Merge branch 'fix/sanitisation' into slowcord

2022-04-23 01:47:51 +10:00 · 2022-04-23 01:47:51 +10:00 · 2a32a481d2
commit 2a32a481d2
parent dc2c104b25 2846e970b4
6 changed files with 12535 additions and 3 deletions
--- a/api/assets/schemas.json
+++ b/api/assets/schemas.json
--- a/api/scripts/generate_schema.js
+++ b/api/scripts/generate_schema.js
@ -31,7 +31,6 @@ const Excluded = [
 ];

 function modify(obj) {
-	delete obj.additionalProperties;
 	for (var k in obj) {
 		if (typeof obj[k] === "object" && obj[k] !== null) {
 			modify(obj[k]);
--- a/api/src/routes/channels/#channel_id/messages/index.ts
+++ b/api/src/routes/channels/#channel_id/messages/index.ts
@ -183,6 +183,9 @@ router.post(
 			}
 		}
 		const channel = await Channel.findOneOrFail({ where: { id: channel_id }, relations: ["recipients", "recipients.user"] });
+		if (!channel.isWritable()) {
+			throw new HTTPError(`Cannot send messages to channel of type ${channel.type}`, 400)
+		}

 		const embeds = body.embeds || [];
 		if (body.embed) embeds.push(body.embed);
@ -220,6 +223,8 @@ router.post(
 				})
 			);
 		}
+
+
 	
 		//Fix for the client bug
 		delete message.member
--- a/api/src/routes/users/@me/index.ts
+++ b/api/src/routes/users/@me/index.ts
@ -53,8 +53,6 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res:
 			throw FieldErrors({ email: { message: req.t("auth:register.EMAIL_INVALID"), code: "EMAIL_INVALID" } });
 	}

-	user.assign(body);
-
 	if (body.new_password) {
 		if (!body.password && !user.email) {
 			throw FieldErrors({
@ -73,6 +71,7 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res:
        }
    }

+	user.assign(body);
 	await user.save();

 	// @ts-ignore
--- a/util/src/entities/Channel.ts
+++ b/util/src/entities/Channel.ts
@ -352,6 +352,17 @@ export class Channel extends BaseClass {
 	isDm() {
 		return this.type === ChannelType.DM || this.type === ChannelType.GROUP_DM;
 	}
+
+	// Does the channel support sending messages ( eg categories do not )
+	isWritable() {
+		const disallowedChannelTypes = [
+			ChannelType.GUILD_CATEGORY,
+			ChannelType.GUILD_VOICE,		// TODO: Remove this when clients can send messages to voice channels on discord.com
+			ChannelType.GUILD_STAGE_VOICE,
+			ChannelType.VOICELESS_WHITEBOARD,
+		];
+		return disallowedChannelTypes.indexOf(this.type) == -1;
+	}
 }

 export interface ChannelPermissionOverwrite {
--- a/util/src/entities/UserGroup.ts
+++ b/util/src/entities/UserGroup.ts
@ -0,0 +1,37 @@
+import { Column, Entity, JoinColumn, ManyToOne, RelationId } from "typeorm";
+
+import { BaseClass } from "./BaseClass";
+import { Guild } from "./Guild";
+import { User } from "./User";
+
+@Entity("groups")
+export class UserGroup extends BaseClass {
+	@Column()
+	color: number;
+
+	@Column()
+	hoist: boolean;
+	
+	@JoinColumn({ name: "controller", referencedColumnName: "id" })
+	@ManyToOne(() => User)
+	controller?: User;
+	 
+	@Column()
+	mentionable_by?: string;
+
+	@Column()
+	name: string;
+
+	@Column()
+	rights: string;
+
+	@Column({ nullable: true })
+	icon: string;
+	
+	@Column({ nullable: true })
+	parent?: string;
+	
+	@Column({ type: "simple-array", nullable: true})
+	associciations: string[];
+
+}