🎨 clean up permission checks to use .hasThrow()

2021-04-23 00:15:38 +02:00 · 2021-04-23 00:15:38 +02:00 · 3e6d1103bc
commit 3e6d1103bc
parent 696ef6278a
12 changed files with 38 additions and 27 deletions
--- a/package-lock.json
+++ b/package-lock.json
@ -10,7 +10,7 @@
 			"hasInstallScript": true,
 			"license": "ISC",
 			"dependencies": {
-				"@fosscord/server-util": "^1.0.2",
+				"@fosscord/server-util": "^1.0.3",
 				"@types/jest": "^26.0.22",
 				"bcrypt": "^5.0.0",
 				"body-parser": "^1.19.0",
@ -581,9 +581,9 @@
 			}
 		},
 		"node_modules/@fosscord/server-util": {
-			"version": "1.0.2",
-			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.2.tgz",
-			"integrity": "sha512-X4l+lzG4nnNsM63bfjQenPkWOQBiPn40iqoSH+vZGw1dBUs25U8Vd4XpDoi/mkOTPiKXIM2fRkhGvTFyEn9l4g==",
+			"version": "1.0.3",
+			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.3.tgz",
+			"integrity": "sha512-sDZIU1ROu9SwThrwxcIUBw/YY9nB/Uselkgufanx6tdDJ0YTgWzviP7C4l1QweZ/fJdSNBNj1rNipDeY3/r7qA==",
 			"dependencies": {
 				"@types/jsonwebtoken": "^8.5.0",
 				"@types/mongoose-autopopulate": "^0.10.1",
@ -12563,9 +12563,9 @@
 			}
 		},
 		"@fosscord/server-util": {
-			"version": "1.0.2",
-			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.2.tgz",
-			"integrity": "sha512-X4l+lzG4nnNsM63bfjQenPkWOQBiPn40iqoSH+vZGw1dBUs25U8Vd4XpDoi/mkOTPiKXIM2fRkhGvTFyEn9l4g==",
+			"version": "1.0.3",
+			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.3.tgz",
+			"integrity": "sha512-sDZIU1ROu9SwThrwxcIUBw/YY9nB/Uselkgufanx6tdDJ0YTgWzviP7C4l1QweZ/fJdSNBNj1rNipDeY3/r7qA==",
 			"requires": {
 				"@types/jsonwebtoken": "^8.5.0",
 				"@types/mongoose-autopopulate": "^0.10.1",
--- a/package.json
+++ b/package.json
@ -30,7 +30,7 @@
 	},
 	"homepage": "https://github.com/fosscord/fosscord-api#readme",
 	"dependencies": {
-		"@fosscord/server-util": "^1.0.2",
+		"@fosscord/server-util": "^1.0.3",
 		"@types/jest": "^26.0.22",
 		"bcrypt": "^5.0.0",
 		"body-parser": "^1.19.0",
--- a/src/routes/channels/#channel_id/followers.ts
+++ b/src/routes/channels/#channel_id/followers.ts
@ -2,3 +2,12 @@ import { Router } from "express";
 const router: Router = Router();

 export default router;
+
+/**
+ *
+ * @param {"webhook_channel_id":"754001514330062952"}
+ *
+ * Creates a WebHook in the channel and returns the id of it
+ *
+ * @returns {"channel_id": "816382962056560690", "webhook_id": "834910735095037962"}
+ */
--- a/src/routes/channels/#channel_id/invites.ts
+++ b/src/routes/channels/#channel_id/invites.ts
@ -22,10 +22,7 @@ router.post("/", check(InviteCreateSchema), async (req: Request, res: Response)
 	const { guild_id } = channel;

 	const permission = await getPermission(user_id, guild_id);
-
-	if (!permission.has("CREATE_INSTANT_INVITE")) {
-		throw new HTTPError("You aren't authorised to access this endpoint", 401);
-	}
+	permission.hasThrow("CREATE_INSTANT_INVITE");

 	const invite = {
 		code: random(),
@ -55,10 +52,7 @@ router.get("/", async (req: Request, res: Response) => {
 	}
 	const { guild_id } = channel;
 	const permission = await getPermission(user_id, guild_id);
-
-	if (!permission.has("MANAGE_CHANNELS")) {
-		throw new HTTPError("You aren't authorised to access this endpoint", 401);
-	}
+	permission.hasThrow("MANAGE_CHANNELS");

 	const invites = await InviteModel.find({ guild_id }).exec();

--- a/src/routes/channels/#channel_id/messages/:message_id/crosspost.ts
+++ b/src/routes/channels/#channel_id/messages/:message_id/crosspost.ts
@ -0,0 +1,8 @@
+import { Router } from "express";
+
+const router = Router();
+
+// TODO:
+// router.post("/", (req, res) => {});
+
+export default router;
--- a/src/routes/channels/#channel_id/messages/:message_id/index.ts
+++ b/src/routes/channels/#channel_id/messages/:message_id/index.ts
--- a/src/routes/channels/#channel_id/messages/:message_id/reactions.ts
+++ b/src/routes/channels/#channel_id/messages/:message_id/reactions.ts
--- a/src/routes/channels/#channel_id/messages/bulk-delete.ts
+++ b/src/routes/channels/#channel_id/messages/bulk-delete.ts
@ -18,7 +18,7 @@ router.post("/", check({ messages: [String] }), async (req, res) => {
 	if (!channel?.guild_id) throw new HTTPError("Can't bulk delete dm channel messages", 400);

 	const permission = await getPermission(req.user_id, channel?.guild_id, channel_id, { channel });
-	if (!permission.has("MANAGE_MESSAGES")) throw new HTTPError("You are missing the MANAGE_MESSAGES permissions");
+	permission.hasThrow("MANAGE_MESSAGES");

 	const { maxBulkDelete } = Config.get().limits.message;

--- a/src/routes/channels/#channel_id/messages/index.ts
+++ b/src/routes/channels/#channel_id/messages/index.ts
@ -62,7 +62,8 @@ router.get("/", async (req, res) => {

 	if (channel.guild_id) {
 		const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel });
-		if (!permissions.has("VIEW_CHANNEL")) throw new HTTPError("You don't have permission to view this channel", 401);
+		permissions.hasThrow("VIEW_CHANNEL");
+
 		if (!permissions.has("READ_MESSAGE_HISTORY")) return res.json([]);
 	} else if (channel.recipients) {
 		// group/dm channel
@ -106,11 +107,10 @@ router.post("/", check(MessageCreateSchema), async (req, res) => {

 	if (channel.guild_id) {
 		const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel });
-		if (!permissions.has("SEND_MESSAGES")) throw new HTTPError("You don't have the SEND_MESSAGES permission");
-		if (body.tts && !permissions.has("SEND_TTS_MESSAGES")) throw new HTTPError("You are missing the SEND_TTS_MESSAGES permission");
+		permissions.hasThrow("SEND_MESSAGES");
+		if (body.tts) permissions.hasThrow("SEND_TTS_MESSAGES");
 		if (body.message_reference) {
-			if (!permissions.has("READ_MESSAGE_HISTORY"))
-				throw new HTTPError("You are missing the READ_MESSAGE_HISTORY permission to reply");
+			permissions.hasThrow("READ_MESSAGE_HISTORY");
 			if (body.message_reference.guild_id !== channel.guild_id)
 				throw new HTTPError("You can only reference messages from this guild");
 		}
--- a/src/routes/channels/#channel_id/webhooks.ts
+++ b/src/routes/channels/#channel_id/webhooks.ts
@ -1,4 +1,6 @@
 import { Router } from "express";
 const router: Router = Router();

+router.post("/", (req, res) => {});
+
 export default router;
--- a/src/routes/guilds/#guild_id/bans.ts
+++ b/src/routes/guilds/#guild_id/bans.ts
@ -35,7 +35,7 @@ router.post("/:user_id", check(BanCreateSchema), async (req: Request, res: Respo

 	const banned_user = await getPublicUser(banned_user_id);
 	const perms = await getPermission(req.user_id, guild_id);
-	if (!perms.has("BAN_MEMBERS")) throw new HTTPError("You don't have the permission to ban members", 403);
+	perms.hasThrow("BAN_MEMBERS");
 	if (req.user_id === banned_user_id) throw new HTTPError("You can't ban yourself", 400);

 	await removeMember(banned_user_id, guild_id);
@ -69,9 +69,7 @@ router.delete("/:user_id", async (req: Request, res: Response) => {
 	if (!guild) throw new HTTPError("Guild not found", 404);

 	const perms = await getPermission(req.user_id, guild_id);
-	if (!perms.has("BAN_MEMBERS")) {
-		throw new HTTPError("No permissions", 403);
-	}
+	perms.hasThrow("BAN_MEMBERS");

 	await BanModel.deleteOne({
 		user_id: banned_user_id,
--- a/src/routes/guilds/#guild_id/index.ts
+++ b/src/routes/guilds/#guild_id/index.ts
@ -41,7 +41,7 @@ router.patch("/", check(GuildUpdateSchema), async (req: Request, res: Response)
 	// TODO: guild update check image

 	const perms = await getPermission(req.user_id, guild_id);
-	if (!perms.has("MANAGE_GUILD")) throw new HTTPError("You do not have the MANAGE_GUILD permission", 401);
+	perms.hasThrow("MANAGE_GUILD");

 	const guild = await GuildModel.findOneAndUpdate({ id: guild_id }, body)
 		.populate({ path: "joined_at", match: { id: req.user_id } })