Spacebar/server
1
0
Fork 0
mirror of https://github.com/spacebarchat/server.git synced 2024-11-11 13:14:06 +01:00
Code Issues Releases Activity

add isMember check for get member routes

Browse Source
This commit is contained in:
Flam3rboy 2021-05-08 14:14:35 +02:00
parent f167ceae91
commit 536d6e8018
2 changed files with 46 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/routes/guilds/#guild_id/members.ts
View File

@ -1,8 +1,16 @@
import { Request, Response, Router } from "express"; import { Request, Response, Router } from "express";
import { GuildModel, MemberModel, UserModel, toObject, GuildMemberAddEvent, getPermission, PermissionResolvable } from "@fosscord/server-util"; import {
GuildModel,
MemberModel,
UserModel,
toObject,
GuildMemberAddEvent,
getPermission,
PermissionResolvable,
} from "@fosscord/server-util";
import { HTTPError } from "lambert-server"; import { HTTPError } from "lambert-server";
import { instanceOf, Length, check } from "../../../util/instanceOf"; import { instanceOf, Length, check } from "../../../util/instanceOf";
import { PublicMemberProjection, addMember, removeMember, addRole, removeRole, changeNickname } from "../../../util/Member"; import { PublicMemberProjection, addMember, removeMember, addRole, removeRole, changeNickname, isMember } from "../../../util/Member";
import { emitEvent } from "../../../util/Event"; import { emitEvent } from "../../../util/Event";
import { MemberNickChangeSchema } from "../../../schema/Member"; import { MemberNickChangeSchema } from "../../../schema/Member";
import { getPublicUser } from "../../../util/User"; import { getPublicUser } from "../../../util/User";
@ -15,6 +23,7 @@ router.get("/", async (req: Request, res: Response) => {
const { guild_id } = req.params; const { guild_id } = req.params;
const guild = await GuildModel.findOne({ id: guild_id }).exec(); const guild = await GuildModel.findOne({ id: guild_id }).exec();
if (!guild) throw new HTTPError("Guild not found", 404); if (!guild) throw new HTTPError("Guild not found", 404);
await isMember(req.user_id, guild_id);
try { try {
instanceOf({ $limit: new Length(Number, 1, 1000), $after: String }, req.query, { instanceOf({ $limit: new Length(Number, 1, 1000), $after: String }, req.query, {
@ -40,6 +49,7 @@ router.get("/", async (req: Request, res: Response) => {
router.get("/:member_id", async (req: Request, res: Response) => { router.get("/:member_id", async (req: Request, res: Response) => {
const { guild_id, member_id } = req.params; const { guild_id, member_id } = req.params;
await isMember(req.user_id, guild_id);
const member = await MemberModel.findOne({ id: member_id, guild_id }).exec(); const member = await MemberModel.findOne({ id: member_id, guild_id }).exec();
if (!member) throw new HTTPError("Member not found", 404); if (!member) throw new HTTPError("Member not found", 404);
@ -54,7 +64,6 @@ router.put("/:member_id", async (req: Request, res: Response) => {
res.sendStatus(204) res.sendStatus(204)
}); });
router.delete("/:member_id", async (req: Request, res: Response) => { router.delete("/:member_id", async (req: Request, res: Response) => {
const { guild_id, member_id } = req.params; const { guild_id, member_id } = req.params;
@ -84,8 +93,8 @@ router.put("/:member_id/roles/:role_id", async (req: Request, res: Response) =>
router.patch("/:member_id/nick", check(MemberNickChangeSchema), async (req: Request, res: Response) => { router.patch("/:member_id/nick", check(MemberNickChangeSchema), async (req: Request, res: Response) => {
var { guild_id, member_id } = req.params; var { guild_id, member_id } = req.params;
var permissionString:PermissionResolvable = "MANAGE_NICKNAMES"; var permissionString: PermissionResolvable = "MANAGE_NICKNAMES";
if(member_id === "@me") { if (member_id === "@me") {
member_id = req.user_id; member_id = req.user_id;
permissionString = "CHANGE_NICKNAME"; permissionString = "CHANGE_NICKNAME";
} }
@ -97,5 +106,4 @@ router.patch("/:member_id/nick", check(MemberNickChangeSchema), async (req: Requ
res.status(204); res.status(204);
}); });
export default router; export default router;

49
src/util/Member.ts
View File

@ -28,6 +28,12 @@ export const PublicMemberProjection = {
premium_since: true, premium_since: true,
}; };
export async function isMember(user_id: string, guild_id: string) {
const exists = await MemberModel.exists({ id: user_id, guild_id });
if (!exists) throw new HTTPError("You are not a member of this guild", 403);
return exists;
}
export async function addMember(user_id: string, guild_id: string, cache?: { guild?: Guild }) { export async function addMember(user_id: string, guild_id: string, cache?: { guild?: Guild }) {
const user = await getPublicUser(user_id, { guilds: true }); const user = await getPublicUser(user_id, { guilds: true });
@ -95,7 +101,7 @@ export async function removeMember(user_id: string, guild_id: string) {
const guild = await GuildModel.findOne({ id: guild_id }, { owner_id: true }).exec(); const guild = await GuildModel.findOne({ id: guild_id }, { owner_id: true }).exec();
if (!guild) throw new HTTPError("Guild not found", 404); if (!guild) throw new HTTPError("Guild not found", 404);
if (guild.owner_id === user_id) throw new Error("The owner cannot be removed of the guild"); if (guild.owner_id === user_id) throw new Error("The owner cannot be removed of the guild");
if (!(await MemberModel.exists({ id: user.id, guild_id }))) throw new HTTPError("You are not member of this guild", 404); if (!(await MemberModel.exists({ id: user.id, guild_id }))) throw new HTTPError("Is not member of this guild", 404);
// use promise all to execute all promises at the same time -> save time // use promise all to execute all promises at the same time -> save time
return Promise.all([ return Promise.all([
@ -130,24 +136,25 @@ export async function addRole(user_id: string, guild_id: string, role_id: string
const role = await RoleModel.findOne({ id: role_id, guild_id: guild_id }).exec(); const role = await RoleModel.findOne({ id: role_id, guild_id: guild_id }).exec();
if (!role) throw new HTTPError("role not found", 404); if (!role) throw new HTTPError("role not found", 404);
var memberObj = await MemberModel.findOneAndUpdate({ var memberObj = await MemberModel.findOneAndUpdate(
{
id: user_id, id: user_id,
guild_id: guild_id, guild_id: guild_id,
}, { $push: { roles: role_id } }).exec(); },
{ $push: { roles: role_id } }
).exec();
if(!memberObj) throw new HTTPError("Member not found", 404); if (!memberObj) throw new HTTPError("Member not found", 404);
await emitEvent({ await emitEvent({
event: "GUILD_MEMBER_UPDATE", event: "GUILD_MEMBER_UPDATE",
data: { data: {
guild_id: guild_id, guild_id: guild_id,
user: user, user: user,
roles: memberObj.roles roles: memberObj.roles,
}, },
guild_id: guild_id, guild_id: guild_id,
} as GuildMemberUpdateEvent); } as GuildMemberUpdateEvent);
} }
export async function removeRole(user_id: string, guild_id: string, role_id: string) { export async function removeRole(user_id: string, guild_id: string, role_id: string) {
@ -156,47 +163,47 @@ export async function removeRole(user_id: string, guild_id: string, role_id: str
const role = await RoleModel.findOne({ id: role_id, guild_id: guild_id }).exec(); const role = await RoleModel.findOne({ id: role_id, guild_id: guild_id }).exec();
if (!role) throw new HTTPError("role not found", 404); if (!role) throw new HTTPError("role not found", 404);
var memberObj = await MemberModel.findOneAndUpdate({ var memberObj = await MemberModel.findOneAndUpdate(
{
id: user_id, id: user_id,
guild_id: guild_id, guild_id: guild_id,
}, { $pull: { roles: role_id } }).exec(); },
{ $pull: { roles: role_id } }
).exec();
if(!memberObj) throw new HTTPError("Member not found", 404); if (!memberObj) throw new HTTPError("Member not found", 404);
await emitEvent({ await emitEvent({
event: "GUILD_MEMBER_UPDATE", event: "GUILD_MEMBER_UPDATE",
data: { data: {
guild_id: guild_id, guild_id: guild_id,
user: user, user: user,
roles: memberObj.roles roles: memberObj.roles,
}, },
guild_id: guild_id, guild_id: guild_id,
} as GuildMemberUpdateEvent); } as GuildMemberUpdateEvent);
} }
export async function changeNickname(user_id: string, guild_id: string, nickname: string) { export async function changeNickname(user_id: string, guild_id: string, nickname: string) {
const user = await getPublicUser(user_id); const user = await getPublicUser(user_id);
var memberObj = await MemberModel.findOneAndUpdate({ var memberObj = await MemberModel.findOneAndUpdate(
{
id: user_id, id: user_id,
guild_id: guild_id, guild_id: guild_id,
}, { nick: nickname } ).exec(); },
{ nick: nickname }
).exec();
if(!memberObj) throw new HTTPError("Member not found", 404); if (!memberObj) throw new HTTPError("Member not found", 404);
await emitEvent({ await emitEvent({
event: "GUILD_MEMBER_UPDATE", event: "GUILD_MEMBER_UPDATE",
data: { data: {
guild_id: guild_id, guild_id: guild_id,
user: user, user: user,
nick: nickname nick: nickname,
}, },
guild_id: guild_id, guild_id: guild_id,
} as GuildMemberUpdateEvent); } as GuildMemberUpdateEvent);
} }