dandri/server
1
0
Fork 0
mirror of https://github.com/spacebarchat/server.git synced 2026-05-23 14:45:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

🚧 new body parser (bans route)

Browse Source
This commit is contained in:
Flam3rboy
2021-09-12 21:21:08 +02:00
parent 0a0a61565e
commit e2c66a1fe5
5 changed files with 1323 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files
api/src/routes/guilds/#guild_id/bans.ts
+10 -15
View File
@@ -1,19 +1,18 @@
import { Request, Response, Router } from "express";
import { emitEvent, getPermission, GuildBanAddEvent, GuildBanRemoveEvent, Guild, Ban, User, Member } from "@fosscord/util";
import { HTTPError } from "lambert-server";
import { getIpAdress, check } from "@fosscord/api";
import { getIpAdress, check, route } from "@fosscord/api";
import { BanCreateSchema } from "@fosscord/api/schema/Ban";
const router: Router = Router();
router.get("/", async (req: Request, res: Response) => {
router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => {
const { guild_id } = req.params;
var bans = await Ban.find({ guild_id: guild_id });
return res.json(bans);
});
router.get("/:user", async (req: Request, res: Response) => {
router.get("/:user", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => {
const { guild_id } = req.params;
const user_id = req.params.ban;
@@ -21,15 +20,14 @@ router.get("/:user", async (req: Request, res: Response) => {
return res.json(ban);
});
router.put("/:user_id", check(BanCreateSchema), async (req: Request, res: Response) => {
router.put("/:user_id", route({ body: "BanCreateSchema", permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => {
const { guild_id } = req.params;
const banned_user_id = req.params.user_id;
const banned_user = await User.getPublicUser(banned_user_id);
const perms = await getPermission(req.user_id, guild_id);
perms.hasThrow("BAN_MEMBERS");
if (req.user_id === banned_user_id) throw new HTTPError("You can't ban yourself", 400);
if (perms.cache.guild?.owner_id === banned_user_id) throw new HTTPError("You can't ban the owner", 400);
if (req.permission?.cache.guild?.owner_id === banned_user_id) throw new HTTPError("You can't ban the owner", 400);
const ban = new Ban({
user_id: banned_user_id,
@@ -55,17 +53,14 @@ router.put("/:user_id", check(BanCreateSchema), async (req: Request, res: Respon
return res.json(ban);
});
router.delete("/:user_id", async (req: Request, res: Response) => {
var { guild_id } = req.params;
var banned_user_id = req.params.user_id;
router.delete("/:user_id", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => {
const { guild_id, user_id } = req.params;
const banned_user = await User.getPublicUser(banned_user_id);
const perms = await getPermission(req.user_id, guild_id);
perms.hasThrow("BAN_MEMBERS");
const banned_user = await User.getPublicUser(user_id);
await Promise.all([
Ban.delete({
user_id: banned_user_id,
user_id: user_id,
guild_id
}),
api/src/util/route.ts
+66
View File
@@ -0,0 +1,66 @@
import { DiscordApiErrors, Event, EventData, getPermission, PermissionResolvable, Permissions } from "@fosscord/util";
import { NextFunction, Request, Response } from "express";
import fs from "fs";
import path from "path";
import Ajv from "ajv";
import { AnyValidateFunction } from "ajv/dist/core";
import { FieldErrors } from "..";
const SchemaPath = path.join(__dirname, "..", "..", "assets", "schemas.json");
const schemas = JSON.parse(fs.readFileSync(SchemaPath, { encoding: "utf8" }));
export const ajv = new Ajv({ allErrors: true, parseDate: true, allowDate: true, schemas, messages: true });
declare global {
namespace Express {
interface Request {
permission?: Permissions;
}
}
}
export type RouteSchema = string; // typescript interface name
export type RouteResponse = { status: number; body?: RouteSchema; headers?: Record<string, string> };
export interface RouteOptions {
permission?: PermissionResolvable;
body?: RouteSchema;
response?: RouteResponse;
example?: {
body?: any;
path?: string;
event?: EventData;
headers?: Record<string, string>;
};
}
export function route(opts: RouteOptions) {
var validate: AnyValidateFunction<any>;
if (opts.body) {
// @ts-ignore
validate = ajv.getSchema(opts.body);
if (!validate) throw new Error(`Body schema ${opts.body} not found`);
}
return async (req: Request, res: Response, next: NextFunction) => {
if (opts.permission) {
const required = new Permissions(opts.permission);
const permission = await getPermission(req.user_id, req.params.guild_id, req.params.channel_id);
console.log(required.bitfield, permission.bitfield, permission.bitfield & required.bitfield);
// bitfield comparison: check if user lacks certain permission
if (!permission.has(required)) {
throw DiscordApiErrors.MISSING_PERMISSIONS.withParams(opts.permission as string);
}
if (validate) {
const valid = validate(req.body);
if (!valid) {
const fields: Record<string, { code?: string; message: string }> = {};
validate.errors?.forEach((x) => (fields[x.instancePath] = { code: x.keyword, message: x.message || "" }));
throw FieldErrors(fields);
}
}
}
next();
};
}