Perms for GET webhook, url property

assets/openapi.json

@@ -2582,6 +2582,9 @@
                     "source_guild": {
                         "$ref": "#/components/schemas/Guild"
                     },
+                    "url": {
+                        "type": "string"
+                    },
                     "id": {
                         "type": "string"
                     }
@@ -2589,10 +2592,9 @@
                 "required": [
                     "application",
                     "application_id",
+                    "avatar",
                     "channel",
                     "channel_id",
-                    "guild",
-                    "guild_id",
                     "id",
                     "name",
                     "source_guild",
@@ -8778,7 +8780,7 @@
                         "bearer": []
                     }
                 ],
-                "description": "Returns a webhook object for the given id.",
+                "description": "Returns a webhook object for the given id and token.",
                 "responses": {
                     "200": {
                         "description": "",

src/api/routes/webhooks/#webhook_id/#token/index.ts

@@ -20,7 +20,7 @@ const router = Router();
 router.get(
 	"/",
 	route({
-		description: "Returns a webhook object for the given id.",
+		description: "Returns a webhook object for the given id and token.",
 		responses: {
 			200: {
 				body: "APIWebhook",
@@ -45,7 +45,12 @@ router.get(
 			throw DiscordApiErrors.INVALID_WEBHOOK_TOKEN_PROVIDED;
 		}
 
-		return res.json(webhook);
+		const instanceUrl =
+			Config.get().api.endpointPublic || "http://localhost:3001";
+		return res.json({
+			...webhook,
+			url: instanceUrl + "/webhooks/" + webhook.id + "/" + webhook.token,
+		});
 	},
 );
 

src/api/routes/webhooks/#webhook_id/index.ts

@@ -1,5 +1,10 @@
 import { route } from "@spacebar/api";
-import { Webhook } from "@spacebar/util";
+import {
+	Config,
+	DiscordApiErrors,
+	getPermission,
+	Webhook,
+} from "@spacebar/util";
 import { Request, Response, Router } from "express";
 const router = Router();
 
@@ -15,18 +20,29 @@ router.get(
 		},
 	}),
 	async (req: Request, res: Response) => {
-		// TODO: Permission check
 		const { webhook_id } = req.params;
 		const webhook = await Webhook.findOneOrFail({
 			where: { id: webhook_id },
-			relations: [
+			relations: ["channel", "guild", "application", "user"],
-				"user",
+		});
-				"guild",
+
-				"source_guild",
+		if (webhook.guild_id) {
-				"application" /*"source_channel"*/,
+			const permission = await getPermission(
-			],
+				req.user_id,
+				webhook.guild_id,
+			);
+
+			if (!permission.has("MANAGE_WEBHOOKS"))
+				throw DiscordApiErrors.UNKNOWN_WEBHOOK;
+		} else if (webhook.user_id != req.user_id)
+			throw DiscordApiErrors.UNKNOWN_WEBHOOK;
+
+		const instanceUrl =
+			Config.get().api.endpointPublic || "http://localhost:3001";
+		return res.json({
+			...webhook,
+			url: instanceUrl + "/webhooks/" + webhook.id + "/" + webhook.token,
 		});
-		return res.json(webhook);
 	},
 );
 

src/api/util/handlers/Message.ts

@@ -149,7 +149,6 @@ export async function handleMessage(opts: MessageOptions): Promise<Message> {
 				`/avatars/${opts.webhook_id}`,
 				dataUri as string,
 			);
-			console.log(message.avatar);
 			message.author.avatar = message.avatar;
 		}
 	} else {

src/util/entities/Webhook.ts

@@ -38,20 +38,20 @@ export class Webhook extends BaseClass {
 	name: string;
 
 	@Column({ nullable: true })
-	avatar?: string;
+	avatar: string;
 
 	@Column({ nullable: true })
 	token?: string;
 
 	@Column({ nullable: true })
 	@RelationId((webhook: Webhook) => webhook.guild)
-	guild_id: string;
+	guild_id?: string;
 
 	@JoinColumn({ name: "guild_id" })
 	@ManyToOne(() => Guild, {
 		onDelete: "CASCADE",
 	})
-	guild: Guild;
+	guild?: Guild;
 
 	@Column({ nullable: true })
 	@RelationId((webhook: Webhook) => webhook.channel)
@@ -92,4 +92,6 @@ export class Webhook extends BaseClass {
 		onDelete: "CASCADE",
 	})
 	source_guild: Guild;
+
+	url?: string;
 }