RSCord/ServerSpacebarOld
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixes

Browse Source
This commit is contained in:
MathMan05 2025-11-19 08:56:15 -06:00
parent 0490739330
commit 8ee8c8c28c
1 changed files with 17 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
src/api/util/handlers/Webhook.ts
View File

@ -6,44 +6,17 @@ import { MoreThan } from "typeorm";
import { WebhookExecuteSchema } from "@spacebar/schemas"; import { WebhookExecuteSchema } from "@spacebar/schemas";
export const executeWebhook = async (req: Request, res: Response) => { export const executeWebhook = async (req: Request, res: Response) => {
const { wait } = req.query;
if (!wait) {
res.status(204).send();
}
const { webhook_id, token } = req.params;
const body = req.body as WebhookExecuteSchema; const body = req.body as WebhookExecuteSchema;
const attachments: Attachment[] = [];
// ensure one of content, embeds, components, or file is present
if (!body.content && !body.embeds && !body.components && !body.file && !body.attachments) {
if (wait) {
throw DiscordApiErrors.CANNOT_SEND_EMPTY_MESSAGE;
} else {
return;
}
}
// block username from containing certain words
// TODO: configurable additions
if (body.username) { if (body.username) {
ValidateName(body.username); ValidateName(body.username);
} }
// block username from being certain words // ensure one of content, embeds, components, or file is present
// TODO: configurable additions if (!body.content && !body.embeds && !body.components && !body.file && !body.attachments) {
const blockedEquals = ["everyone", "here"]; throw DiscordApiErrors.CANNOT_SEND_EMPTY_MESSAGE;
for (const word of blockedEquals) {
if (body.username?.toLowerCase() === word) {
if (wait)
res.status(400).json({
username: [`Username cannot be "${word}"`],
});
return;
}
} }
const { webhook_id, token } = req.params;
const webhook = await Webhook.findOne({ const webhook = await Webhook.findOne({
where: { where: {
@ -53,13 +26,21 @@ export const executeWebhook = async (req: Request, res: Response) => {
}); });
if (!webhook) { if (!webhook) {
if (wait) { throw DiscordApiErrors.UNKNOWN_WEBHOOK;
throw DiscordApiErrors.UNKNOWN_WEBHOOK;
} else {
return;
}
} }
if (webhook.token !== token) {
throw DiscordApiErrors.INVALID_WEBHOOK_TOKEN_PROVIDED;
}
const { wait } = req.query;
if (!wait) {
res.status(204).send();
}
const attachments: Attachment[] = [];
if (!webhook.channel.isWritable()) { if (!webhook.channel.isWritable()) {
if (wait) { if (wait) {
throw new HTTPError(`Cannot send messages to channel of type ${webhook.channel.type}`, 400); throw new HTTPError(`Cannot send messages to channel of type ${webhook.channel.type}`, 400);
@ -68,14 +49,6 @@ export const executeWebhook = async (req: Request, res: Response) => {
} }
} }
if (webhook.token !== token) {
if (wait) {
throw DiscordApiErrors.INVALID_WEBHOOK_TOKEN_PROVIDED;
} else {
return;
}
}
// TODO: creating messages by users checks if the user can bypass rate limits, we cant do that on webhooks, but maybe we could check the application if there is one? // TODO: creating messages by users checks if the user can bypass rate limits, we cant do that on webhooks, but maybe we could check the application if there is one?
const limits = Config.get().limits; const limits = Config.get().limits;
if (limits.absoluteRate.register.enabled) { if (limits.absoluteRate.register.enabled) {