diff --git a/assets/openapi.json b/assets/openapi.json index 8be85c7b1..2a928a2bc 100644 Binary files a/assets/openapi.json and b/assets/openapi.json differ diff --git a/assets/schemas.json b/assets/schemas.json index 3b82e3826..b72d9cc13 100644 Binary files a/assets/schemas.json and b/assets/schemas.json differ diff --git a/src/api/routes/applications/#application_id/emojis.ts b/src/api/routes/applications/#application_id/emojis.ts index d7973fca9..7e66afb63 100644 --- a/src/api/routes/applications/#application_id/emojis.ts +++ b/src/api/routes/applications/#application_id/emojis.ts @@ -18,7 +18,7 @@ import { Request, Response, Router } from "express"; import { route } from "@spacebar/api/util/handlers/route"; -import { Emoji } from "@spacebar/database"; +import { Emoji, Application } from "@spacebar/database"; import { Config, DiscordApiErrors, Snowflake, handleFile } from "@spacebar/util"; import { ApplicationEmojiModifySchema, EmojiCreateSchema } from "@spacebar/schemas"; @@ -97,6 +97,9 @@ router.post( const { application_id } = req.params as { [key: string]: string }; const body = req.body as EmojiCreateSchema; + const app = await Application.findOne({ where: { id: application_id } }); + if (req.user_id != app?.id && req.user_id != app?.owner_id) throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION; + const id = Snowflake.generate(); const emoji_count = await Emoji.count({ where: { application_id: application_id }, @@ -144,6 +147,9 @@ router.patch( const { emoji_id, application_id } = req.params as { [key: string]: string }; const body = req.body as ApplicationEmojiModifySchema; + const app = await Application.findOne({ where: { id: application_id } }); + if (req.user_id != app?.id && req.user_id != app?.owner_id) throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION; + if (body.name?.includes("-")) body.name = body.name?.replaceAll("-", ""); // Dashes are invalid apparently await Emoji.findOneOrFail({ @@ -173,6 +179,9 @@ router.delete( async (req: Request, res: Response) => { const { emoji_id, application_id } = req.params as { [key: string]: string }; + const app = await Application.findOne({ where: { id: application_id } }); + if (req.user_id != app?.id && req.user_id != app?.owner_id) throw DiscordApiErrors.ACTION_NOT_AUTHORIZED_ON_APPLICATION; + await Emoji.delete({ id: emoji_id, application_id: application_id, diff --git a/src/database/entities/Application.ts b/src/database/entities/Application.ts index 1fcb9e078..dc2b61116 100644 --- a/src/database/entities/Application.ts +++ b/src/database/entities/Application.ts @@ -58,6 +58,10 @@ export class Application extends BaseClass { @ManyToOne(() => User, { onDelete: "CASCADE" }) owner: User; + @Column({ type: "int8" }) + @RelationId((application: Application) => application.owner) + owner_id: string; + // TODO: enum this? https://discord.com/developers/docs/resources/application#application-object-application-flags @Column() flags: number = 0;