From 8ee8c8c28c3b611b87b95bf8d35f9ebfd729258b Mon Sep 17 00:00:00 2001 From: MathMan05 Date: Wed, 19 Nov 2025 08:56:15 -0600 Subject: [PATCH] fixes --- src/api/util/handlers/Webhook.ts | 61 +++++++++----------------------- 1 file changed, 17 insertions(+), 44 deletions(-) diff --git a/src/api/util/handlers/Webhook.ts b/src/api/util/handlers/Webhook.ts index e9e0bf6c..3980b47e 100644 --- a/src/api/util/handlers/Webhook.ts +++ b/src/api/util/handlers/Webhook.ts @@ -6,44 +6,17 @@ import { MoreThan } from "typeorm"; import { WebhookExecuteSchema } from "@spacebar/schemas"; export const executeWebhook = async (req: Request, res: Response) => { - const { wait } = req.query; - - if (!wait) { - res.status(204).send(); - } - - const { webhook_id, token } = req.params; - const body = req.body as WebhookExecuteSchema; - const attachments: Attachment[] = []; - // ensure one of content, embeds, components, or file is present - if (!body.content && !body.embeds && !body.components && !body.file && !body.attachments) { - if (wait) { - throw DiscordApiErrors.CANNOT_SEND_EMPTY_MESSAGE; - } else { - return; - } - } - - // block username from containing certain words - // TODO: configurable additions if (body.username) { ValidateName(body.username); } - // block username from being certain words - // TODO: configurable additions - const blockedEquals = ["everyone", "here"]; - for (const word of blockedEquals) { - if (body.username?.toLowerCase() === word) { - if (wait) - res.status(400).json({ - username: [`Username cannot be "${word}"`], - }); - return; - } + // ensure one of content, embeds, components, or file is present + if (!body.content && !body.embeds && !body.components && !body.file && !body.attachments) { + throw DiscordApiErrors.CANNOT_SEND_EMPTY_MESSAGE; } + const { webhook_id, token } = req.params; const webhook = await Webhook.findOne({ where: { @@ -53,13 +26,21 @@ export const executeWebhook = async (req: Request, res: Response) => { }); if (!webhook) { - if (wait) { - throw DiscordApiErrors.UNKNOWN_WEBHOOK; - } else { - return; - } + throw DiscordApiErrors.UNKNOWN_WEBHOOK; } + if (webhook.token !== token) { + throw DiscordApiErrors.INVALID_WEBHOOK_TOKEN_PROVIDED; + } + + const { wait } = req.query; + + if (!wait) { + res.status(204).send(); + } + + const attachments: Attachment[] = []; + if (!webhook.channel.isWritable()) { if (wait) { throw new HTTPError(`Cannot send messages to channel of type ${webhook.channel.type}`, 400); @@ -68,14 +49,6 @@ export const executeWebhook = async (req: Request, res: Response) => { } } - if (webhook.token !== token) { - if (wait) { - throw DiscordApiErrors.INVALID_WEBHOOK_TOKEN_PROVIDED; - } else { - return; - } - } - // TODO: creating messages by users checks if the user can bypass rate limits, we cant do that on webhooks, but maybe we could check the application if there is one? const limits = Config.get().limits; if (limits.absoluteRate.register.enabled) {