Merge branch 'master' into slowcord
This commit is contained in:
Madeline
commit
44aa39515b
BIN
api/package-lock.json
generated
BIN
api/package-lock.json
generated
Binary file not shown.
@ -1,5 +1,5 @@
|
||||
import { Request, Response, Router } from "express";
|
||||
import { emitEvent, getPermission, GuildBanAddEvent, GuildBanRemoveEvent, Guild, Ban, User, Member } from "@fosscord/util";
|
||||
import { DiscordApiErrors, emitEvent, getPermission, GuildBanAddEvent, GuildBanRemoveEvent, Guild, Ban, User, Member } from "@fosscord/util";
|
||||
import { HTTPError } from "lambert-server";
|
||||
import { getIpAdress, route } from "@fosscord/api";
|
||||
|
||||
@ -17,6 +17,14 @@ export interface BanRegistrySchema {
|
||||
reason?: string | undefined;
|
||||
};
|
||||
|
||||
export interface BanModeratorSchema {
|
||||
id: string;
|
||||
user_id: string;
|
||||
guild_id: string;
|
||||
executor_id: string;
|
||||
reason?: string | undefined;
|
||||
};
|
||||
|
||||
const router: Router = Router();
|
||||
|
||||
/* TODO: Deleting the secrets is just a temporary go-around. Views should be implemented for both safety and better handling. */
|
||||
@ -27,11 +35,14 @@ router.get("/", route({ permission: "BAN_MEMBERS" }), async (req: Request, res:
|
||||
let bans = await Ban.find({ guild_id: guild_id });
|
||||
|
||||
/* Filter secret from database registry.*/
|
||||
|
||||
bans.filter(ban => ban.user_id !== ban.executor_id);
|
||||
// pretend self-bans don't exist to prevent victim chasing
|
||||
|
||||
bans.forEach((registry: BanRegistrySchema) => {
|
||||
delete registry.ip;
|
||||
});
|
||||
|
||||
|
||||
return res.json(bans);
|
||||
});
|
||||
|
||||
@ -41,7 +52,12 @@ router.get("/:user", route({ permission: "BAN_MEMBERS" }), async (req: Request,
|
||||
|
||||
let ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id }) as BanRegistrySchema;
|
||||
|
||||
if (ban.user_id === ban.executor_id) throw DiscordApiErrors.UNKNOWN_BAN;
|
||||
// pretend self-bans don't exist to prevent victim chasing
|
||||
|
||||
/* Filter secret from registry. */
|
||||
|
||||
ban = ban as BanModeratorSchema;
|
||||
|
||||
delete ban.ip
|
||||
|
||||
@ -52,10 +68,12 @@ router.put("/:user_id", route({ body: "BanCreateSchema", permission: "BAN_MEMBER
|
||||
const { guild_id } = req.params;
|
||||
const banned_user_id = req.params.user_id;
|
||||
|
||||
const banned_user = await User.getPublicUser(banned_user_id);
|
||||
|
||||
if (req.user_id === banned_user_id) throw new HTTPError("You can't ban yourself", 400);
|
||||
if ( (req.user_id === banned_user_id) && (banned_user_id === req.permission!.cache.guild?.owner_id))
|
||||
throw new HTTPError("You are the guild owner, hence can't ban yourself", 403);
|
||||
|
||||
if (req.permission!.cache.guild?.owner_id === banned_user_id) throw new HTTPError("You can't ban the owner", 400);
|
||||
|
||||
const banned_user = await User.getPublicUser(banned_user_id);
|
||||
|
||||
const ban = new Ban({
|
||||
user_id: banned_user_id,
|
||||
@ -81,11 +99,48 @@ router.put("/:user_id", route({ body: "BanCreateSchema", permission: "BAN_MEMBER
|
||||
return res.json(ban);
|
||||
});
|
||||
|
||||
router.put("/@me", route({ body: "BanCreateSchema"}), async (req: Request, res: Response) => {
|
||||
const { guild_id } = req.params;
|
||||
|
||||
const banned_user = await User.getPublicUser(req.params.user_id);
|
||||
|
||||
if (req.permission!.cache.guild?.owner_id === req.params.user_id)
|
||||
throw new HTTPError("You are the guild owner, hence can't ban yourself", 403);
|
||||
|
||||
const ban = new Ban({
|
||||
user_id: req.params.user_id,
|
||||
guild_id: guild_id,
|
||||
ip: getIpAdress(req),
|
||||
executor_id: req.params.user_id,
|
||||
reason: req.body.reason // || otherwise empty
|
||||
});
|
||||
|
||||
await Promise.all([
|
||||
Member.removeFromGuild(req.user_id, guild_id),
|
||||
ban.save(),
|
||||
emitEvent({
|
||||
event: "GUILD_BAN_ADD",
|
||||
data: {
|
||||
guild_id: guild_id,
|
||||
user: banned_user
|
||||
},
|
||||
guild_id: guild_id
|
||||
} as GuildBanAddEvent)
|
||||
]);
|
||||
|
||||
return res.json(ban);
|
||||
});
|
||||
|
||||
router.delete("/:user_id", route({ permission: "BAN_MEMBERS" }), async (req: Request, res: Response) => {
|
||||
const { guild_id, user_id } = req.params;
|
||||
|
||||
let ban = await Ban.findOneOrFail({ guild_id: guild_id, user_id: user_id });
|
||||
|
||||
if (ban.user_id === ban.executor_id) throw DiscordApiErrors.UNKNOWN_BAN;
|
||||
// make self-bans irreversible and hide them from view to avoid victim chasing
|
||||
|
||||
const banned_user = await User.getPublicUser(user_id);
|
||||
|
||||
|
||||
await Promise.all([
|
||||
Ban.delete({
|
||||
user_id: user_id,
|
||||
|
||||
@ -65,8 +65,7 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res:
|
||||
}
|
||||
|
||||
var check_username = body?.username?.replace(/\s/g, '');
|
||||
//claiming an account does not provide username so check if username in body before throw
|
||||
if (!check_username && body.username) {
|
||||
if(!check_username && !body?.avatar && !body?.banner) {
|
||||
throw FieldErrors({
|
||||
username: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") }
|
||||
});
|
||||
|
||||
BIN
bundle/package-lock.json
generated
BIN
bundle/package-lock.json
generated
Binary file not shown.
BIN
gateway/package-lock.json
generated
BIN
gateway/package-lock.json
generated
Binary file not shown.
BIN
util/package-lock.json
generated
BIN
util/package-lock.json
generated
Binary file not shown.
Reference in New Issue
Block a user