Dekescordes/spacebar
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

🎨 clean up permission checks to use .hasThrow()

Browse Source
This commit is contained in:
Flam3rboy 2021-04-23 00:15:38 +02:00
parent 696ef6278a
commit 3e6d1103bc
12 changed files with 38 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
package-lock.json generated
View File

@ -10,7 +10,7 @@
"hasInstallScript": true, "hasInstallScript": true,
"license": "ISC", "license": "ISC",
"dependencies": { "dependencies": {
"@fosscord/server-util": "^1.0.2", "@fosscord/server-util": "^1.0.3",
"@types/jest": "^26.0.22", "@types/jest": "^26.0.22",
"bcrypt": "^5.0.0", "bcrypt": "^5.0.0",
"body-parser": "^1.19.0", "body-parser": "^1.19.0",
@ -581,9 +581,9 @@
} }
}, },
"node_modules/@fosscord/server-util": { "node_modules/@fosscord/server-util": {
"version": "1.0.2", "version": "1.0.3",
"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.2.tgz", "resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.3.tgz",
"integrity": "sha512-X4l+lzG4nnNsM63bfjQenPkWOQBiPn40iqoSH+vZGw1dBUs25U8Vd4XpDoi/mkOTPiKXIM2fRkhGvTFyEn9l4g==", "integrity": "sha512-sDZIU1ROu9SwThrwxcIUBw/YY9nB/Uselkgufanx6tdDJ0YTgWzviP7C4l1QweZ/fJdSNBNj1rNipDeY3/r7qA==",
"dependencies": { "dependencies": {
"@types/jsonwebtoken": "^8.5.0", "@types/jsonwebtoken": "^8.5.0",
"@types/mongoose-autopopulate": "^0.10.1", "@types/mongoose-autopopulate": "^0.10.1",
@ -12563,9 +12563,9 @@
} }
}, },
"@fosscord/server-util": { "@fosscord/server-util": {
"version": "1.0.2", "version": "1.0.3",
"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.2.tgz", "resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.0.3.tgz",
"integrity": "sha512-X4l+lzG4nnNsM63bfjQenPkWOQBiPn40iqoSH+vZGw1dBUs25U8Vd4XpDoi/mkOTPiKXIM2fRkhGvTFyEn9l4g==", "integrity": "sha512-sDZIU1ROu9SwThrwxcIUBw/YY9nB/Uselkgufanx6tdDJ0YTgWzviP7C4l1QweZ/fJdSNBNj1rNipDeY3/r7qA==",
"requires": { "requires": {
"@types/jsonwebtoken": "^8.5.0", "@types/jsonwebtoken": "^8.5.0",
"@types/mongoose-autopopulate": "^0.10.1", "@types/mongoose-autopopulate": "^0.10.1",

2
package.json
View File

@ -30,7 +30,7 @@
}, },
"homepage": "https://github.com/fosscord/fosscord-api#readme", "homepage": "https://github.com/fosscord/fosscord-api#readme",
"dependencies": { "dependencies": {
"@fosscord/server-util": "^1.0.2", "@fosscord/server-util": "^1.0.3",
"@types/jest": "^26.0.22", "@types/jest": "^26.0.22",
"bcrypt": "^5.0.0", "bcrypt": "^5.0.0",
"body-parser": "^1.19.0", "body-parser": "^1.19.0",

9
src/routes/channels/#channel_id/followers.ts
View File

@ -2,3 +2,12 @@ import { Router } from "express";
const router: Router = Router(); const router: Router = Router();
export default router; export default router;
/**
*
* @param {"webhook_channel_id":"754001514330062952"}
*
* Creates a WebHook in the channel and returns the id of it
*
* @returns {"channel_id": "816382962056560690", "webhook_id": "834910735095037962"}
*/

10
src/routes/channels/#channel_id/invites.ts
View File

@ -22,10 +22,7 @@ router.post("/", check(InviteCreateSchema), async (req: Request, res: Response)
const { guild_id } = channel; const { guild_id } = channel;
const permission = await getPermission(user_id, guild_id); const permission = await getPermission(user_id, guild_id);
permission.hasThrow("CREATE_INSTANT_INVITE");
if (!permission.has("CREATE_INSTANT_INVITE")) {
throw new HTTPError("You aren't authorised to access this endpoint", 401);
}
const invite = { const invite = {
code: random(), code: random(),
@ -55,10 +52,7 @@ router.get("/", async (req: Request, res: Response) => {
} }
const { guild_id } = channel; const { guild_id } = channel;
const permission = await getPermission(user_id, guild_id); const permission = await getPermission(user_id, guild_id);
permission.hasThrow("MANAGE_CHANNELS");
if (!permission.has("MANAGE_CHANNELS")) {
throw new HTTPError("You aren't authorised to access this endpoint", 401);
}
const invites = await InviteModel.find({ guild_id }).exec(); const invites = await InviteModel.find({ guild_id }).exec();

8
src/routes/channels/#channel_id/messages/:message_id/crosspost.ts Normal file
View File

@ -0,0 +1,8 @@
import { Router } from "express";
const router = Router();
// TODO:
// router.post("/", (req, res) => {});
export default router;

0
src/routes/channels/#channel_id/messages/:message_id/index.ts Normal file
View File

0
src/routes/channels/#channel_id/messages/:message_id/reactions.ts Normal file
View File

2
src/routes/channels/#channel_id/messages/bulk-delete.ts
View File

@ -18,7 +18,7 @@ router.post("/", check({ messages: [String] }), async (req, res) => {
if (!channel?.guild_id) throw new HTTPError("Can't bulk delete dm channel messages", 400); if (!channel?.guild_id) throw new HTTPError("Can't bulk delete dm channel messages", 400);
const permission = await getPermission(req.user_id, channel?.guild_id, channel_id, { channel }); const permission = await getPermission(req.user_id, channel?.guild_id, channel_id, { channel });
if (!permission.has("MANAGE_MESSAGES")) throw new HTTPError("You are missing the MANAGE_MESSAGES permissions"); permission.hasThrow("MANAGE_MESSAGES");
const { maxBulkDelete } = Config.get().limits.message; const { maxBulkDelete } = Config.get().limits.message;

10
src/routes/channels/#channel_id/messages/index.ts
View File

@ -62,7 +62,8 @@ router.get("/", async (req, res) => {
if (channel.guild_id) { if (channel.guild_id) {
const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel }); const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel });
if (!permissions.has("VIEW_CHANNEL")) throw new HTTPError("You don't have permission to view this channel", 401); permissions.hasThrow("VIEW_CHANNEL");
if (!permissions.has("READ_MESSAGE_HISTORY")) return res.json([]); if (!permissions.has("READ_MESSAGE_HISTORY")) return res.json([]);
} else if (channel.recipients) { } else if (channel.recipients) {
// group/dm channel // group/dm channel
@ -106,11 +107,10 @@ router.post("/", check(MessageCreateSchema), async (req, res) => {
if (channel.guild_id) { if (channel.guild_id) {
const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel }); const permissions = await getPermission(req.user_id, channel.guild_id, channel_id, { channel });
if (!permissions.has("SEND_MESSAGES")) throw new HTTPError("You don't have the SEND_MESSAGES permission"); permissions.hasThrow("SEND_MESSAGES");
if (body.tts && !permissions.has("SEND_TTS_MESSAGES")) throw new HTTPError("You are missing the SEND_TTS_MESSAGES permission"); if (body.tts) permissions.hasThrow("SEND_TTS_MESSAGES");
if (body.message_reference) { if (body.message_reference) {
if (!permissions.has("READ_MESSAGE_HISTORY")) permissions.hasThrow("READ_MESSAGE_HISTORY");
throw new HTTPError("You are missing the READ_MESSAGE_HISTORY permission to reply");
if (body.message_reference.guild_id !== channel.guild_id) if (body.message_reference.guild_id !== channel.guild_id)
throw new HTTPError("You can only reference messages from this guild"); throw new HTTPError("You can only reference messages from this guild");
} }

2
src/routes/channels/#channel_id/webhooks.ts
View File

@ -1,4 +1,6 @@
import { Router } from "express"; import { Router } from "express";
const router: Router = Router(); const router: Router = Router();
router.post("/", (req, res) => {});
export default router; export default router;

6
src/routes/guilds/#guild_id/bans.ts
View File

@ -35,7 +35,7 @@ router.post("/:user_id", check(BanCreateSchema), async (req: Request, res: Respo
const banned_user = await getPublicUser(banned_user_id); const banned_user = await getPublicUser(banned_user_id);
const perms = await getPermission(req.user_id, guild_id); const perms = await getPermission(req.user_id, guild_id);
if (!perms.has("BAN_MEMBERS")) throw new HTTPError("You don't have the permission to ban members", 403); perms.hasThrow("BAN_MEMBERS");
if (req.user_id === banned_user_id) throw new HTTPError("You can't ban yourself", 400); if (req.user_id === banned_user_id) throw new HTTPError("You can't ban yourself", 400);
await removeMember(banned_user_id, guild_id); await removeMember(banned_user_id, guild_id);
@ -69,9 +69,7 @@ router.delete("/:user_id", async (req: Request, res: Response) => {
if (!guild) throw new HTTPError("Guild not found", 404); if (!guild) throw new HTTPError("Guild not found", 404);
const perms = await getPermission(req.user_id, guild_id); const perms = await getPermission(req.user_id, guild_id);
if (!perms.has("BAN_MEMBERS")) { perms.hasThrow("BAN_MEMBERS");
throw new HTTPError("No permissions", 403);
}
await BanModel.deleteOne({ await BanModel.deleteOne({
user_id: banned_user_id, user_id: banned_user_id,

2
src/routes/guilds/#guild_id/index.ts
View File

@ -41,7 +41,7 @@ router.patch("/", check(GuildUpdateSchema), async (req: Request, res: Response)
// TODO: guild update check image // TODO: guild update check image
const perms = await getPermission(req.user_id, guild_id); const perms = await getPermission(req.user_id, guild_id);
if (!perms.has("MANAGE_GUILD")) throw new HTTPError("You do not have the MANAGE_GUILD permission", 401); perms.hasThrow("MANAGE_GUILD");
const guild = await GuildModel.findOneAndUpdate({ id: guild_id }, body) const guild = await GuildModel.findOneAndUpdate({ id: guild_id }, body)
.populate({ path: "joined_at", match: { id: req.user_id } }) .populate({ path: "joined_at", match: { id: req.user_id } })