mirror of
https://github.com/spacebarchat/server.git
synced 2024-11-21 18:02:33 +01:00
initial progress for admin api
This commit is contained in:
parent
7e60f8b998
commit
57fb5d7b30
@ -5219,6 +5219,9 @@
|
||||
},
|
||||
"rules_channel_id": {
|
||||
"type": "string"
|
||||
},
|
||||
"owner_id": {
|
||||
"type": "string"
|
||||
}
|
||||
}
|
||||
},
|
||||
@ -5295,6 +5298,9 @@
|
||||
"type": "string",
|
||||
"nullable": true
|
||||
},
|
||||
"owner_id": {
|
||||
"type": "string"
|
||||
},
|
||||
"region": {
|
||||
"type": "string"
|
||||
},
|
||||
@ -7040,6 +7046,12 @@
|
||||
}
|
||||
]
|
||||
},
|
||||
"AdminGuildsResponse": {
|
||||
"type": "array",
|
||||
"items": {
|
||||
"$ref": "#/components/schemas/Guild"
|
||||
}
|
||||
},
|
||||
"BackupCodesChallengeResponse": {
|
||||
"type": "object",
|
||||
"properties": {
|
||||
@ -7859,6 +7871,9 @@
|
||||
},
|
||||
"disabled": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"rights": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"required": [
|
||||
@ -7876,6 +7891,7 @@
|
||||
"premium_usage_flags",
|
||||
"public_flags",
|
||||
"purchased_flags",
|
||||
"rights",
|
||||
"username",
|
||||
"verified"
|
||||
]
|
||||
@ -7982,6 +7998,9 @@
|
||||
},
|
||||
"disabled": {
|
||||
"type": "boolean"
|
||||
},
|
||||
"rights": {
|
||||
"type": "string"
|
||||
}
|
||||
},
|
||||
"required": [
|
||||
@ -7999,6 +8018,7 @@
|
||||
"premium_usage_flags",
|
||||
"public_flags",
|
||||
"purchased_flags",
|
||||
"rights",
|
||||
"username",
|
||||
"verified"
|
||||
]
|
||||
@ -9008,6 +9028,71 @@
|
||||
]
|
||||
}
|
||||
},
|
||||
"/users/": {
|
||||
"get": {
|
||||
"x-right-required": "OPERATOR",
|
||||
"security": [
|
||||
{
|
||||
"bearer": []
|
||||
}
|
||||
],
|
||||
"description": "Get a list of users",
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "",
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
"$ref": "#/components/schemas/AdminUsersResponse"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"400": {
|
||||
"description": "",
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
"$ref": "#/components/schemas/APIErrorResponse"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"parameters": [
|
||||
{
|
||||
"name": "limit",
|
||||
"in": "query",
|
||||
"required": false,
|
||||
"schema": {
|
||||
"type": "number"
|
||||
},
|
||||
"description": "max number of users to return (1-1000). default 100"
|
||||
},
|
||||
{
|
||||
"name": "after",
|
||||
"in": "query",
|
||||
"required": false,
|
||||
"schema": {
|
||||
"type": "number"
|
||||
},
|
||||
"description": "The amount of users to skip"
|
||||
},
|
||||
{
|
||||
"name": "query",
|
||||
"in": "query",
|
||||
"required": false,
|
||||
"schema": {
|
||||
"type": "string"
|
||||
},
|
||||
"description": "The search query"
|
||||
}
|
||||
],
|
||||
"tags": [
|
||||
"users"
|
||||
]
|
||||
}
|
||||
},
|
||||
"/users/@me/settings/": {
|
||||
"get": {
|
||||
"security": [
|
||||
@ -10945,6 +11030,12 @@
|
||||
},
|
||||
"tags": [
|
||||
"scheduled-maintenances"
|
||||
],
|
||||
"x-badges": [
|
||||
{
|
||||
"label": "Spacebar-only",
|
||||
"color": "red"
|
||||
}
|
||||
]
|
||||
}
|
||||
},
|
||||
@ -11577,8 +11668,70 @@
|
||||
}
|
||||
},
|
||||
"/guilds/": {
|
||||
"get": {
|
||||
"x-right-required": "OPERATOR",
|
||||
"security": [
|
||||
{
|
||||
"bearer": []
|
||||
}
|
||||
],
|
||||
"description": "Get a list of guilds",
|
||||
"responses": {
|
||||
"200": {
|
||||
"description": "",
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
"$ref": "#/components/schemas/AdminGuildsResponse"
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"400": {
|
||||
"description": "",
|
||||
"content": {
|
||||
"application/json": {
|
||||
"schema": {
|
||||
"$ref": "#/components/schemas/APIErrorResponse"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
"parameters": [
|
||||
{
|
||||
"name": "limit",
|
||||
"in": "query",
|
||||
"required": false,
|
||||
"schema": {
|
||||
"type": "number"
|
||||
},
|
||||
"description": "max number of guilds to return (1-1000). default 100"
|
||||
},
|
||||
{
|
||||
"name": "after",
|
||||
"in": "query",
|
||||
"required": false,
|
||||
"schema": {
|
||||
"type": "number"
|
||||
},
|
||||
"description": "The amount of guilds to skip"
|
||||
},
|
||||
{
|
||||
"name": "query",
|
||||
"in": "query",
|
||||
"required": false,
|
||||
"schema": {
|
||||
"type": "string"
|
||||
},
|
||||
"description": "The search query"
|
||||
}
|
||||
],
|
||||
"tags": [
|
||||
"guilds"
|
||||
]
|
||||
},
|
||||
"post": {
|
||||
"x-right-required": "CREATE_GUILDS",
|
||||
"security": [
|
||||
{
|
||||
"bearer": []
|
||||
@ -12787,6 +12940,7 @@
|
||||
]
|
||||
},
|
||||
"post": {
|
||||
"x-right-required": "OPERATOR",
|
||||
"x-permission-required": "MANAGE_ROLES",
|
||||
"security": [
|
||||
{
|
||||
@ -12917,6 +13071,7 @@
|
||||
},
|
||||
"/guilds/{guild_id}/roles/{role_id}/members/": {
|
||||
"patch": {
|
||||
"x-right-required": "OPERATOR",
|
||||
"x-permission-required": "MANAGE_ROLES",
|
||||
"security": [
|
||||
{
|
||||
@ -13054,6 +13209,7 @@
|
||||
]
|
||||
},
|
||||
"delete": {
|
||||
"x-right-required": "OPERATOR",
|
||||
"x-permission-required": "MANAGE_ROLES",
|
||||
"security": [
|
||||
{
|
||||
@ -13120,6 +13276,7 @@
|
||||
]
|
||||
},
|
||||
"patch": {
|
||||
"x-right-required": "OPERATOR",
|
||||
"x-permission-required": "MANAGE_ROLES",
|
||||
"security": [
|
||||
{
|
||||
@ -13547,6 +13704,7 @@
|
||||
},
|
||||
"/guilds/{guild_id}/members/{member_id}/roles/{role_id}/": {
|
||||
"delete": {
|
||||
"x-right-required": "OPERATOR",
|
||||
"x-permission-required": "MANAGE_ROLES",
|
||||
"security": [
|
||||
{
|
||||
@ -13602,6 +13760,7 @@
|
||||
]
|
||||
},
|
||||
"put": {
|
||||
"x-right-required": "OPERATOR",
|
||||
"x-permission-required": "MANAGE_ROLES",
|
||||
"security": [
|
||||
{
|
||||
@ -14124,6 +14283,7 @@
|
||||
]
|
||||
},
|
||||
"patch": {
|
||||
"x-right-required": "OPERATOR",
|
||||
"x-permission-required": "MANAGE_GUILD",
|
||||
"security": [
|
||||
{
|
||||
@ -14598,6 +14758,7 @@
|
||||
]
|
||||
},
|
||||
"post": {
|
||||
"x-right-required": "OPERATOR",
|
||||
"x-permission-required": "MANAGE_CHANNELS",
|
||||
"security": [
|
||||
{
|
||||
@ -14662,6 +14823,7 @@
|
||||
]
|
||||
},
|
||||
"patch": {
|
||||
"x-right-required": "OPERATOR",
|
||||
"x-permission-required": "MANAGE_CHANNELS",
|
||||
"security": [
|
||||
{
|
||||
@ -14790,6 +14952,7 @@
|
||||
},
|
||||
"/guilds/{guild_id}/bans/": {
|
||||
"get": {
|
||||
"x-right-required": "OPERATOR",
|
||||
"x-permission-required": "BAN_MEMBERS",
|
||||
"security": [
|
||||
{
|
||||
@ -14836,6 +14999,7 @@
|
||||
},
|
||||
"/guilds/{guild_id}/bans/{user_id}": {
|
||||
"get": {
|
||||
"x-right-required": "OPERATOR",
|
||||
"x-permission-required": "BAN_MEMBERS",
|
||||
"security": [
|
||||
{
|
||||
@ -14899,6 +15063,7 @@
|
||||
]
|
||||
},
|
||||
"put": {
|
||||
"x-right-required": "OPERATOR",
|
||||
"x-permission-required": "BAN_MEMBERS",
|
||||
"security": [
|
||||
{
|
||||
@ -14972,6 +15137,7 @@
|
||||
]
|
||||
},
|
||||
"delete": {
|
||||
"x-right-required": "OPERATOR",
|
||||
"x-permission-required": "BAN_MEMBERS",
|
||||
"security": [
|
||||
{
|
||||
|
4848
assets/schemas.json
4848
assets/schemas.json
File diff suppressed because it is too large
Load Diff
@ -67,6 +67,8 @@ declare global {
|
||||
user_bot: boolean;
|
||||
token: { id: string; iat: number };
|
||||
rights: Rights;
|
||||
has_permission?: boolean;
|
||||
has_right?: boolean;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -38,6 +38,7 @@ router.get(
|
||||
"/",
|
||||
route({
|
||||
permission: "BAN_MEMBERS",
|
||||
right: "OPERATOR",
|
||||
responses: {
|
||||
200: {
|
||||
body: "GuildBansResponse",
|
||||
@ -84,6 +85,7 @@ router.get(
|
||||
"/:user_id",
|
||||
route({
|
||||
permission: "BAN_MEMBERS",
|
||||
right: "OPERATOR",
|
||||
responses: {
|
||||
200: {
|
||||
body: "BanModeratorSchema",
|
||||
@ -120,6 +122,7 @@ router.put(
|
||||
route({
|
||||
requestBody: "BanCreateSchema",
|
||||
permission: "BAN_MEMBERS",
|
||||
right: "OPERATOR",
|
||||
responses: {
|
||||
200: {
|
||||
body: "Ban",
|
||||
@ -185,6 +188,7 @@ router.delete(
|
||||
"/:user_id",
|
||||
route({
|
||||
permission: "BAN_MEMBERS",
|
||||
right: "OPERATOR",
|
||||
responses: {
|
||||
204: {},
|
||||
403: {
|
||||
@ -198,13 +202,12 @@ router.delete(
|
||||
async (req: Request, res: Response) => {
|
||||
const { guild_id, user_id } = req.params;
|
||||
|
||||
await Ban.findOneOrFail({
|
||||
where: { guild_id: guild_id, user_id: user_id },
|
||||
});
|
||||
|
||||
const banned_user = await User.getPublicUser(user_id);
|
||||
|
||||
await Promise.all([
|
||||
Ban.findOneOrFail({
|
||||
where: { guild_id: guild_id, user_id: user_id },
|
||||
}),
|
||||
Ban.delete({
|
||||
user_id: user_id,
|
||||
guild_id,
|
||||
|
@ -59,6 +59,7 @@ router.post(
|
||||
route({
|
||||
requestBody: "ChannelModifySchema",
|
||||
permission: "MANAGE_CHANNELS",
|
||||
right: "OPERATOR",
|
||||
responses: {
|
||||
201: {
|
||||
body: "Channel",
|
||||
@ -95,6 +96,7 @@ router.patch(
|
||||
route({
|
||||
requestBody: "ChannelReorderSchema",
|
||||
permission: "MANAGE_CHANNELS",
|
||||
right: "OPERATOR",
|
||||
responses: {
|
||||
204: {},
|
||||
400: {
|
||||
|
@ -17,7 +17,7 @@
|
||||
*/
|
||||
|
||||
import { route } from "@spacebar/api";
|
||||
import { Guild, GuildDeleteEvent, emitEvent } from "@spacebar/util";
|
||||
import { Guild, GuildDeleteEvent, emitEvent, getRights } from "@spacebar/util";
|
||||
import { Request, Response, Router } from "express";
|
||||
import { HTTPError } from "lambert-server";
|
||||
|
||||
@ -40,12 +40,13 @@ router.post(
|
||||
}),
|
||||
async (req: Request, res: Response) => {
|
||||
const { guild_id } = req.params;
|
||||
const rights = await getRights(req.user_id);
|
||||
|
||||
const guild = await Guild.findOneOrFail({
|
||||
where: { id: guild_id },
|
||||
select: ["owner_id"],
|
||||
});
|
||||
if (guild.owner_id !== req.user_id)
|
||||
if (!rights.has("OPERATOR") || guild.owner_id !== req.user_id)
|
||||
throw new HTTPError("You are not the owner of this guild", 401);
|
||||
|
||||
await Promise.all([
|
||||
|
@ -19,7 +19,6 @@
|
||||
import { route } from "@spacebar/api";
|
||||
import {
|
||||
Channel,
|
||||
DiscordApiErrors,
|
||||
Guild,
|
||||
GuildUpdateEvent,
|
||||
GuildUpdateSchema,
|
||||
@ -27,7 +26,6 @@ import {
|
||||
Permissions,
|
||||
SpacebarApiErrors,
|
||||
emitEvent,
|
||||
getPermission,
|
||||
getRights,
|
||||
handleFile,
|
||||
} from "@spacebar/util";
|
||||
@ -53,12 +51,13 @@ router.get(
|
||||
}),
|
||||
async (req: Request, res: Response) => {
|
||||
const { guild_id } = req.params;
|
||||
const rights = await getRights(req.user_id);
|
||||
|
||||
const [guild, member] = await Promise.all([
|
||||
Guild.findOneOrFail({ where: { id: guild_id } }),
|
||||
Member.findOne({ where: { guild_id: guild_id, id: req.user_id } }),
|
||||
]);
|
||||
if (!member)
|
||||
if (!rights.has("OPERATOR") || !member)
|
||||
throw new HTTPError(
|
||||
"You are not a member of the guild you are trying to access",
|
||||
401,
|
||||
@ -76,6 +75,7 @@ router.patch(
|
||||
route({
|
||||
requestBody: "GuildUpdateSchema",
|
||||
permission: "MANAGE_GUILD",
|
||||
right: "OPERATOR",
|
||||
responses: {
|
||||
200: {
|
||||
body: "GuildCreateResponse",
|
||||
@ -95,14 +95,6 @@ router.patch(
|
||||
const body = req.body as GuildUpdateSchema;
|
||||
const { guild_id } = req.params;
|
||||
|
||||
const rights = await getRights(req.user_id);
|
||||
const permission = await getPermission(req.user_id, guild_id);
|
||||
|
||||
if (!rights.has("MANAGE_GUILDS") && !permission.has("MANAGE_GUILD"))
|
||||
throw DiscordApiErrors.MISSING_PERMISSIONS.withParams(
|
||||
"MANAGE_GUILDS",
|
||||
);
|
||||
|
||||
const guild = await Guild.findOneOrFail({
|
||||
where: { id: guild_id },
|
||||
relations: ["emojis", "roles", "stickers"],
|
||||
|
@ -17,7 +17,12 @@
|
||||
*/
|
||||
|
||||
import { route } from "@spacebar/api";
|
||||
import { getPermission, Member, PermissionResolvable } from "@spacebar/util";
|
||||
import {
|
||||
getPermission,
|
||||
getRights,
|
||||
Member,
|
||||
PermissionResolvable,
|
||||
} from "@spacebar/util";
|
||||
import { Request, Response, Router } from "express";
|
||||
|
||||
const router = Router();
|
||||
@ -38,14 +43,18 @@ router.patch(
|
||||
}),
|
||||
async (req: Request, res: Response) => {
|
||||
const { guild_id } = req.params;
|
||||
const rights = await getRights(req.user_id);
|
||||
let permissionString: PermissionResolvable = "MANAGE_NICKNAMES";
|
||||
const member_id =
|
||||
req.params.member_id === "@me"
|
||||
? ((permissionString = "CHANGE_NICKNAME"), req.user_id)
|
||||
: req.params.member_id;
|
||||
|
||||
const perms = await getPermission(req.user_id, guild_id);
|
||||
perms.hasThrow(permissionString);
|
||||
// admins dont need to be in the guild
|
||||
if (member_id !== "@me" && !rights.has("OPERATOR")) {
|
||||
const perms = await getPermission(req.user_id, guild_id);
|
||||
perms.hasThrow(permissionString);
|
||||
}
|
||||
|
||||
await Member.changeNickname(member_id, guild_id, req.body.nick);
|
||||
res.status(200).send();
|
||||
|
@ -26,6 +26,7 @@ router.delete(
|
||||
"/",
|
||||
route({
|
||||
permission: "MANAGE_ROLES",
|
||||
right: "OPERATOR",
|
||||
responses: {
|
||||
204: {},
|
||||
403: {
|
||||
@ -45,6 +46,7 @@ router.put(
|
||||
"/",
|
||||
route({
|
||||
permission: "MANAGE_ROLES",
|
||||
right: "OPERATOR",
|
||||
responses: {
|
||||
204: {},
|
||||
403: {},
|
||||
|
@ -17,7 +17,7 @@
|
||||
*/
|
||||
|
||||
import { route } from "@spacebar/api";
|
||||
import { Member, PublicMemberProjection } from "@spacebar/util";
|
||||
import { Member, PublicMemberProjection, getRights } from "@spacebar/util";
|
||||
import { Request, Response, Router } from "express";
|
||||
import { HTTPError } from "lambert-server";
|
||||
import { MoreThan } from "typeorm";
|
||||
@ -51,13 +51,15 @@ router.get(
|
||||
}),
|
||||
async (req: Request, res: Response) => {
|
||||
const { guild_id } = req.params;
|
||||
const rights = await getRights(req.user_id);
|
||||
const limit = Number(req.query.limit) || 1;
|
||||
if (limit > 1000 || limit < 1)
|
||||
throw new HTTPError("Limit must be between 1 and 1000");
|
||||
const after = `${req.query.after}`;
|
||||
const query = after ? { id: MoreThan(after) } : {};
|
||||
|
||||
await Member.IsInGuildOrFail(req.user_id, guild_id);
|
||||
if (!rights.has("OPERATOR"))
|
||||
await Member.IsInGuildOrFail(req.user_id, guild_id);
|
||||
|
||||
const members = await Member.find({
|
||||
where: { guild_id, ...query },
|
||||
|
@ -19,7 +19,13 @@
|
||||
/* eslint-disable @typescript-eslint/ban-ts-comment */
|
||||
|
||||
import { route } from "@spacebar/api";
|
||||
import { Channel, FieldErrors, Message, getPermission } from "@spacebar/util";
|
||||
import {
|
||||
Channel,
|
||||
FieldErrors,
|
||||
Message,
|
||||
getPermission,
|
||||
getRights,
|
||||
} from "@spacebar/util";
|
||||
import { Request, Response, Router } from "express";
|
||||
import { HTTPError } from "lambert-server";
|
||||
import { FindManyOptions, In, Like } from "typeorm";
|
||||
@ -53,6 +59,7 @@ router.get(
|
||||
author_id,
|
||||
} = req.query;
|
||||
|
||||
const rights = await getRights(req.user_id);
|
||||
const parsedLimit = Number(limit) || 50;
|
||||
if (parsedLimit < 1 || parsedLimit > 100)
|
||||
throw new HTTPError("limit must be between 1 and 100", 422);
|
||||
@ -75,7 +82,7 @@ router.get(
|
||||
req.params.guild_id,
|
||||
channel_id as string | undefined,
|
||||
);
|
||||
permissions.hasThrow("VIEW_CHANNEL");
|
||||
if (!rights.has("OPERATOR")) permissions.hasThrow("VIEW_CHANNEL");
|
||||
if (!permissions.has("READ_MESSAGE_HISTORY"))
|
||||
return res.json({ messages: [], total_results: 0 });
|
||||
|
||||
@ -120,6 +127,7 @@ router.get(
|
||||
channel.id,
|
||||
);
|
||||
if (
|
||||
!rights.has("OPERATOR") ||
|
||||
!perm.has("VIEW_CHANNEL") ||
|
||||
!perm.has("READ_MESSAGE_HISTORY")
|
||||
)
|
||||
|
@ -19,6 +19,7 @@
|
||||
import { route } from "@spacebar/api";
|
||||
import {
|
||||
emitEvent,
|
||||
getRights,
|
||||
GuildRoleDeleteEvent,
|
||||
GuildRoleUpdateEvent,
|
||||
handleFile,
|
||||
@ -48,7 +49,10 @@ router.get(
|
||||
}),
|
||||
async (req: Request, res: Response) => {
|
||||
const { guild_id, role_id } = req.params;
|
||||
await Member.IsInGuildOrFail(req.user_id, guild_id);
|
||||
const rights = await getRights(req.user_id);
|
||||
// admins dont need to be in the guild
|
||||
if (!rights.has("OPERATOR"))
|
||||
await Member.IsInGuildOrFail(req.user_id, guild_id);
|
||||
const role = await Role.findOneOrFail({
|
||||
where: { guild_id, id: role_id },
|
||||
});
|
||||
@ -59,6 +63,7 @@ router.get(
|
||||
router.delete(
|
||||
"/",
|
||||
route({
|
||||
right: "OPERATOR",
|
||||
permission: "MANAGE_ROLES",
|
||||
responses: {
|
||||
204: {},
|
||||
@ -103,6 +108,7 @@ router.patch(
|
||||
"/",
|
||||
route({
|
||||
requestBody: "RoleModifySchema",
|
||||
right: "OPERATOR",
|
||||
permission: "MANAGE_ROLES",
|
||||
responses: {
|
||||
200: {
|
||||
|
@ -16,15 +16,15 @@
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
import { Router, Request, Response } from "express";
|
||||
import { DiscordApiErrors, Member, partition } from "@spacebar/util";
|
||||
import { route } from "@spacebar/api";
|
||||
import { DiscordApiErrors, Member, partition } from "@spacebar/util";
|
||||
import { Request, Response, Router } from "express";
|
||||
|
||||
const router = Router();
|
||||
|
||||
router.patch(
|
||||
"/",
|
||||
route({ permission: "MANAGE_ROLES" }),
|
||||
route({ permission: "MANAGE_ROLES", right: "OPERATOR" }),
|
||||
async (req: Request, res: Response) => {
|
||||
// Payload is JSON containing a list of member_ids, the new list of members to have the role
|
||||
const { guild_id, role_id } = req.params;
|
||||
|
@ -49,6 +49,7 @@ router.post(
|
||||
route({
|
||||
requestBody: "RoleModifySchema",
|
||||
permission: "MANAGE_ROLES",
|
||||
right: "OPERATOR",
|
||||
responses: {
|
||||
200: {
|
||||
body: "Role",
|
||||
@ -65,11 +66,14 @@ router.post(
|
||||
const guild_id = req.params.guild_id;
|
||||
const body = req.body as RoleModifySchema;
|
||||
|
||||
const role_count = await Role.count({ where: { guild_id } });
|
||||
const { maxRoles } = Config.get().limits.guild;
|
||||
// admins can bypass this
|
||||
if (!req.has_right) {
|
||||
const role_count = await Role.count({ where: { guild_id } });
|
||||
const { maxRoles } = Config.get().limits.guild;
|
||||
|
||||
if (role_count > maxRoles)
|
||||
throw DiscordApiErrors.MAXIMUM_ROLES.withParams(maxRoles);
|
||||
if (role_count > maxRoles)
|
||||
throw DiscordApiErrors.MAXIMUM_ROLES.withParams(maxRoles);
|
||||
}
|
||||
|
||||
const role = Role.create({
|
||||
// values before ...body are default and can be overriden
|
||||
|
@ -16,16 +16,19 @@
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
import { Request, Response, Router } from "express";
|
||||
import { Role, Member } from "@spacebar/util";
|
||||
import { route } from "@spacebar/api";
|
||||
import { Member, Role, getRights } from "@spacebar/util";
|
||||
import { Request, Response, Router } from "express";
|
||||
import {} from "typeorm";
|
||||
|
||||
const router: Router = Router();
|
||||
|
||||
router.get("/", route({}), async (req: Request, res: Response) => {
|
||||
const { guild_id } = req.params;
|
||||
await Member.IsInGuildOrFail(req.user_id, guild_id);
|
||||
const rights = await getRights(req.user_id);
|
||||
// admins dont need to be in the guild
|
||||
if (!rights.has("OPERATOR"))
|
||||
await Member.IsInGuildOrFail(req.user_id, guild_id);
|
||||
|
||||
const role_ids = await Role.find({ where: { guild_id }, select: ["id"] });
|
||||
const counts: { [id: string]: number } = {};
|
||||
|
@ -26,16 +26,71 @@ import {
|
||||
getRights,
|
||||
} from "@spacebar/util";
|
||||
import { Request, Response, Router } from "express";
|
||||
import { HTTPError } from "lambert-server";
|
||||
import { ILike, MoreThan } from "typeorm";
|
||||
|
||||
const router: Router = Router();
|
||||
|
||||
router.get(
|
||||
"/",
|
||||
route({
|
||||
description: "Get a list of guilds",
|
||||
right: "OPERATOR",
|
||||
query: {
|
||||
limit: {
|
||||
description:
|
||||
"max number of guilds to return (1-1000). default 100",
|
||||
type: "number",
|
||||
required: false,
|
||||
},
|
||||
after: {
|
||||
description: "The amount of guilds to skip",
|
||||
type: "number",
|
||||
required: false,
|
||||
},
|
||||
query: {
|
||||
description: "The search query",
|
||||
type: "string",
|
||||
required: false,
|
||||
},
|
||||
},
|
||||
responses: {
|
||||
200: {
|
||||
body: "AdminGuildsResponse",
|
||||
},
|
||||
400: {
|
||||
body: "APIErrorResponse",
|
||||
},
|
||||
},
|
||||
}),
|
||||
async (req: Request, res: Response) => {
|
||||
const { after, query } = req.query as {
|
||||
after?: number;
|
||||
query?: string;
|
||||
};
|
||||
|
||||
const limit = Number(req.query.limit) || 100;
|
||||
if (limit > 1000 || limit < 1)
|
||||
throw new HTTPError("Limit must be between 1 and 1000");
|
||||
|
||||
const guilds = await Guild.find({
|
||||
where: {
|
||||
...(after ? { id: MoreThan(`${after}`) } : {}),
|
||||
...(query ? { name: ILike(`%${query}%`) } : {}),
|
||||
},
|
||||
take: limit,
|
||||
});
|
||||
|
||||
res.send(guilds);
|
||||
},
|
||||
);
|
||||
|
||||
//TODO: create default channel
|
||||
|
||||
router.post(
|
||||
"/",
|
||||
route({
|
||||
requestBody: "GuildCreateSchema",
|
||||
right: "CREATE_GUILDS",
|
||||
responses: {
|
||||
201: {
|
||||
body: "GuildCreateResponse",
|
||||
@ -50,17 +105,31 @@ router.post(
|
||||
}),
|
||||
async (req: Request, res: Response) => {
|
||||
const body = req.body as GuildCreateSchema;
|
||||
const rights = await getRights(req.user_id);
|
||||
if (!rights.has("CREATE_GUILDS") && !rights.has("OPERATOR")) {
|
||||
throw new HTTPError(
|
||||
`You are missing the following rights CREATE_GUILDS or OPERATOR`,
|
||||
403,
|
||||
);
|
||||
}
|
||||
|
||||
const { maxGuilds } = Config.get().limits.user;
|
||||
const guild_count = await Member.count({ where: { id: req.user_id } });
|
||||
const rights = await getRights(req.user_id);
|
||||
if (guild_count >= maxGuilds && !rights.has("MANAGE_GUILDS")) {
|
||||
// allow admins to bypass guild limits
|
||||
if (guild_count >= maxGuilds && !rights.has("OPERATOR")) {
|
||||
throw DiscordApiErrors.MAXIMUM_GUILDS.withParams(maxGuilds);
|
||||
}
|
||||
|
||||
let owner_id = req.user_id;
|
||||
|
||||
// only admins can do this, is ignored otherwise
|
||||
if (body.owner_id && rights.has("OPERATOR")) {
|
||||
owner_id = body.owner_id;
|
||||
}
|
||||
|
||||
const guild = await Guild.createGuild({
|
||||
...body,
|
||||
owner_id: req.user_id,
|
||||
owner_id,
|
||||
});
|
||||
|
||||
const { autoJoin } = Config.get().guild;
|
||||
|
@ -17,7 +17,7 @@
|
||||
*/
|
||||
|
||||
import { route } from "@spacebar/api";
|
||||
import { User } from "@spacebar/util";
|
||||
import { User, getRights } from "@spacebar/util";
|
||||
import { Request, Response, Router } from "express";
|
||||
|
||||
const router: Router = Router();
|
||||
@ -33,8 +33,15 @@ router.get(
|
||||
}),
|
||||
async (req: Request, res: Response) => {
|
||||
const { id } = req.params;
|
||||
const rights = await getRights(req.user_id);
|
||||
|
||||
res.json(await User.getPublicUser(id));
|
||||
const user = await User.findOneOrFail({ where: { id } });
|
||||
|
||||
res.json(
|
||||
rights.has("OPERATOR")
|
||||
? await user.toPrivateUser()
|
||||
: await user.toPublicUser(),
|
||||
);
|
||||
},
|
||||
);
|
||||
|
||||
|
82
src/api/routes/users/index.ts
Normal file
82
src/api/routes/users/index.ts
Normal file
@ -0,0 +1,82 @@
|
||||
/*
|
||||
Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
|
||||
Copyright (C) 2023 Spacebar and Spacebar Contributors
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU Affero General Public License as published
|
||||
by the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
import { route } from "@spacebar/api";
|
||||
import { PrivateUserProjection, User } from "@spacebar/util";
|
||||
import { Request, Response, Router } from "express";
|
||||
import { HTTPError } from "lambert-server";
|
||||
import { ILike, MoreThan } from "typeorm";
|
||||
const router = Router();
|
||||
|
||||
router.get(
|
||||
"/",
|
||||
route({
|
||||
right: "OPERATOR",
|
||||
description: "Get a list of users",
|
||||
query: {
|
||||
limit: {
|
||||
description:
|
||||
"max number of users to return (1-1000). default 100",
|
||||
type: "number",
|
||||
required: false,
|
||||
},
|
||||
after: {
|
||||
description: "The amount of users to skip",
|
||||
type: "number",
|
||||
required: false,
|
||||
},
|
||||
query: {
|
||||
description: "The search query",
|
||||
type: "string",
|
||||
required: false,
|
||||
},
|
||||
},
|
||||
responses: {
|
||||
200: {
|
||||
body: "AdminUsersResponse",
|
||||
},
|
||||
400: {
|
||||
body: "APIErrorResponse",
|
||||
},
|
||||
},
|
||||
}),
|
||||
async (req: Request, res: Response) => {
|
||||
const { after, query } = req.query as {
|
||||
after?: number;
|
||||
query?: string;
|
||||
};
|
||||
|
||||
const limit = Number(req.query.limit) || 100;
|
||||
if (limit > 1000 || limit < 1)
|
||||
throw new HTTPError("Limit must be between 1 and 1000");
|
||||
|
||||
const users = await User.find({
|
||||
where: {
|
||||
...(after ? { id: MoreThan(`${after}`) } : {}),
|
||||
...(query ? { username: ILike(`%${query}%`) } : {}),
|
||||
},
|
||||
take: limit,
|
||||
select: PrivateUserProjection,
|
||||
order: { id: "ASC" },
|
||||
});
|
||||
|
||||
res.send(users);
|
||||
},
|
||||
);
|
||||
|
||||
export default router;
|
@ -89,7 +89,7 @@ export function route(opts: RouteOptions) {
|
||||
}
|
||||
|
||||
return async (req: Request, res: Response, next: NextFunction) => {
|
||||
if (opts.permission) {
|
||||
if (opts.permission && !opts.right) {
|
||||
req.permission = await getPermission(
|
||||
req.user_id,
|
||||
req.params.guild_id,
|
||||
@ -118,6 +118,7 @@ export function route(opts: RouteOptions) {
|
||||
opts.right as string,
|
||||
);
|
||||
}
|
||||
req.has_right = true;
|
||||
}
|
||||
|
||||
if (validate) {
|
||||
|
@ -66,6 +66,7 @@ export enum PrivateUserEnum {
|
||||
purchased_flags,
|
||||
premium_usage_flags,
|
||||
disabled,
|
||||
rights,
|
||||
// settings, // now a relation
|
||||
// locale
|
||||
}
|
||||
|
@ -28,4 +28,5 @@ export interface GuildCreateSchema {
|
||||
channels?: ChannelModifySchema[];
|
||||
system_channel_id?: string;
|
||||
rules_channel_id?: string;
|
||||
owner_id?: string; // used by admins to create a guild for someone else
|
||||
}
|
||||
|
21
src/util/schemas/responses/AdminGuildsResponse.ts
Normal file
21
src/util/schemas/responses/AdminGuildsResponse.ts
Normal file
@ -0,0 +1,21 @@
|
||||
/*
|
||||
Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
|
||||
Copyright (C) 2023 Spacebar and Spacebar Contributors
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU Affero General Public License as published
|
||||
by the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
import { Guild } from "../../entities";
|
||||
|
||||
export type AdminGuildsResponse = Guild[];
|
@ -18,6 +18,7 @@
|
||||
|
||||
export * from "./APIErrorOrCaptchaResponse";
|
||||
export * from "./APIErrorResponse";
|
||||
export * from "./AdminGuildsResponse";
|
||||
export * from "./BackupCodesChallengeResponse";
|
||||
export * from "./CaptchaRequiredResponse";
|
||||
export * from "./DiscoverableGuildsResponse";
|
||||
|
Loading…
Reference in New Issue
Block a user