From 2be07d2f7375c991644b9debd49c4bb7bf42e821 Mon Sep 17 00:00:00 2001
From: Flam3rboy <34555296+Flam3rboy@users.noreply.github.com>
Date: Wed, 23 Jun 2021 19:23:41 +0200
Subject: [PATCH] :sparkles: empty messages check + allowed mentions

---
 src/middlewares/ErrorHandler.ts                   |  2 ++
 src/routes/channels/#channel_id/messages/index.ts | 10 +++++++---
 src/routes/channels/#channel_id/permissions.ts    |  2 +-
 src/schema/Message.ts                             | 14 ++++++++++++--
 src/util/Message.ts                               | 14 ++++++++++----
 5 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/src/middlewares/ErrorHandler.ts b/src/middlewares/ErrorHandler.ts
index 25a68865..2e6b1d8b 100644
--- a/src/middlewares/ErrorHandler.ts
+++ b/src/middlewares/ErrorHandler.ts
@@ -22,6 +22,8 @@ export function ErrorHandler(error: Error, req: Request, res: Response, next: Ne
 			code = httpcode = 500;
 		}
 
+		if (httpcode > 511) httpcode = 400;
+
 		res.status(httpcode).json({ code: code, message, errors });
 
 		return;
diff --git a/src/routes/channels/#channel_id/messages/index.ts b/src/routes/channels/#channel_id/messages/index.ts
index b42a886b..5f1f6c54 100644
--- a/src/routes/channels/#channel_id/messages/index.ts
+++ b/src/routes/channels/#channel_id/messages/index.ts
@@ -99,13 +99,16 @@ const messageUpload = multer({
 // https://discord.com/developers/docs/resources/channel#create-message
 // TODO: text channel slowdown
 // TODO: trim and replace message content and every embed field
+// TODO: check allowed_mentions
 
 // Send message
-router.post("/", check(MessageCreateSchema), messageUpload.single("file"), async (req: Request, res: Response) => {
+router.post("/", messageUpload.single("file"), async (req: Request, res: Response) => {
 	const { channel_id } = req.params;
 	var body = req.body as MessageCreateSchema;
 	const attachments: Attachment[] = [];
 
+	console.log(body);
+
 	if (req.file) {
 		try {
 			const file = await uploadFile(`/attachments/${channel_id}`, req.file);
@@ -117,10 +120,11 @@ router.post("/", check(MessageCreateSchema), messageUpload.single("file"), async
 
 	if (body.payload_json) {
 		body = JSON.parse(body.payload_json);
-		const errors = instanceOf(MessageCreateSchema, body, { req });
-		if (errors !== true) throw errors;
 	}
 
+	const errors = instanceOf(MessageCreateSchema, body, { req });
+	if (errors !== true) throw errors;
+
 	const embeds = [];
 	if (body.embed) embeds.push(body.embed);
 	const data = await sendMessage({ ...body, type: 0, pinned: false, author_id: req.user_id, embeds, channel_id, attachments });
diff --git a/src/routes/channels/#channel_id/permissions.ts b/src/routes/channels/#channel_id/permissions.ts
index 3993c424..43e61821 100644
--- a/src/routes/channels/#channel_id/permissions.ts
+++ b/src/routes/channels/#channel_id/permissions.ts
@@ -21,7 +21,7 @@ router.put("/:overwrite_id", check({ allow: String, deny: String, type: Number,
 		if (!(await RoleModel.exists({ id: overwrite_id }))) throw new HTTPError("role not found", 404);
 	} else if (body.type === 1) {
 		if (!(await MemberModel.exists({ id: overwrite_id }))) throw new HTTPError("user not found", 404);
-	} else throw new HTTPError("type not supported");
+	} else throw new HTTPError("type not supported", 501);
 
 	// @ts-ignore
 	var overwrite: ChannelPermissionOverwrite = channel.permission_overwrites.find((x) => x.id === overwrite_id);
diff --git a/src/schema/Message.ts b/src/schema/Message.ts
index b2e4b1f7..8423d706 100644
--- a/src/schema/Message.ts
+++ b/src/schema/Message.ts
@@ -43,7 +43,12 @@ export const MessageCreateSchema = {
 			25
 		)
 	},
-	$allowed_mentions: [],
+	$allowed_mentions: {
+		$parse: [String],
+		$roles: [String],
+		$users: [String],
+		$replied_user: Boolean
+	},
 	$message_reference: {
 		message_id: String,
 		channel_id: String,
@@ -60,7 +65,12 @@ export interface MessageCreateSchema {
 	tts?: boolean;
 	flags?: bigint;
 	embed?: Embed & { timestamp?: string };
-	allowed_mentions?: [];
+	allowed_mentions?: {
+		parse?: string[];
+		roles?: string[];
+		users?: string[];
+		replied_user?: boolean;
+	};
 	message_reference?: {
 		message_id: string;
 		channel_id: string;
diff --git a/src/util/Message.ts b/src/util/Message.ts
index 9b928031..40367d8f 100644
--- a/src/util/Message.ts
+++ b/src/util/Message.ts
@@ -8,6 +8,7 @@ import { HTTPError } from "lambert-server";
 import fetch from "node-fetch";
 import cheerio from "cheerio";
 import { emitEvent } from "./Event";
+import { MessageType } from "@fosscord/server-util/dist/util/Constants";
 // TODO: check webhook, application, system author
 
 const LINK_REGEX = /https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*)/g;
@@ -34,11 +35,14 @@ export async function handleMessage(opts: Partial<Message>) {
 	if (opts.message_reference) {
 		permissions.hasThrow("READ_MESSAGE_HISTORY");
 		if (opts.message_reference.guild_id !== channel.guild_id) throw new HTTPError("You can only reference messages from this guild");
-	}
-
-	if (opts.message_reference) {
 		if (opts.message_reference.channel_id !== opts.channel_id) throw new HTTPError("You can only reference messages from this channel");
 		// TODO: should be checked if the referenced message exists?
+		// @ts-ignore
+		opts.type = MessageType.REPLY;
+	}
+
+	if (!opts.content && !opts.embeds?.length) {
+		throw new HTTPError("Empty messages are not allowed", 50006);
 	}
 
 	// TODO: check and put it all in the body
@@ -114,7 +118,9 @@ export async function postHandleMessage(message: Message) {
 export async function sendMessage(opts: Partial<Message>) {
 	const message = await handleMessage({ ...opts, id: Snowflake.generate(), timestamp: new Date() });
 
-	const data = toObject(await new MessageModel(message).populate({ path: "member", select: PublicMemberProjection }).save());
+	const data = toObject(
+		await new MessageModel(message).populate({ path: "member", select: PublicMemberProjection }).populate("referenced_message").save()
+	);
 
 	await emitEvent({ event: "MESSAGE_CREATE", channel_id: opts.channel_id, data, guild_id: message.guild_id } as MessageCreateEvent);