From 342ef1b20f7301ee9a74b3b488685b8393a2f0a4 Mon Sep 17 00:00:00 2001
From: TomatoCake <60300461+DEVTomatoCake@users.noreply.github.com>
Date: Sat, 31 Aug 2024 07:29:55 +0200
Subject: [PATCH 1/5] Stop sending X-Powered-By & share CORS/BodyParser
---
src/api/Server.ts | 7 ++++---
src/cdn/Server.ts | 31 +++++++++----------------------
2 files changed, 13 insertions(+), 25 deletions(-)
diff --git a/src/api/Server.ts b/src/api/Server.ts
index bea75d7e..bbcbed32 100644
--- a/src/api/Server.ts
+++ b/src/api/Server.ts
@@ -1,17 +1,17 @@
/*
Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
Copyright (C) 2023 Spacebar and Spacebar Contributors
-
+
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see .
*/
@@ -98,6 +98,7 @@ export class SpacebarServer extends Server {
}
this.app.set("json replacer", JSONReplacer);
+ this.app.disable("x-powered-by");
this.app.use(CORS);
this.app.use(BodyParser({ inflate: true, limit: "10mb" }));
diff --git a/src/cdn/Server.ts b/src/cdn/Server.ts
index 255452a0..a2cde7e0 100644
--- a/src/cdn/Server.ts
+++ b/src/cdn/Server.ts
@@ -1,17 +1,17 @@
/*
Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
Copyright (C) 2023 Spacebar and Spacebar Contributors
-
+
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
-
+
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see .
*/
@@ -22,7 +22,8 @@ import path from "path";
import avatarsRoute from "./routes/avatars";
import guildProfilesRoute from "./routes/guild-profiles";
import iconsRoute from "./routes/role-icons";
-import bodyParser from "body-parser";
+import { CORS } from "../api/middlewares/CORS";
+import { BodyParser } from "../api/middlewares/BodyParser";
export type CDNServerOptions = ServerOptions;
@@ -38,24 +39,10 @@ export class CDNServer extends Server {
await Config.init();
await Sentry.init(this.app);
- this.app.use((req, res, next) => {
- res.set("Access-Control-Allow-Origin", "*");
- // TODO: use better CSP policy
- res.set(
- "Content-security-policy",
- "default-src * data: blob: filesystem: about: ws: wss: 'unsafe-inline' 'unsafe-eval'; script-src * data: blob: 'unsafe-inline' 'unsafe-eval'; connect-src * data: blob: 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src * data: blob: ; style-src * data: blob: 'unsafe-inline'; font-src * data: blob: 'unsafe-inline';",
- );
- res.set(
- "Access-Control-Allow-Headers",
- req.header("Access-Control-Request-Headers") || "*",
- );
- res.set(
- "Access-Control-Allow-Methods",
- req.header("Access-Control-Request-Methods") || "*",
- );
- next();
- });
- this.app.use(bodyParser.json({ inflate: true, limit: "10mb" }));
+ this.app.disable("x-powered-by");
+
+ this.app.use(CORS);
+ this.app.use(BodyParser({ inflate: true, limit: "10mb" }));
await registerRoutes(this, path.join(__dirname, "routes/"));
From 12eab21c833292c4a32998e5974a3fc7ead39ca6 Mon Sep 17 00:00:00 2001
From: SupremeMortal <6178101+SupremeMortal@users.noreply.github.com>
Date: Sun, 15 Sep 2024 17:41:07 +0100
Subject: [PATCH 2/5] Add missing fields to `MessageAcknowledgeSchema`
I'm not entirely sure what these fields do, but I've added them to make the client happy.
---
src/util/schemas/MessageAcknowledgeSchema.ts | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/util/schemas/MessageAcknowledgeSchema.ts b/src/util/schemas/MessageAcknowledgeSchema.ts
index 28cd9c79..3ba71649 100644
--- a/src/util/schemas/MessageAcknowledgeSchema.ts
+++ b/src/util/schemas/MessageAcknowledgeSchema.ts
@@ -19,4 +19,7 @@
export interface MessageAcknowledgeSchema {
manual?: boolean;
mention_count?: number;
+ flags?: number;
+ last_viewed?: number;
+ token?: string;
}
From c2c34039d37f897f523188ca45b180d1a63058bb Mon Sep 17 00:00:00 2001
From: root
Date: Thu, 20 Mar 2025 09:09:34 -0700
Subject: [PATCH 3/5] added updates to sync with djs webhook packet
---
assets/openapi.json | Bin 627310 -> 628420 bytes
assets/schemas.json | Bin 25277849 -> 25370417 bytes
src/util/schemas/MessageCreateSchema.ts | 2 +-
src/util/schemas/WebhookExecuteSchema.ts | 15 ++++++++++++++-
4 files changed, 15 insertions(+), 2 deletions(-)
diff --git a/assets/openapi.json b/assets/openapi.json
index b78f33e563f7a5d568b9252ea7a942fad598e95e..edd49baa131f578e833f3a086fe214ffbef032ba 100644
GIT binary patch
delta 113
zcmaF2MD560wT2eP7N!>FEi9K8PFF}^l9+y9iaCAyd@p8?=?W%{64MvhGivjvq^4!&
zWtL>-=N0P*FEi9K8PJh6}tlu87j0K2UftU@5*|$e5Uo5=1k
zLt^Mc?{=tfa_fv+WpZg`LgUO#%tYoKW6)XUeCC|LVEynspZ4yDXFuy*?|Rp}_IK~<
z+H77~musGt4afCPeZtueGbi4ZH{L;iP0AAfMW*pi-klt8$TenW+YAEx-}4=pz(@YW
z*O6=D5={AyL$5yM6{br}xQ3gL=Jihvh8L(^Q+fM|a64XlxW??wKcAg3u;%ezR)a<4
zCgb}~ye!*Y!H(zZA@s%ZTmxMqjr3zD7H@BeFcR_h#y=CNGBk`ZLF1+=o5@`2RAx-4
z8X$Bka|^O%Wk)N`5fa9K_0!?
zI4m*L4q-16LzTbNsfM*ESy+pM2x}QQmoCD&a~)akTqlt`chH4
z)tXN;$TnkV)oR2$;;j1Jf6=+#r+b&}(~TDUbUr7^T(h9SF^I7uDA2cz&TDI?<&_w5Oy`}V|}bYZTTKZ#Y$*NBSwf$^)T
zymC|>zzn(r5tD^M_j@9lO!~#XBi8IhMi3%coXD6`L>KF^dLeAA-c&JGFO+9d8D=$m
zLlI%3X79AKblJSXb2?k#`My}-8UB=PaoL3Ga72WdP#x(+=T#FhgJ}Y03QfSQA~IEu
zs^;v<`B{h$#Fg_OCexh=9^tc@NBA7!5gxUaZu_LRMzPe^xgxc7-m!IL+s85~npq~r
z2+O3{-OI>S^Lt`heovgp@A)W!&g;Ex@$BBV`QqNT1vlu{wbW)IE4BGpl-evxrOV;o
z;zg{tI6?FlFaCwjYs=6jtYzp@(K2*d37u+G`7#z&zFb6=Cr%~13h|M(D=gT~F-eGI
zv2)CdV|0d5nvJaeM2xImxtmV4Drgm}3R*3yf>I=+Fh6kOC7o-H`N%DX_PjJE%}-mZ
z@&iZSv|^kKS5)n=)@J2dfpbB8H^
zw)g`lhLJ&Jh?35A6UefF<8;!F-CUlD_*C3nzWykgG)wMTkJuoRd$Jmd!i-b)zFRR<
zXKqA%Ce)dmh7e2Rg`7<@_*_gg*jz;y>xVg;*~1(r9_DPhK-b_FDz~yiz
zwYDUO)t2On+LG<%bgGf6JQk^vM5JoRAhJ@`KLOxfxdwy!%Be3O9MT%ZoAke)!s86}
zJPS02-n_{?#IV4P+4HQO&91!OJVe3Ws&*LgjywZrUi!`~SB8Zb@r6)S<(sEb^^9+3
z7iPf)%q;jzVHR9?IE7T2U-D8~vdY#%#7ygLA-0G$#O@LevBg1TS^6gG
z&pM0Qv(DY(S?3;V>0yZ_Y*^x6F)UH*K^t)1yKbK;3w)+Ul#0M-e`_L+I_k6Db^Ar{
zy01cMrFm1qK_eER|25)(2+%)xfOfAj)JK$wrh-H3=vG~6ZLDBH&gF>1BFOp36}k&C
zj_ufsecy-|`;M+5Gt8pAjv*>Ulvm{@I@NR4mF!$~l{i;j{TLG+munD0XfEpxk+o5Mvoj-hYxYUR-^H!jr;6zeM|YfJ(H*BnbVqF@S*SLDl%1G<7w>je{IzIw~U?oJE)0m#slB{kvFCPkHWpK&i!vB>s+1sdnmpmw7`aI
zy6heMUlyoM6xzIdZg`c|7`pQAj#IOF-KslEZei=L+Zf9p6khv&VraFC8|Sp`U|K|Z!61s0NhO!k%SCB$X%mF<;a
zvaDw<#a9qlMN9EDSE54$haGK0n-I;SZD>ouMw;|P)j9Poi0fib{de1m))iH+PH9El
z5Lc(%oJZ7np{mWzn}}P&=H~75bY9QIwy`s@--|P`cc|Je^qSsz2hlFlJMUg5@`__Z
z@8v%rI)wM~dxwbD6(807_Ro8W`{LU_9~2UKMb%lKbs~Ngvp##s=~VBU{FB`^`AOV0
z`B@@T?W+>f&xl{d9I5LnovM}c5wlW07FNn%&(W#Y?)jC~?)gpB?&-cjr<&ycgeAE@
z6-n+rgsLv(J9sh2sh4i&A~
z#9FH6NjkjB5Ri;OKD^2p>dDqu`&wxOrc&G=#(-o3a@-%LP)jB+8D^OQ(g2VRv&^B9
zPFNUOfFz78K^8_~j
z%Al!V=y=y9S3nvJ@~%s6@Hv@dZJ)3OACp+(T2Qe=!Ltl63@k`adYk|Hc#sj-j2<{p
z``a2XSjkIu{zJItiS-a(;qPq6vwlw;_SZ{$-Z4$j^{zoiqte3Nc>JRAhC8zjYKafX`
zUNqv(7-;=&BU@=y!Z1J@4)Ul3Pgp<~tBgmUAZ0vy3*?MPZ-XOI^~DX6iCKt**^#-%
z8yv_sh?M!t8--tuMB!JXpkWPJNf<7vK^iW-1M+a`U6@RlmRC#0fQd9uIU10BK%S=@
z136^!QlC81Sdg!l_(B1la2P)BC55T{K@L-mgH3e8HAlwb0e@sX9`Hv3U@l#5Klhmc
z(sQ4QAV2q+1Pye;`)enGw7*sZ^8VUDm`WCEo-o#cqHiam==c~+Xc-T%H&?SD&g
z>y9bwt};hhi0&#&!k#un7Y$N~E(YWfT`bs
z_QiORvMh9
zUI}~Xg#GXt1<7wSK6>D{IR)B?OA3$6a({C{mLjay;8@Bk6~|ImY4DirgGj2PG(buR
zSyi+a){=$3{~0T3```>fS_ks>!I^~jK}mNY6OcXyS$AMPOeC`{{ouU;kg`Dj!FwZ6
N{fzE=Cq1)I{{w-%L7V^p
delta 5028
zcmZ`-e_YM?8h<@UCHg^1=`=K3sBn&0YO<^y)Y=-EqWq|lh<;G3kV5ilHRsd4vF|4B
zXq*k#Bz57VU9`Q!cm=XrnL&+~kKJbh0kRUcY@
za(9>Iww+L>IF%qpjvbvUMHFhZc;Yk5W~KB|;-KMdBv%Lw!jatM>-9tu)O6c|jZ>Nm
znBh3(;MV6zBJ_h`&UOCotj>QD
z*7;AqOQO>KjGZ>j_R?g5DQJ61l}_yYBu=b-nOa~fwlDK&CoatMj)%ZB^t>~@oER|g
z#8(77(K~U*VY=46dj@mw_Coh=@4X}{_15Q`vSI91ftfgr`4q<*Z%)6&%61mBvV9G$
zY<(M^<1(etmrW_0jZ+F=58pVTizFmw?B~gT0&n2YlQkG;tYbGSGy-$*M#bDCBoS-S
z%oFg(22FspjjSzg4q&CtZ(?b4;91fKJ01U)z}t8_KInIvx2r3Nb#=XiU0w5)bZtcT
z0v3@Sj1k!jKPFL0L@im6-Ma#dFvu<>j-HX3E`*usLeWgOcr9(KeBu&TJ~0f-Cx#bq
zF>Xr=ng8Zk$@{}}C&|}q$uQPg9WJmGJFAxk#~6#56u4Yq1xkSttBDnx*AgKRiSt_C
zyG+Z7j$g^5<5yvHd{i=RVZzfWHsR@NobWXISGqQQ=NcBib1jDNj47m1KkIeO&w4%j
zS;zX5=OJMjYF`_&*_<7i
z^}awd9+;I9`KK}2KeAb1ZHhoD2G(wxK|2=)tTto|)`q0LW|X``$<{Qc32enRjp@gY
zqGD)8#AFC;!-$ye-x25j@sRmwJIj2u12Z3GzDOiYj0b@%yq~e_EVb_(!dT~!Z0sEJ
z!8v-VEu;^ag_MI9Qm!vuyT|!Mw#Rul?s3*0CDHz8zx$|`?LNwJ_t89iy0Lx3LlVQo
zOqy+?7^%y)g{gU*1AG7p(pJ4jEeVXU=V3S!ZXFkNq*VoEVtCpxgXT+t<7m(nuc8K94aID$;RJ3qlw^{qB%?G@Tlm$*>uj3gP8jU-6hQ%GM#<+uL&r#=e)i*3%RfFlO
zbHg@}TPN01s1EpHGx1{&Fa97&7sX?hS#&qa06zB
zUl>D9OV_Bd26Ji5eU;U&TNifSy7<+thK%jTO|kP?mjr&q^I8Aa()>l%msyeZ6)dv8
z8cuFxe+Cv*bXDL#7*uqviaLb2{g;Kf{e&TI*XwCCuJk&KEBzVcN^jKBXqHbS%kpW$
zET5Z4NOtMjS8}G|Cd)K5W2WJky~Lnj61%vC#V)>uv5Rj@M8brNz#R-~YTZYp9x=Z%
zkC?mY5p&N#qk(PrSYX@#FtF`@4ULAS{hx)UJ;1QE-@c{Mb*8_wb*62&&h+5`(KPKt
zmZp7#Y1;N5$=YZ8Zo)ow=n!~}pE^AGj9gZh^TiW^rMmBG?#2Rj&spNn
z4wv@`^qx9g4zw?hegJ|LAfw+P@Fs)5|5|Xr3xhzA3CMmIOu=Q7@y+8U(PkiMFvum*
z=5U6T!7Cq_gP#JcXZ*#B(L3SXwIgA`=PZUKXfh&saK~@wwKnbm++jSK1ZdXT;yIqw~
zKwc}qS*8R*P9WbbdjTw|z{__ua4+96Aba_ag*%(ce#VGDusr6fGsrPlUxX~;pz9M@
z@wqF;3WY5g9)GeCh-cG!f+Usjg5-1qOv1
zaD&1fWP@T7IFdx%LpuosO$OORI|Up_!90JI3IwS^&L1@us^2Fq>yAwYt~=%dvhLV4
z@S`=jdrk-L?)eJH?w+2IPX*?uJ%O8_o&mD?X|I6wA>fuMaySHH5Ej*&ITUY`Z~ywt$yH7Qb?DBy=}Nj;u|1H
z1F}it9N0^~Qh77X1wr#bZU%oyA@7nO;{G5g0OUjbO_)pa@ac|$Am}ZSr#rq4&Gf_~
z^>2$x^+BRi{X0;WN)BX&&wSu3d=`Mb!Y3GlXo`-SVBj4!3qkIvc^CH6BCju81pNBK
z5Rk7g4241D1A)6WhJv8QAiFg#0SEGL0-l=`27whAu5$^$4jaUh?YQ!qoM`e9a#ELubUj>4qKz8208j6UF
zTa1qeL2E#^7{3-~(vI>f)&kF~hygjTVjYxFhg{8i(Xu91w5*APe53L6i;}OcivvON
zAg`@UfZvQ9gg_s<0R(LXSs$7R^hXrWX-Wh^Ng(Gmy${#urX63O4E*@|6p)XvPlea%
z1
ci>q15?e}g2LEAyL-@5~hf5`r%R1Dqv2a_B6LjV8(
diff --git a/src/util/schemas/MessageCreateSchema.ts b/src/util/schemas/MessageCreateSchema.ts
index 4eaf7c96..2538d39e 100644
--- a/src/util/schemas/MessageCreateSchema.ts
+++ b/src/util/schemas/MessageCreateSchema.ts
@@ -69,7 +69,7 @@ export interface MessageCreateSchema {
}
// TypeScript complains once this is used above
-interface PollCreationSchema {
+export interface PollCreationSchema {
question: PollMedia;
answers: PollAnswer[];
duration?: number;
diff --git a/src/util/schemas/WebhookExecuteSchema.ts b/src/util/schemas/WebhookExecuteSchema.ts
index 943cbe9e..c2617d12 100644
--- a/src/util/schemas/WebhookExecuteSchema.ts
+++ b/src/util/schemas/WebhookExecuteSchema.ts
@@ -17,7 +17,10 @@
*/
import { Embed } from "../entities";
-import { MessageCreateAttachment } from "./MessageCreateSchema";
+import {
+ MessageCreateAttachment,
+ PollCreationSchema,
+} from "./MessageCreateSchema";
export interface WebhookExecuteSchema {
content?: string;
@@ -43,4 +46,14 @@ export interface WebhookExecuteSchema {
flags?: number;
thread_name?: string;
applied_tags?: string[];
+ message_reference?: {
+ message_id: string;
+ channel_id?: string;
+ guild_id?: string;
+ fail_if_not_exists?: boolean;
+ };
+ sticker_ids?: string[];
+ nonce?: string;
+ enforce_nonce?: boolean; // For Discord compatibility, it's the default behavior here
+ poll?: PollCreationSchema;
}
From 109bf0da7c6720e40dcb6029a9dd1e5f1299c3eb Mon Sep 17 00:00:00 2001
From: MathMan05 <73901602+MathMan05@users.noreply.github.com>
Date: Sat, 22 Mar 2025 23:03:33 -0500
Subject: [PATCH 4/5] fix minor bug
---
src/api/routes/users/@me/index.ts | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/api/routes/users/@me/index.ts b/src/api/routes/users/@me/index.ts
index 9cd8bfda..2ec6f499 100644
--- a/src/api/routes/users/@me/index.ts
+++ b/src/api/routes/users/@me/index.ts
@@ -152,7 +152,7 @@ router.patch(
}
const { maxUsername } = Config.get().limits.user;
- if (check_username.length > maxUsername) {
+ if (check_username.length > maxUsername || check_username.length < 2) {
throw FieldErrors({
username: {
code: "BASE_TYPE_BAD_LENGTH",
From 90287748ce99ca89c92cb5871b6587927c5cceef Mon Sep 17 00:00:00 2001
From: MathMan05 <73901602+MathMan05@users.noreply.github.com>
Date: Sun, 23 Mar 2025 13:13:03 -0500
Subject: [PATCH 5/5] Update index.ts
---
src/api/routes/users/@me/index.ts | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/src/api/routes/users/@me/index.ts b/src/api/routes/users/@me/index.ts
index 2ec6f499..3e7b9caa 100644
--- a/src/api/routes/users/@me/index.ts
+++ b/src/api/routes/users/@me/index.ts
@@ -152,7 +152,10 @@ router.patch(
}
const { maxUsername } = Config.get().limits.user;
- if (check_username.length > maxUsername || check_username.length < 2) {
+ if (
+ check_username.length > maxUsername ||
+ check_username.length < 2
+ ) {
throw FieldErrors({
username: {
code: "BASE_TYPE_BAD_LENGTH",