1,50 @@ +import { Router, Request, Response } from "express"; +import { GuildModel, MemberModel, UserModel, GuildDeleteEvent, GuildMemberRemoveEvent } from "fosscord-server-util"; +import { HTTPError } from "lambert-server"; +import { emitEvent } from "../../../../../util/Event"; +import { getPublicUser } from "../../../../../util/User"; + +const router: Router = Router(); + +router.get("/", async (req: Request, res: Response) => { + const user = await UserModel.findOne({ id: req.user_id }, { guilds: true }).exec(); + if (!user) throw new HTTPError("User not found", 404); + + var guildIDs = user.guilds || []; + var guild = await GuildModel.find({ id: { $in: guildIDs } }).exec(); + res.json(guild); +}); + +// user send to leave a certain guild +router.delete("/:id", async (req: Request, res: Response) => { + const guildID = BigInt(req.params.id); + const guild = await GuildModel.findOne({ id: guildID }).exec(); + + if (!guild) throw new HTTPError("Guild doesn't exist", 404); + if (guild.owner_id === req.user_id) throw new HTTPError("You can't leave your own guild", 400); + + await MemberModel.deleteOne({ id: req.user_id, guild_id: guildID }).exec(); + await UserModel.updateOne({ id: req.user_id }, { $pull: { guilds: guildID } }).exec(); + const user = await getPublicUser(req.user_id); + + await emitEvent({ + event: "GUILD_DELETE", + data: { + id: guildID, + }, + user_id: req.user_id, + } as GuildDeleteEvent); + + await emitEvent({ + event: "GUILD_MEMBER_REMOVE", + data: { + guild_id: guildID, + user: user, + }, + guild_id: guildID, + } as GuildMemberRemoveEvent); + + return res.status(204).send(); +}); + +export default router; diff --git a/src/routes/users/@me/index.ts b/src/routes/users/@me/index.ts new file mode 100644 index 00000000..32877dcc --- /dev/null +++ b/src/routes/users/@me/index.ts @@ -0,0 +1,15 @@ +import { Router, Request, Response } from "express"; +import { UserModel } from "fosscord-server-util"; +import { HTTPError } from "lambert-server"; + +const router: Router = Router(); + +router.get("/", async (req: Request, res: Response) => { + // TODO: user projection + const user = await UserModel.findOne({ id: req.user_id }).exec(); + if (!user) throw new HTTPError("User not found", 404); + + res.json(user); +}); + +export default router; -- cgit 1.5.1