Merge pull request #1393 from MathMan05/webhookFix
This commit is contained in:
Cyber
GitHub
commit
652657d78f
@ -1,58 +1,15 @@
|
||||
import { handleMessage, postHandleMessage } from "@spacebar/api";
|
||||
import {
|
||||
Attachment,
|
||||
Config,
|
||||
DiscordApiErrors,
|
||||
emitEvent,
|
||||
FieldErrors,
|
||||
Message,
|
||||
MessageCreateEvent,
|
||||
uploadFile,
|
||||
ValidateName,
|
||||
Webhook,
|
||||
} from "@spacebar/util";
|
||||
import { Attachment, Config, DiscordApiErrors, emitEvent, FieldErrors, Message, MessageCreateEvent, uploadFile, ValidateName, Webhook } from "@spacebar/util";
|
||||
import { Request, Response } from "express";
|
||||
import { HTTPError } from "lambert-server";
|
||||
import { MoreThan } from "typeorm";
|
||||
import { WebhookExecuteSchema } from "@spacebar/schemas"
|
||||
import { WebhookExecuteSchema } from "@spacebar/schemas";
|
||||
|
||||
export const executeWebhook = async (req: Request, res: Response) => {
|
||||
const { wait } = req.query;
|
||||
if (!wait) return res.status(204).send();
|
||||
const body = req.body as WebhookExecuteSchema;
|
||||
|
||||
const { webhook_id, token } = req.params;
|
||||
|
||||
const body = req.body as WebhookExecuteSchema;
|
||||
const attachments: Attachment[] = [];
|
||||
|
||||
// ensure one of content, embeds, components, or file is present
|
||||
if (
|
||||
!body.content &&
|
||||
!body.embeds &&
|
||||
!body.components &&
|
||||
!body.file &&
|
||||
!body.attachments
|
||||
) {
|
||||
throw DiscordApiErrors.CANNOT_SEND_EMPTY_MESSAGE;
|
||||
}
|
||||
|
||||
// block username from containing certain words
|
||||
// TODO: configurable additions
|
||||
if (body.username) {
|
||||
ValidateName(body.username);
|
||||
}
|
||||
|
||||
// block username from being certain words
|
||||
// TODO: configurable additions
|
||||
const blockedEquals = ["everyone", "here"];
|
||||
for (const word of blockedEquals) {
|
||||
if (body.username?.toLowerCase() === word) {
|
||||
return res.status(400).json({
|
||||
username: [`Username cannot be "${word}"`],
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
const webhook = await Webhook.findOne({
|
||||
where: {
|
||||
id: webhook_id,
|
||||
@ -64,52 +21,66 @@ export const executeWebhook = async (req: Request, res: Response) => {
|
||||
throw DiscordApiErrors.UNKNOWN_WEBHOOK;
|
||||
}
|
||||
|
||||
if (!webhook.channel.isWritable()) {
|
||||
throw new HTTPError(
|
||||
`Cannot send messages to channel of type ${webhook.channel.type}`,
|
||||
400,
|
||||
);
|
||||
}
|
||||
|
||||
if (webhook.token !== token) {
|
||||
throw DiscordApiErrors.INVALID_WEBHOOK_TOKEN_PROVIDED;
|
||||
}
|
||||
|
||||
if (body.username) {
|
||||
ValidateName(body.username);
|
||||
}
|
||||
|
||||
// ensure one of content, embeds, components, or file is present
|
||||
if (!body.content && !body.embeds && !body.components && !body.file && !body.attachments) {
|
||||
throw DiscordApiErrors.CANNOT_SEND_EMPTY_MESSAGE;
|
||||
}
|
||||
|
||||
const wait = req.query.wait === "true";
|
||||
|
||||
if (!wait) {
|
||||
res.status(204).send();
|
||||
}
|
||||
|
||||
const attachments: Attachment[] = [];
|
||||
|
||||
if (!webhook.channel.isWritable()) {
|
||||
if (wait) {
|
||||
throw new HTTPError(`Cannot send messages to channel of type ${webhook.channel.type}`, 400);
|
||||
} else {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
// TODO: creating messages by users checks if the user can bypass rate limits, we cant do that on webhooks, but maybe we could check the application if there is one?
|
||||
const limits = Config.get().limits;
|
||||
if (limits.absoluteRate.register.enabled) {
|
||||
const count = await Message.count({
|
||||
where: {
|
||||
channel_id: webhook.channel_id,
|
||||
timestamp: MoreThan(
|
||||
new Date(
|
||||
Date.now() - limits.absoluteRate.sendMessage.window,
|
||||
),
|
||||
),
|
||||
timestamp: MoreThan(new Date(Date.now() - limits.absoluteRate.sendMessage.window)),
|
||||
},
|
||||
});
|
||||
|
||||
if (count >= limits.absoluteRate.sendMessage.limit)
|
||||
throw FieldErrors({
|
||||
channel_id: {
|
||||
code: "TOO_MANY_MESSAGES",
|
||||
message: req.t("common:toomany.MESSAGE"),
|
||||
},
|
||||
});
|
||||
if (wait) {
|
||||
throw FieldErrors({
|
||||
channel_id: {
|
||||
code: "TOO_MANY_MESSAGES",
|
||||
message: req.t("common:toomany.MESSAGE"),
|
||||
},
|
||||
});
|
||||
} else {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
const files = (req.files as Express.Multer.File[]) ?? [];
|
||||
for (const currFile of files) {
|
||||
try {
|
||||
const file = await uploadFile(
|
||||
`/attachments/${webhook.channel.id}`,
|
||||
currFile,
|
||||
);
|
||||
attachments.push(
|
||||
Attachment.create({ ...file, proxy_url: file.url }),
|
||||
);
|
||||
const file = await uploadFile(`/attachments/${webhook.channel.id}`, currFile);
|
||||
attachments.push(Attachment.create({ ...file, proxy_url: file.url }));
|
||||
} catch (error) {
|
||||
return res.status(400).json({ message: error?.toString() });
|
||||
if (wait) res.status(400).json({ message: error?.toString() });
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
@ -146,9 +117,7 @@ export const executeWebhook = async (req: Request, res: Response) => {
|
||||
]);
|
||||
|
||||
// no await as it shouldnt block the message send function and silently catch error
|
||||
postHandleMessage(message).catch((e) =>
|
||||
console.error("[Message] post-message handler failed", e),
|
||||
);
|
||||
|
||||
return res.json(message);
|
||||
postHandleMessage(message).catch((e) => console.error("[Message] post-message handler failed", e));
|
||||
if (wait) res.json(message);
|
||||
return;
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user