🎨 refactor to use easier permission api

2021-04-27 07:04:01 +02:00 · 2021-04-27 07:04:01 +02:00 · 0eb6c994ae
commit 0eb6c994ae
parent d153bca88f
4 changed files with 43 additions and 51 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -10,7 +10,7 @@
 			"hasInstallScript": true,
 			"license": "ISC",
 			"dependencies": {
-				"@fosscord/server-util": "^1.0.7",
+				"@fosscord/server-util": "^1.0.8",
 				"@types/jest": "^26.0.22",
 				"bcrypt": "^5.0.0",
 				"body-parser": "^1.19.0",
@ -529,9 +529,9 @@
 			}
 		},
 		"node_modules/@fosscord/server-util": {
-			"version": "1.0.7",
+			"version": "1.0.8",
-			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.7.tgz",
+			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.8.tgz",
-			"integrity": "sha512-3vBPCt+lwMS7wk+iRvv+V8qBSnEdNifpPxX97Lfjje/TSWI17Kg29y3BmcGJRC5TwIHTLFtgpNLmZmruhv7ziQ==",
+			"integrity": "sha512-VfdjodBIdDZMyOJ8gZ4LmCQ7aENuPfcOUq2Vs8JOTwF2pYO/Z2yTsJcgZHLLqpMkhikBs8hW2XePEsxNNq3VwQ==",
 			"dependencies": {
 				"@types/jsonwebtoken": "^8.5.0",
 				"@types/mongoose-autopopulate": "^0.10.1",
@ -12688,9 +12688,9 @@
 			}
 		},
 		"@fosscord/server-util": {
-			"version": "1.0.7",
+			"version": "1.0.8",
-			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.7.tgz",
+			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.8.tgz",
-			"integrity": "sha512-3vBPCt+lwMS7wk+iRvv+V8qBSnEdNifpPxX97Lfjje/TSWI17Kg29y3BmcGJRC5TwIHTLFtgpNLmZmruhv7ziQ==",
+			"integrity": "sha512-VfdjodBIdDZMyOJ8gZ4LmCQ7aENuPfcOUq2Vs8JOTwF2pYO/Z2yTsJcgZHLLqpMkhikBs8hW2XePEsxNNq3VwQ==",
 			"requires": {
 				"@types/jsonwebtoken": "^8.5.0",
 				"@types/mongoose-autopopulate": "^0.10.1",
--- a/package.json
+++ b/package.json
@ -31,7 +31,7 @@
 	},
 	"homepage": "https://github.com/fosscord/fosscord-api#readme",
 	"dependencies": {
-		"@fosscord/server-util": "^1.0.7",
+		"@fosscord/server-util": "^1.0.8",
 		"@types/jest": "^26.0.22",
 		"bcrypt": "^5.0.0",
 		"body-parser": "^1.19.0",
--- a/src/routes/channels/#channel_id/messages/index.ts
+++ b/src/routes/channels/#channel_id/messages/index.ts
@ -57,18 +57,9 @@ router.get("/", async (req, res) => {
 	if (!limit) limit = 50;
 	var halfLimit = Math.floor(limit / 2);
 	if ([ChannelType.GUILD_VOICE, ChannelType.GUILD_CATEGORY, ChannelType.GUILD_STORE].includes(channel.type))
 		throw new HTTPError("Not a text channel");
 	if (channel.guild_id) {
 	const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel });
 	permissions.hasThrow("VIEW_CHANNEL");
 	if (!permissions.has("READ_MESSAGE_HISTORY")) return res.json([]);
 	} else if (channel.recipients) {
 		// group/dm channel
 		if (!channel.recipients.includes(req.user_id)) throw new HTTPError("You don't have permission to view this channel", 401);
 	}
 	var query: Query<MessageDocument[], MessageDocument>;
 	if (after) query = MessageModel.find({ channel_id, id: { $gt: after } });
@ -105,15 +96,12 @@ router.post("/", check(MessageCreateSchema), async (req, res) => {
 	if (!channel) throw new HTTPError("Channel not found", 404);
 	// TODO: are tts messages allowed in dm channels? should permission be checked?
 	if (channel.guild_id) {
 	const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel });
 	permissions.hasThrow("SEND_MESSAGES");
 	if (body.tts) permissions.hasThrow("SEND_TTS_MESSAGES");
 	if (body.message_reference) {
 		permissions.hasThrow("READ_MESSAGE_HISTORY");
-			if (body.message_reference.guild_id !== channel.guild_id)
+		if (body.message_reference.guild_id !== channel.guild_id) throw new HTTPError("You can only reference messages from this guild");
 				throw new HTTPError("You can only reference messages from this guild");
 		}
 	}
 	if (body.message_reference) {
@ -124,7 +112,7 @@ router.post("/", check(MessageCreateSchema), async (req, res) => {
 	const embeds = [];
 	if (body.embed) embeds.push(body.embed);
-	// TODO: check and put all in body in it
+	// TODO: check and put it all in the body
 	const message: Message = {
 		id: Snowflake.generate(),
 		channel_id,
@ -144,8 +132,7 @@ router.post("/", check(MessageCreateSchema), async (req, res) => {
 		pinned: false,
 	};
-	const doc = await new MessageModel(message).populate({ path: "member", select: PublicMemberProjection }).save();
+	const data = toObject(await new MessageModel(message).populate({ path: "member", select: PublicMemberProjection }).save());
 	const data = toObject(doc);
 	await emitEvent({ event: "MESSAGE_CREATE", channel_id, data, guild_id: channel.guild_id } as MessageCreateEvent);
--- a/src/routes/channels/#channel_id/pins.ts
+++ b/src/routes/channels/#channel_id/pins.ts
@ -1,37 +1,42 @@
 import { ChannelModel, getPermission, MessageModel, toObject } from "@fosscord/server-util";
 import { Router, Request, Response } from "express";
-import Config from "../../../util/Config"
+import Config from "../../../util/Config";
 import { HTTPError } from "lambert-server";
 const router: Router = Router();
 // TODO: auto throw error if findOne doesn't find anything
 router.put("/:message_id", async (req: Request, res: Response) => {
 	const { channel_id, message_id } = req.params;
-    const channel = await ChannelModel.findOne({ id: channel_id }).exec()
+	const channel = await ChannelModel.findOne({ id: channel_id }).exec();
-    if (!channel) throw new HTTPError("Channel not found", 404)
+	if (!channel) throw new HTTPError("Channel not found", 404);
-    const permission = await getPermission(req.user_id, channel.guild_id, channel_id)
+	const permission = await getPermission(req.user_id, channel.guild_id, channel_id);
-    permission.hasThrow("VIEW_CHANNEL")
+	permission.hasThrow("VIEW_CHANNEL");
    permission.hasThrow("MANAGE_MESSAGES")
-    const pinned_count = await MessageModel.count({ channel_id, pinned: true }).exec()
+	// * in dm channels anyone can pin messages -> only check for guilds
-    const { maxPins } = Config.get().limits.channel
+	if (channel.guild_id) permission.hasThrow("MANAGE_MESSAGES");
    if (pinned_count >= maxPins) throw new HTTPError("Max pin count reached: " + maxPins)
-    await MessageModel.updateOne({ id: message_id }, { pinned: true }).exec()
+	const pinned_count = await MessageModel.count({ channel_id, pinned: true }).exec();
 	const { maxPins } = Config.get().limits.channel;
 	if (pinned_count >= maxPins) throw new HTTPError("Max pin count reached: " + maxPins);
-    res.sendStatus(204)
+	await MessageModel.updateOne({ id: message_id }, { pinned: true }).exec();
 	res.sendStatus(204);
 });
 router.get("/", async (req: Request, res: Response) => {
 	const { channel_id } = req.params;
-    const channel = await ChannelModel.findOne({ id: channel_id }).exec()
+	const channel = await ChannelModel.findOne({ id: channel_id }).exec();
-    if (!channel) throw new HTTPError("Channel not found", 404)
+	if (!channel) throw new HTTPError("Channel not found", 404);
-    const permission = await getPermission(req.user_id, channel.guild_id, channel_id)
+	const permission = await getPermission(req.user_id, channel.guild_id, channel_id);
-    permission.hasThrow("VIEW_CHANNEL")
+	permission.hasThrow("VIEW_CHANNEL");
-    let pins = await MessageModel.find({ channel_id: channel_id, pinned: true }).exec()
+	let pins = await MessageModel.find({ channel_id: channel_id, pinned: true }).exec();
-    res.send(toObject(pins))
+	res.send(toObject(pins));
 });
 export default router;