From 8a4bfd114324a8fcf0659d49c0cdec245648967d Mon Sep 17 00:00:00 2001
From: CyberL1 <cyber.hf18@gmail.com>
Date: Fri, 17 Oct 2025 06:58:23 +0200
Subject: [PATCH] fix: check if an application is in a guild

---
 .../#guild_id/commands/#command_id/index.ts   | 23 +++++++++++++++----
 .../guilds/#guild_id/commands/index.ts        | 23 +++++++++++++++----
 2 files changed, 38 insertions(+), 8 deletions(-)

diff --git a/src/api/routes/applications/#application_id/guilds/#guild_id/commands/#command_id/index.ts b/src/api/routes/applications/#application_id/guilds/#guild_id/commands/#command_id/index.ts
index c041e18b..c00835a3 100644
--- a/src/api/routes/applications/#application_id/guilds/#guild_id/commands/#command_id/index.ts
+++ b/src/api/routes/applications/#application_id/guilds/#guild_id/commands/#command_id/index.ts
@@ -19,7 +19,7 @@
 import { ApplicationCommandCreateSchema, ApplicationCommandSchema } from "@spacebar/schemas";
 import { route } from "@spacebar/api";
 import { Request, Response, Router } from "express";
-import { Application, ApplicationCommand, FieldErrors, Guild, Snowflake } from "@spacebar/util";
+import { Application, ApplicationCommand, FieldErrors, Guild, Member, Snowflake } from "@spacebar/util";
 
 const router = Router({ mergeParams: true });
 
@@ -34,7 +34,12 @@ router.get("/", route({}), async (req: Request, res: Response) => {
 	const guildExists = await Guild.exists({ where: { id: req.params.guild_id } });
 
 	if (!guildExists) {
-		res.status(404).send({ code: 404, message: "Unknown guild" });
+		res.status(404).send({ code: 404, message: "Unknown Server" });
+		return;
+	}
+
+	if (!(await Member.exists({ where: { id: req.params.application_id, guild_id: req.params.guild_id } }))) {
+		res.status(401).send({ code: 401, message: "Missing Access" });
 		return;
 	}
 
@@ -64,7 +69,12 @@ router.patch(
 		const guildExists = await Guild.exists({ where: { id: req.params.guild_id } });
 
 		if (!guildExists) {
-			res.status(404).send({ code: 404, message: "Unknown guild" });
+			res.status(404).send({ code: 404, message: "Unknown Server" });
+			return;
+		}
+
+		if (!(await Member.exists({ where: { id: req.params.application_id, guild_id: req.params.guild_id } }))) {
+			res.status(401).send({ code: 401, message: "Missing Access" });
 			return;
 		}
 
@@ -127,7 +137,12 @@ router.delete("/", async (req: Request, res: Response) => {
 	const guildExists = await Guild.exists({ where: { id: req.params.guild_id } });
 
 	if (!guildExists) {
-		res.status(404).send({ code: 404, message: "Unknown guild" });
+		res.status(404).send({ code: 404, message: "Unknown Server" });
+		return;
+	}
+
+	if (!(await Member.exists({ where: { id: req.params.application_id, guild_id: req.params.guild_id } }))) {
+		res.status(401).send({ code: 401, message: "Missing Access" });
 		return;
 	}
 
diff --git a/src/api/routes/applications/#application_id/guilds/#guild_id/commands/index.ts b/src/api/routes/applications/#application_id/guilds/#guild_id/commands/index.ts
index bb521980..38ec8b0e 100644
--- a/src/api/routes/applications/#application_id/guilds/#guild_id/commands/index.ts
+++ b/src/api/routes/applications/#application_id/guilds/#guild_id/commands/index.ts
@@ -19,7 +19,7 @@
 import { ApplicationCommandCreateSchema, ApplicationCommandSchema } from "@spacebar/schemas";
 import { route } from "@spacebar/api";
 import { Request, Response, Router } from "express";
-import { Application, ApplicationCommand, FieldErrors, Guild, Snowflake } from "@spacebar/util";
+import { Application, ApplicationCommand, FieldErrors, Guild, Member, Snowflake } from "@spacebar/util";
 
 const router = Router({ mergeParams: true });
 
@@ -34,7 +34,12 @@ router.get("/", route({}), async (req: Request, res: Response) => {
 	const guildExists = await Guild.exists({ where: { id: req.params.guild_id } });
 
 	if (!guildExists) {
-		res.status(404).send({ code: 404, message: "Unknown guild" });
+		res.status(404).send({ code: 404, message: "Unknown Server" });
+		return;
+	}
+
+	if (!(await Member.exists({ where: { id: req.params.application_id, guild_id: req.params.guild_id } }))) {
+		res.status(401).send({ code: 401, message: "Missing Access" });
 		return;
 	}
 
@@ -58,7 +63,12 @@ router.post(
 		const guildExists = await Guild.exists({ where: { id: req.params.guild_id } });
 
 		if (!guildExists) {
-			res.status(404).send({ code: 404, message: "Unknown guild" });
+			res.status(404).send({ code: 404, message: "Unknown Server" });
+			return;
+		}
+
+		if (!(await Member.exists({ where: { id: req.params.application_id, guild_id: req.params.guild_id } }))) {
+			res.status(401).send({ code: 401, message: "Missing Access" });
 			return;
 		}
 
@@ -126,7 +136,12 @@ router.put(
 		const guildExists = await Guild.exists({ where: { id: req.params.guild_id } });
 
 		if (!guildExists) {
-			res.status(404).send({ code: 404, message: "Unknown guild" });
+			res.status(404).send({ code: 404, message: "Unknown Server" });
+			return;
+		}
+
+		if (!(await Member.exists({ where: { id: req.params.application_id, guild_id: req.params.guild_id } }))) {
+			res.status(401).send({ code: 401, message: "Missing Access" });
 			return;
 		}