diff --git a/docs/setup/server/configuration/index.md b/docs/setup/server/configuration/index.md index 3e33b5d..d60735e 100644 --- a/docs/setup/server/configuration/index.md +++ b/docs/setup/server/configuration/index.md @@ -19,126 +19,140 @@ Arrays are represented by \_[number] in a config key. For example, multiple `gui ## Available Configuration Options -| key | default | type | description | -| -------------------------------------------------- | -------------------------------------------------------- | ---------------------- | --------------------------------------------------------------------- | -| gateway_endpointClient | null | string | Injected into index.html if available | -| gateway_endpointPrivate | null | string | Used for internal communication with gateway | -| gateway_endpointPublic | null | string | Publicly announced gateway endpoint | -| cdn_endpointClient | null | string | See gateway_endpointClient | -| cdn_endpointPrivate | http://localhost:3001 | string | See gateway_endpointPrivate | -| cdn_endpointPublic | http://localhost:3001 | string | See gateway_endpointPublic | -| cdn_resizeHeightMax | 1000 | number | Maximum image resize height for embeds. | -| cdn_resizeWidthMax | 1000 | number | Maximum image resize width for embeds. | -| [cdn_imagorServerUrl](imagor.md) | null | string | Imagor instance endpoint for external image resizing. | -| api_defaultVersion | 9 | string | API version to use when not specified | -| api_activeVersions_0 | 6, 7, 8, 9 | string[] | Allowed API version numbers. [Array](#array-types). | -| general_instanceName | Fosscord Instance | string | Announced instance name | -| general_instanceDescription | This is a Fosscord instance made in the pre-release days | string | Announced instance description | -| general_frontPage | null | string | Announced instance front page | -| general_tosPage | null | string | Announced instance TOS page | -| general_correspondenceEmail | null | string | Announced instance correspondence email | -| general_correspondenceUserID | null | string | Announced instance correspondence ID (from this instance) | -| general_image | null | string | Announced instance image URL | -| general_instanceId | Snowflake of instance creation date | Snowflake | Announced instance ID | -| limits_user_maxGuilds | 1048576 | number | Maxmimum guilds a user can join | -| limits_user_maxUsername | 127 | number | Maximum username length | -| limits_user_maxFriends | 5000 | number | Maximum number of friends per user | -| limits_guild_maxRoles | 1000 | number | Maximum number of roles in a guild | -| limits_guild_maxEmojis | 2000 | number | Maximum number of emojis in a guild | -| limits_guild_maxMembers | 25000000 | number | Maximum number of members in a guild | -| limits_guild_maxChannels | 65535 | number | Maximum number of channels in a guild | -| limits_guild_maxChannelsInCategory | 65535 | number | Maximum number of channels per category in a guild | -| limits_message_maxCharacters | 1048576 | number | Maximum character count per message | -| limits_message_maxTTSCharacters | 160 | number | Maximum character count per text to speech messages | -| limits_message_maxReactions | 2048 | number | Maximum number of reactions per message | -| limits_message_maxAttachmentSize | 1073741824 | number | Maximum total attachment size per message | -| limits_message_maxBulkDelete | 1000 | number | Maximum number of messages deletable through bulk delete | -| limits_message_maxEmbedDownloadSize | 5242880 | number | Maximum download size of external embeddable content | -| limits_channel_maxPins | 500 | number | Maximum number of pins per channel | -| limits_channel_maxTopic | 1024 | number | Maximum channel topic character length | -| limits_channel_maxWebhooks | 100 | number | Maximum number of webhooks per channel | -| limits_rate_enabled | true | boolean | Whether rate limits are enabled | -| limits_rate_ip_count | 500 | number | Allowed number of requests per IP within window | -| limits_rate_ip_window | 5 | number | IP rate limit window, in seconds | -| limits_rate_global_count | 250 | number | Allowed number of requests globally within window | -| limits_rate_global_window | 5 | number | Global rate limit window, in seconds | -| limits_rate_error_count | 10 | number | Number of allowed errors per user within window | -| limits_rate_error_window | 5 | number | User error rate limit window, in seconds | -| limits_rate_routes_guild_count | 5 | number | Allowed number of /guild\* requests per user within window | -| limits_rate_routes_guild_window | 5 | number | User /guild\* rate limit window, in seconds | -| limits_rate_routes_webhook_count | 10 | number | Allowed number of /webhooks\* requests per user within window | -| limits_rate_routes_webhook_window | 5 | number | User /webhooks\* rate limit window, in seconds | -| limits_rate_routes_channel_count | 10 | number | Allowed number of /channel\* requests per user within window | -| limits_rate_routes_channel_window | 5 | number | User /channel\* rate limit window, in seconds | -| limits_rate_routes_auth_login_count | 5 | number | Allowed number of IP /login requests within window | -| limits_rate_routes_auth_login_window | 60 | number | IP /login rate limit window, in seconds | -| limits_rate_routes_auth_register_count | 2 | number | Allowed number of IP /register requests within window | -| limits_rate_routes_auth_register_window | 43200 | number | IP /register rate limit window, in seconds | -| limits_absoluteRate_register_limit | 25 | number | Absolute number of registrations instance-wide per window | -| limits_absoluteRate_register_window | 3600000 | number | Global /register rate limit window, in seconds | -| limits_absoluteRate_register_enabled | true | boolean | Whether absolute register rate limits are enabled | -| limits_absoluteRate_sendMessage_limit | 200 | number | Absolute number of messages instance-wide per window | -| limits_absoluteRate_sendMessage_window | 60000 | number | Global sendMessage window, in seconds | -| limits_absoluteRate_sendMessage_enabled | true | boolean | Whether absolute message sending rate limits are enabled | -| [security_captcha_enabled](../security/captcha.md) | false | boolean | Whether to enable captchas for login/register | -| security_captcha_service | null | "recaptcha"/"hcaptcha" | Which captcha service to use | -| security_captcha_sitekey | null | string | Captcha service sitekey | -| security_captcha_secret | null | string | Captcha service secret | -| security_twoFactor_generateBackupCodes | true | boolean | Whether to generate backup codes for MFA users | -| security_requestSignature | Secret secret | string | The signature required for CDN or [Imagor](imagor.md) usage | -| security_jwtSecret | Secure secret | string | The secret used for user token generation | -| [security_forwadedFor](../reverseProxy.md) | null | string | HTTP header for user's real IP. | -| security_ipdataApiKey | Fosscord IPdata key | string | API key used for IP geolocation and proxy detection | -| security_mfaBackupCodeCount | 10 | number | Number of MFA backup codes to generate | -| security_statsWorldReadable | true | boolean | Whether instance stats are publically accessible or require right | -| security_defaultRegistrationTokenExpiration | 604800000 | number | Seconds for [registration tokens](../security/regTokens.md) to expire | -| login_requireCaptcha | false | boolean | Whether login requires captcha verification | -| register_email_required | false | boolean | Whether an email is required for registration | -| register_email_allowlist | false | boolean | Whether `register_email_domains` is an allowlist | -| register_email_blocklist | true | boolean | Whether `register_email_domains` is a blocklist | -| register_email_domains | [] | string[] | The email domains list to use as a block/allow list | -| register_dateOfBirth_required | true | boolean | Whether a date of birth is required for registration | -| register_dateOfBirth_minimum | 13 | number | The minimum age of registration | -| register_password_required | false | boolean | Whether a password is required for registration | -| register_password_minLength | 8 | number | Minimum password length | -| register_password_minNumbers | 2 | number | Minimum number of number characters in passwords | -| register_password_minUpperCase | 2 | number | Minimum number of uppercase characters in passwords | -| register_password_minSymbols | 0 | number | Minimum number of symbols in passwords | -| register_disabled | false | boolean | Whether registration is disabled | -| register_requireCaptcha | true | boolean | Whether registration requires captcha verification | -| register_requireInvite | false | boolean | Whether registration requires a guild invite | -| register_guestsRequireInvite | true | boolean | Whether guests accounts require a guild invite | -| register_allowMultipleAccounts | true | boolean | Allow multiple accounts with the same client fingerprint | -| register_blockProxies | true | boolean | Whether proxies are blocked from registration | -| register_incrementingDiscriminators | false | boolean | Whether discriminators are random or incrementing | -| [register_defaultRights](../security/rights.md) | 30644591655940 | string | The rights assigned to users _upon registration_ | -| regions_default | fosscord | string | The default voice region to use | -| regions_useDefaultAsOptimal | true | boolean | Whether to calculate closest or use default as optimal voice region | -| regions_available_0_id | fosscord | string[] | The available voice region IDs | -| regions_available_0_name | Fosscord | string[] | The available voice region names | -| regions_available_0_endpoint | 127.0.0.1:3004 | string[] | The available voice region endpoint URLs | -| regions_available_0_vip | false | boolean[] | Whether this voice region is VIP exclusive | -| regions_available_0_custom | false | boolean[] | Whether this is a custom voice region (used for events/etc) | -| regions_available_0_deprecated | false | boolean[] | Whether this is a deprecated voice region (clients avoid these) | -| guild_discovery_showAllGuilds | false | boolean | Whether guild discovery should show all guilds | -| guild_discovery_limit | 24 | number | Maximum number of guild discovery elements per page | -| guild_autoJoin_enabled | true | boolean | Whether users auto join guild(s) on registration | -| guild_autoJoin_canLeave | true | boolean | Whether users can leave the auto-joined guild(s) | -| [guild_defaultFeatures_0](guildFeatures.md) | null | string | Features automatically granted to guilds upon creation | -| gif_enabled | true | boolean | Whether GIF features are enabled | -| gif_provider | tenor | "tenor" | Which GIF service to use | -| gif_apiKey | LIVDSRZULELA | string | GIF service API key | -| [rabbitmq_host](rabbitmq.md) | null | string | RabbitMQ connection string | -| templates_enabled | true | boolean | Whether guild templates are enabled | -| templates_allowTemplateCreation | true | boolean | Whether new guild templates can be created | -| templates_allowDiscordTemplates | true | boolean | Whether guild templates from Discord.com can be fetched | -| [templates_allowRaws](/concepts/guildTemplates.md) | true | boolean | Whether raw guild templates are allowed | -| client_useTestClient | false | boolean | Whether the Discord.com test client is enabled | -| sentry_enabled | false | boolean | Whether server-side Sentry analytics is enabled | -| sentry_endpoint | Fosscord sentry endpoint | string | Sentry endpoint | -| sentry_traceSampleRate | 1 | number | Sentry sample rate (1 means all requests) | -| sentry_environment | System hostname | string | Sentry environment name | -| defaults_user_premium | false | boolean | Whether users are given premium upon registration | -| defaults_user_premium_type | 2 | number | The premium type given to users upon registration | -| defaults_user_verified | true | boolean | Whether users get verified email upon registration | -| [external_twitter](embeds.md) | null | string | Twitter API key used for Twitter embeds | +| key | default | type | description | +| -------------------------------------------------- | -------------------------------------------------------- | ---------------------------------------- | --------------------------------------------------------------------- | +| gateway_endpointClient | null | string | Injected into index.html if available | +| gateway_endpointPrivate | null | string | Used for internal communication with gateway | +| gateway_endpointPublic | null | string | Publicly announced gateway endpoint | +| cdn_endpointClient | null | string | See gateway_endpointClient | +| cdn_endpointPrivate | http://localhost:3001 | string | See gateway_endpointPrivate | +| cdn_endpointPublic | http://localhost:3001 | string | See gateway_endpointPublic | +| cdn_resizeHeightMax | 1000 | number | Maximum image resize height for embeds. | +| cdn_resizeWidthMax | 1000 | number | Maximum image resize width for embeds. | +| [cdn_imagorServerUrl](imagor.md) | null | string | Imagor instance endpoint for external image resizing. | +| api_defaultVersion | 9 | string | API version to use when not specified | +| api_activeVersions_0 | 6, 7, 8, 9 | string[] | Allowed API version numbers. [Array](#array-types). | +| api_endpointPublic | "/api" | string | See gateway_endpointPublic | +| general_instanceName | Fosscord Instance | string | Announced instance name | +| general_instanceDescription | This is a Fosscord instance made in the pre-release days | string | Announced instance description | +| general_frontPage | null | string | Announced instance front page | +| general_tosPage | null | string | Announced instance TOS page | +| general_correspondenceEmail | null | string | Announced instance correspondence email | +| general_correspondenceUserID | null | string | Announced instance correspondence ID (from this instance) | +| general_image | null | string | Announced instance image URL | +| general_instanceId | Snowflake of instance creation date | Snowflake | Announced instance ID | +| limits_user_maxGuilds | 1048576 | number | Maxmimum guilds a user can join | +| limits_user_maxUsername | 127 | number | Maximum username length | +| limits_user_maxFriends | 5000 | number | Maximum number of friends per user | +| limits_guild_maxRoles | 1000 | number | Maximum number of roles in a guild | +| limits_guild_maxEmojis | 2000 | number | Maximum number of emojis in a guild | +| limits_guild_maxMembers | 25000000 | number | Maximum number of members in a guild | +| limits_guild_maxChannels | 65535 | number | Maximum number of channels in a guild | +| limits_guild_maxChannelsInCategory | 65535 | number | Maximum number of channels per category in a guild | +| limits_message_maxCharacters | 1048576 | number | Maximum character count per message | +| limits_message_maxTTSCharacters | 160 | number | Maximum character count per text to speech messages | +| limits_message_maxReactions | 2048 | number | Maximum number of reactions per message | +| limits_message_maxAttachmentSize | 1073741824 | number | Maximum total attachment size per message | +| limits_message_maxBulkDelete | 1000 | number | Maximum number of messages deletable through bulk delete | +| limits_message_maxEmbedDownloadSize | 5242880 | number | Maximum download size of external embeddable content | +| limits_channel_maxPins | 500 | number | Maximum number of pins per channel | +| limits_channel_maxTopic | 1024 | number | Maximum channel topic character length | +| limits_channel_maxWebhooks | 100 | number | Maximum number of webhooks per channel | +| limits_rate_enabled | true | boolean | Whether rate limits are enabled | +| limits_rate_ip_count | 500 | number | Allowed number of requests per IP within window | +| limits_rate_ip_window | 5 | number | IP rate limit window, in seconds | +| limits_rate_global_count | 250 | number | Allowed number of requests globally within window | +| limits_rate_global_window | 5 | number | Global rate limit window, in seconds | +| limits_rate_error_count | 10 | number | Number of allowed errors per user within window | +| limits_rate_error_window | 5 | number | User error rate limit window, in seconds | +| limits_rate_routes_guild_count | 5 | number | Allowed number of /guild\* requests per user within window | +| limits_rate_routes_guild_window | 5 | number | User /guild\* rate limit window, in seconds | +| limits_rate_routes_webhook_count | 10 | number | Allowed number of /webhooks\* requests per user within window | +| limits_rate_routes_webhook_window | 5 | number | User /webhooks\* rate limit window, in seconds | +| limits_rate_routes_channel_count | 10 | number | Allowed number of /channel\* requests per user within window | +| limits_rate_routes_channel_window | 5 | number | User /channel\* rate limit window, in seconds | +| limits_rate_routes_auth_login_count | 5 | number | Allowed number of IP /login requests within window | +| limits_rate_routes_auth_login_window | 60 | number | IP /login rate limit window, in seconds | +| limits_rate_routes_auth_register_count | 2 | number | Allowed number of IP /register requests within window | +| limits_rate_routes_auth_register_window | 43200 | number | IP /register rate limit window, in seconds | +| limits_absoluteRate_register_limit | 25 | number | Absolute number of registrations instance-wide per window | +| limits_absoluteRate_register_window | 3600000 | number | Global /register rate limit window, in seconds | +| limits_absoluteRate_register_enabled | true | boolean | Whether absolute register rate limits are enabled | +| limits_absoluteRate_sendMessage_limit | 200 | number | Absolute number of messages instance-wide per window | +| limits_absoluteRate_sendMessage_window | 60000 | number | Global sendMessage window, in seconds | +| limits_absoluteRate_sendMessage_enabled | true | boolean | Whether absolute message sending rate limits are enabled | +| [security_captcha_enabled](../security/captcha.md) | false | boolean | Whether to enable captchas for login/register | +| security_captcha_service | null | "recaptcha"/"hcaptcha" | Which captcha service to use | +| security_captcha_sitekey | null | string | Captcha service sitekey | +| security_captcha_secret | null | string | Captcha service secret | +| security_twoFactor_generateBackupCodes | true | boolean | Whether to generate backup codes for MFA users | +| security_requestSignature | Secret secret | string | The signature required for CDN or [Imagor](imagor.md) usage | +| security_jwtSecret | Secure secret | string | The secret used for user token generation | +| [security_forwadedFor](../reverseProxy.md) | null | string | HTTP header for user's real IP. | +| security_ipdataApiKey | Fosscord IPdata key | string | API key used for IP geolocation and proxy detection | +| security_mfaBackupCodeCount | 10 | number | Number of MFA backup codes to generate | +| security_statsWorldReadable | true | boolean | Whether instance stats are publically accessible or require right | +| security_defaultRegistrationTokenExpiration | 604800000 | number | Seconds for [registration tokens](../security/regTokens.md) to expire | +| login_requireCaptcha | false | boolean | Whether login requires captcha verification | +| login_requireVerification | false | boolean | Whether login requires email verification | +| register_email_required | false | boolean | Whether an email is required for registration | +| register_email_allowlist | false | boolean | Whether `register_email_domains` is an allowlist | +| register_email_blocklist | true | boolean | Whether `register_email_domains` is a blocklist | +| register_email_domains | [] | string[] | The email domains list to use as a block/allow list | +| register_dateOfBirth_required | true | boolean | Whether a date of birth is required for registration | +| register_dateOfBirth_minimum | 13 | number | The minimum age of registration | +| register_password_required | false | boolean | Whether a password is required for registration | +| register_password_minLength | 8 | number | Minimum password length | +| register_password_minNumbers | 2 | number | Minimum number of number characters in passwords | +| register_password_minUpperCase | 2 | number | Minimum number of uppercase characters in passwords | +| register_password_minSymbols | 0 | number | Minimum number of symbols in passwords | +| register_disabled | false | boolean | Whether registration is disabled | +| register_requireCaptcha | true | boolean | Whether registration requires captcha verification | +| register_requireInvite | false | boolean | Whether registration requires a guild invite | +| register_guestsRequireInvite | true | boolean | Whether guests accounts require a guild invite | +| register_allowMultipleAccounts | true | boolean | Allow multiple accounts with the same client fingerprint | +| register_blockProxies | true | boolean | Whether proxies are blocked from registration | +| register_incrementingDiscriminators | false | boolean | Whether discriminators are random or incrementing | +| [register_defaultRights](../security/rights.md) | 875069521787904 | string | The rights assigned to users _upon registration_ | +| regions_default | fosscord | string | The default voice region to use | +| regions_useDefaultAsOptimal | true | boolean | Whether to calculate closest or use default as optimal voice region | +| regions_available_0_id | fosscord | string[] | The available voice region IDs | +| regions_available_0_name | Fosscord | string[] | The available voice region names | +| regions_available_0_endpoint | 127.0.0.1:3004 | string[] | The available voice region endpoint URLs | +| regions_available_0_vip | false | boolean[] | Whether this voice region is VIP exclusive | +| regions_available_0_custom | false | boolean[] | Whether this is a custom voice region (used for events/etc) | +| regions_available_0_deprecated | false | boolean[] | Whether this is a deprecated voice region (clients avoid these) | +| guild_discovery_showAllGuilds | false | boolean | Whether guild discovery should show all guilds | +| guild_discovery_limit | 24 | number | Maximum number of guild discovery elements per page | +| guild_autoJoin_enabled | true | boolean | Whether users auto join guild(s) on registration | +| guild_autoJoin_canLeave | true | boolean | Whether users can leave the auto-joined guild(s) | +| [guild_defaultFeatures_0](guildFeatures.md) | null | string | Features automatically granted to guilds upon creation | +| gif_enabled | true | boolean | Whether GIF features are enabled | +| gif_provider | tenor | "tenor" | Which GIF service to use | +| gif_apiKey | LIVDSRZULELA | string | GIF service API key | +| [rabbitmq_host](rabbitmq.md) | null | string | RabbitMQ connection string | +| templates_enabled | true | boolean | Whether guild templates are enabled | +| templates_allowTemplateCreation | true | boolean | Whether new guild templates can be created | +| templates_allowDiscordTemplates | true | boolean | Whether guild templates from Discord.com can be fetched | +| [templates_allowRaws](/concepts/guildTemplates.md) | true | boolean | Whether raw guild templates are allowed | +| client_useTestClient | false | boolean | Whether the Discord.com test client is enabled | +| sentry_enabled | false | boolean | Whether server-side Sentry analytics is enabled | +| sentry_endpoint | Fosscord sentry endpoint | string | Sentry endpoint | +| sentry_traceSampleRate | 1 | number | Sentry sample rate (1 means all requests) | +| sentry_environment | System hostname | string | Sentry environment name | +| defaults_user_premium | false | boolean | Whether users are given premium upon registration | +| defaults_user_premium_type | 2 | number | The premium type given to users upon registration | +| defaults_user_verified | true | boolean | Whether users get verified email upon registration | +| [external_twitter](embeds.md) | null | string | Twitter API key used for Twitter embeds | +| [email_provider](../email.md) | null | "smtp", "mailgun", "mailjet", "sendgrid" | Which email transport to use | +| email_smtp_host | null | string | SMTP Host for sending email | +| email_smtp_port | null | number | SMTP port | +| email_smtp_secure | null | boolean | Use TLS for SMTP | +| email_smtp_username | null | string | SMTP username | +| email_smtp_password | null | string | SMTP password | +| email_mailgun_apiKey | null | string | Mailgun API key | +| email_mailgun_domain | null | string | Mailgun domain | +| email_mailjet_apiKey | null | string | Mailjet API key | +| email_mailjey_apiSecret | null | string | Mailjet API secret | +| email_sendgrid_apiKey | null | string | Sendgrid API key | +| passwordReset_requireCaptcha | false | boolean | Require captcha to send password reset email | diff --git a/docs/setup/server/email.md b/docs/setup/server/email.md new file mode 100644 index 0000000..c154a60 --- /dev/null +++ b/docs/setup/server/email.md @@ -0,0 +1,83 @@ +# Email + +Fosscord can be configured to send email, to enable the following functionality: + +- Email verification +- Password resets +- Password change notifications + +Fosscord supports the following email transports: + +- SMTP +- [Mailjet](https://www.mailjet.com/) +- [Mailgun](https://www.mailgun.com/) +- [Sendgrid](https://sendgrid.com/) + +Once you have an account with one of the above services, or an SMTP service, you can begin configuring Fosscord to send mail. + +!!! note + + By default users are automatically verified. To change this, update the `defaults_user_verified` [config](configuration/index.md) value to `false`. + + Additionally, if you would like users to be forced to verify their email before using the service, set the `login_requireVerification` config to `true`. + + Lastly, you may force users to pass a CAPTCHA before requesting a password reset by setting `passwordReset_requireCaptcha` to `true` + +!!! warning + + The `general_frontPage` [config](configuration/index.md) value is used to generate verification/password reset links. + Be sure to set it to the Fosscord web app URL. For example, `https://staging.fosscord.com` + +## Email Config + +=== "SMTP" + + | key | type | description | + | ------------------- | ------- | --------------------------- | + | email_smtp_host | string | SMTP Host for sending email | + | email_smtp_port | number | SMTP port | + | email_smtp_secure | boolean | Use TLS for SMTP | + | email_smtp_username | string | SMTP username | + | email_smtp_password | string | SMTP password | + +=== "Mailgun" + + | key | type | description | + | -------------------- | ------ | --------------- | + | email_mailgun_apiKey | string | Mailgun API key | + | email_mailgun_domain | string | Mailgun domain | + +=== "Mailjet" + + | key | type | description | + | ----------------------- | ------ | ------------------ | + | email_mailjet_apiKey | string | Mailjet API key | + | email_mailjey_apiSecret | string | Mailjet API secret | + +=== "Sendgrid" + + | key | type | description | + | --------------------- | ------ | ---------------- | + | email_sendgrid_apiKey | string | Sendgrid API key | + +## Email templates + +Fosscord's email templates are stored in [`fosscord-server/assets/email_templates`](https://github.com/fosscord/fosscord-server/tree/master/assets/email_templates). +They are simple HTML files, which you may edit freely. Although HTML mail is very restricted, so a lot of content may not render properly. + +Below are the available strings replaced in mail templates. + +| string | replaced with | +| ------------------------ | --------------------------------------------------------- | +| `{instanceName}` | `general_instanceName` config value | +| `{userUsername}` | The username of the user this email is being sent to | +| `{userDiscriminator}` | The discriminator of the user this email is being sent to | +| `{userId}` | The ID of the user this email is being sent to | +| `{phoneNumber}` | The last 4 digits of the user's phone number. | +| `{userEmail}` | The user's email address | +| `{emailVerificationUrl}` | The generated email verification URL | +| `{passwordResetUrl}` | The generated password reset URL | +| `{ipAddress}` | The IP address that requested this email | +| `{locationCity}` | The GeoIP city that requested this email | +| `{locationRegion}` | The GeoIP region that requested this email | +| `{locationCountryName}` | The GeoIP country that requested this email | diff --git a/docs/setup/server/security/rights.md b/docs/setup/server/security/rights.md index 5d46892..3505889 100644 --- a/docs/setup/server/security/rights.md +++ b/docs/setup/server/security/rights.md @@ -38,56 +38,57 @@ Operator rights currently grants access to the following, in addition to all rig ## Available rights -| Right | Value | When enabled | -| ------------------------- | ------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | -| `OPERATOR` | 1 << 0 | All rights | -| `MANAGE_APPLICATIONS` | 1 << 1 | Ability to alter or remove others' applications | -| `MANAGE_GUILDS` | 1 << 2 | Same as the per-guild `MANAGE_GUILD` permission, but applies to all guilds and DM channels, can join any guild without invite | -| `MANAGE_MESSAGES` | 1 << 3 | Can delete or edit any message they can read | -| `MANAGE_RATE_LIMITS` | 1 << 4 | Add, change, define rate limits of other users, can also grant others `BYPASS_RATE_LIMITS` when combined with `BYPASS_RATE_LIMITS` and `MANAGE_USERS` | -| `MANAGE_ROUTING` | 1 << 5 | Create, alter, enable, disable custom message routing rules in any channel/guild | -| `MANAGE_TICKETS` | 1 << 6 | Respond to or resolve other users' support tickets | -| `MANAGE_USERS` | 1 << 7 | Create, alter, remove, ban users; create, modify, remove user groups | -| `ADD_MEMBERS` | 1 << 8 | Can manually add members into their guilds and group DMs | -| `BYPASS_RATE_LIMITS` | 1 << 9 | Makes the user exempt from all rate limits | -| `CREATE_APPLICATIONS` | 1 << 10 | Can create, edit, remove own applications | -| `CREATE_CHANNELS` | 1 << 11 | Can create guild channels and custom channels | -| `CREATE_DMS` | 1 << 12 | Can create 1:1 DMs (a user without `SEND_MESSAGES` cannot be added however) | -| `CREATE_DM_GROUPS` | 1 << 13 | Can create group DMs (a user without `SEND_MESSAGES` cannot be added however) | -| `CREATE_GUILDS` | 1 << 14 | Can create guilds | -| `CREATE_INVITES` | 1 << 15 | Can create mass invites in the guilds that they have `CREATE_INSTANT_INVITE` | -| `CREATE_ROLES` | 1 << 16 | Can create roles and per-guild or per-channel permission overrides in the guilds that they have permissions | -| `CREATE_TEMPLATES` | 1 << 17 | Can create templates for guilds, custom channels and channels with custom routing | -| `CREATE_WEBHOOKS` | 1 << 18 | Can create webhooks in the guilds that they have permissions | -| `JOIN_GUILDS` | 1 << 19 | Can join guilds by using invites or vanity names | -| `PIN_MESSAGES` | 1 << 20 | Can modify the pinned messages in the guilds that they have permission | -| `SELF_ADD_REACTIONS` | 1 << 21 | Can react to messages, subject to permissions | -| `SELF_DELETE_MESSAGES` | 1 << 22 | Can delete own messages | -| `SELF_EDIT_MESSAGES` | 1 << 23 | Can edit own messages | -| `SELF_EDIT_NAME` | 1 << 24 | Can edit own username, nickname and avatar | -| `SEND_MESSAGES` | 1 << 25 | Can send messages in the channels that they have permissions | -| `USE_ACTIVITIES` | 1 << 26 | Can use voice activities, such as watch together or whiteboard | -| `USE_VIDEO` | 1 << 27 | Can use video and screenshare in guilds/channels that they have permissions | -| `USE_VOICE` | 1 << 28 | Can use voice in guilds/channels that they have permissions | -| `INVITE_USERS` | 1 << 29 | Can create user-specific invites in guilds that they have `INVITE_USERS` | -| `SELF_DELETE_DISABLE` | 1 << 30 | Can delete/disable own account | -| `DEBTABLE` | 1 << 31 | Can use pay-to-use features once paid | -| `CREDITABLE` | 1 << 32 | Can earn money using monetization features in guilds that have `MONETIZATION_ENABLED` | -| `KICK_BAN_MEMBERS` | 1 << 33 | Can kick or ban guild or group DM members in the guilds/groups that they have KICK_MEMBERS, or BAN_MEMBERS | -| `SELF_LEAVE_GROUPS` | 1 << 34 | Can leave the guilds or group DMs that they joined on their own (one can always leave a guild or group DMs they have been force-added) | -| `PRESENCE` | 1 << 35 | Inverts the presence confidentiality default (OPERATOR's presence is not routed by default, others' are) for a given user | -| `SELF_ADD_DISCOVERABLE` | 1 << 36 | Can mark discoverable guilds that they have permissions to mark as discoverable | -| `MANAGE_GUILD_DIRECTORY` | 1 << 37 | Can change anything in the primary guild directory | -| `POGGERS` | 1 << 38 | Can send confetti, screenshake, random user mention (@someone) | -| `USE_ACHIEVEMENTS` | 1 << 39 | Can use achievements and cheers | -| `INITIATE_INTERACTIONS` | 1 << 40 | Can initiate interactions | -| `RESPOND_TO_INTERACTIONS` | 1 << 41 | Can respond to interactions | -| `SEND_BACKDATED_EVENTS` | 1 << 42 | Can send backdated events | -| `USE_MASS_INVITES` | 1 << 43 | Can accept mass (guild) invites | -| `ACCEPT_INVITES` | 1 << 44 | Can accept user-specific invites and DM requests | -| `SELF_EDIT_FLAGS` | 1 << 45 | Can modify own flags | -| `EDIT_FLAGS` | 1 << 46 | Can modify other's flags | -| `MANAGE_GROUPS` | 1 << 47 | Can manage other's groups | -| `VIEW_SERVER_STATS` | 1 << 48 | Can view server stats /api/policies/stats | +| Right | Value | When enabled | +| --------------------------- | ------- | ----------------------------------------------------------------------------------------------------------------------------------------------------- | +| `OPERATOR` | 1 << 0 | All rights | +| `MANAGE_APPLICATIONS` | 1 << 1 | Ability to alter or remove others' applications | +| `MANAGE_GUILDS` | 1 << 2 | Same as the per-guild `MANAGE_GUILD` permission, but applies to all guilds and DM channels, can join any guild without invite | +| `MANAGE_MESSAGES` | 1 << 3 | Can delete or edit any message they can read | +| `MANAGE_RATE_LIMITS` | 1 << 4 | Add, change, define rate limits of other users, can also grant others `BYPASS_RATE_LIMITS` when combined with `BYPASS_RATE_LIMITS` and `MANAGE_USERS` | +| `MANAGE_ROUTING` | 1 << 5 | Create, alter, enable, disable custom message routing rules in any channel/guild | +| `MANAGE_TICKETS` | 1 << 6 | Respond to or resolve other users' support tickets | +| `MANAGE_USERS` | 1 << 7 | Create, alter, remove, ban users; create, modify, remove user groups | +| `ADD_MEMBERS` | 1 << 8 | Can manually add members into their guilds and group DMs | +| `BYPASS_RATE_LIMITS` | 1 << 9 | Makes the user exempt from all rate limits | +| `CREATE_APPLICATIONS` | 1 << 10 | Can create, edit, remove own applications | +| `CREATE_CHANNELS` | 1 << 11 | Can create guild channels and custom channels | +| `CREATE_DMS` | 1 << 12 | Can create 1:1 DMs (a user without `SEND_MESSAGES` cannot be added however) | +| `CREATE_DM_GROUPS` | 1 << 13 | Can create group DMs (a user without `SEND_MESSAGES` cannot be added however) | +| `CREATE_GUILDS` | 1 << 14 | Can create guilds | +| `CREATE_INVITES` | 1 << 15 | Can create mass invites in the guilds that they have `CREATE_INSTANT_INVITE` | +| `CREATE_ROLES` | 1 << 16 | Can create roles and per-guild or per-channel permission overrides in the guilds that they have permissions | +| `CREATE_TEMPLATES` | 1 << 17 | Can create templates for guilds, custom channels and channels with custom routing | +| `CREATE_WEBHOOKS` | 1 << 18 | Can create webhooks in the guilds that they have permissions | +| `JOIN_GUILDS` | 1 << 19 | Can join guilds by using invites or vanity names | +| `PIN_MESSAGES` | 1 << 20 | Can modify the pinned messages in the guilds that they have permission | +| `SELF_ADD_REACTIONS` | 1 << 21 | Can react to messages, subject to permissions | +| `SELF_DELETE_MESSAGES` | 1 << 22 | Can delete own messages | +| `SELF_EDIT_MESSAGES` | 1 << 23 | Can edit own messages | +| `SELF_EDIT_NAME` | 1 << 24 | Can edit own username, nickname and avatar | +| `SEND_MESSAGES` | 1 << 25 | Can send messages in the channels that they have permissions | +| `USE_ACTIVITIES` | 1 << 26 | Can use voice activities, such as watch together or whiteboard | +| `USE_VIDEO` | 1 << 27 | Can use video and screenshare in guilds/channels that they have permissions | +| `USE_VOICE` | 1 << 28 | Can use voice in guilds/channels that they have permissions | +| `INVITE_USERS` | 1 << 29 | Can create user-specific invites in guilds that they have `INVITE_USERS` | +| `SELF_DELETE_DISABLE` | 1 << 30 | Can delete/disable own account | +| `DEBTABLE` | 1 << 31 | Can use pay-to-use features once paid | +| `CREDITABLE` | 1 << 32 | Can earn money using monetization features in guilds that have `MONETIZATION_ENABLED` | +| `KICK_BAN_MEMBERS` | 1 << 33 | Can kick or ban guild or group DM members in the guilds/groups that they have KICK_MEMBERS, or BAN_MEMBERS | +| `SELF_LEAVE_GROUPS` | 1 << 34 | Can leave the guilds or group DMs that they joined on their own (one can always leave a guild or group DMs they have been force-added) | +| `PRESENCE` | 1 << 35 | Inverts the presence confidentiality default (OPERATOR's presence is not routed by default, others' are) for a given user | +| `SELF_ADD_DISCOVERABLE` | 1 << 36 | Can mark discoverable guilds that they have permissions to mark as discoverable | +| `MANAGE_GUILD_DIRECTORY` | 1 << 37 | Can change anything in the primary guild directory | +| `POGGERS` | 1 << 38 | Can send confetti, screenshake, random user mention (@someone) | +| `USE_ACHIEVEMENTS` | 1 << 39 | Can use achievements and cheers | +| `INITIATE_INTERACTIONS` | 1 << 40 | Can initiate interactions | +| `RESPOND_TO_INTERACTIONS` | 1 << 41 | Can respond to interactions | +| `SEND_BACKDATED_EVENTS` | 1 << 42 | Can send backdated events | +| `USE_MASS_INVITES` | 1 << 43 | Can accept mass (guild) invites | +| `ACCEPT_INVITES` | 1 << 44 | Can accept user-specific invites and DM requests | +| `SELF_EDIT_FLAGS` | 1 << 45 | Can modify own flags | +| `EDIT_FLAGS` | 1 << 46 | Can modify other's flags | +| `MANAGE_GROUPS` | 1 << 47 | Can manage other's groups | +| `VIEW_SERVER_STATS` | 1 << 48 | Can view server stats /api/policies/stats | +| `RESEND_VERIFICATION_EMAIL` | 1 << 49 | Can resend verification [emails](../email.md) (`/auth/verify/resend`) |