✨ add `right` option to route()

api/src/middlewares/Authentication.ts

@@ -1,6 +1,6 @@
 import { NextFunction, Request, Response } from "express";
 import { HTTPError } from "lambert-server";
-import { checkToken, Config } from "@fosscord/util";
+import { checkToken, Config, Rights } from "@fosscord/util";
 
 export const NO_AUTHORIZATION_ROUTES = [
 	"/auth/login",
@@ -21,6 +21,7 @@ declare global {
 			user_id: string;
 			user_bot: boolean;
 			token: string;
+			rights: Rights;
 		}
 	}
 }
@@ -46,6 +47,7 @@ export async function Authentication(req: Request, res: Response, next: NextFunc
 		req.token = decoded;
 		req.user_id = decoded.id;
 		req.user_bot = user.bot;
+		req.rights = new Rights(user.rights);
 		return next();
 	} catch (error: any) {
 		return next(new HTTPError(error?.toString(), 400));

api/src/util/route.ts

@@ -1,4 +1,15 @@
-import { DiscordApiErrors, EVENT, Event, EventData, getPermission, PermissionResolvable, Permissions } from "@fosscord/util";
+import {
+	DiscordApiErrors,
+	EVENT,
+	Event,
+	EventData,
+	FosscordApiErrors,
+	getPermission,
+	PermissionResolvable,
+	Permissions,
+	RightResolvable,
+	Rights
+} from "@fosscord/util";
 import { NextFunction, Request, Response } from "express";
 import fs from "fs";
 import path from "path";
@@ -33,6 +44,7 @@ export type RouteResponse = { status?: number; body?: `${string}Response`; heade
 
 export interface RouteOptions {
 	permission?: PermissionResolvable;
+	right?: RightResolvable;
 	body?: `${string}Schema`; // typescript interface name
 	test?: {
 		response?: RouteResponse;
@@ -89,6 +101,13 @@ export function route(opts: RouteOptions) {
 			}
 		}
 
+		if (opts.right) {
+			const required = new Rights(opts.right);
+			if (!req.rights || !req.rights.has(required)) {
+				throw FosscordApiErrors.MISSING_RIGHTS.withParams(opts.right as string);
+			}
+		}
+
 		if (validate) {
 			const valid = validate(normalizeBody(req.body));
 			if (!valid) {

util/src/util/BitField.ts

@@ -143,6 +143,5 @@ export class BitField {
 }
 
 export function BitFlag(x: bigint | number) {
-	if (!x) throw new Error("You need to pass a bitflag");
 	return BigInt(1) << BigInt(x);
 }

util/src/util/Constants.ts

@@ -726,7 +726,9 @@ export const DiscordApiErrors = {
 /**
  * An error encountered while performing an API request (Fosscord only). Here are the potential errors:
  */
-export const FosscordApiErrors = {};
+export const FosscordApiErrors = {
+	MISSING_RIGHTS: new ApiError("You lack rights to perform that action ({})", 50013, undefined, [""]),
+};
 
 /**
  * The value set for a guild's default message notifications, e.g. `ALL`. Here are the available types:

util/src/util/Token.ts

@@ -10,7 +10,10 @@ export function checkToken(token: string, jwtSecret: string): Promise<any> {
 		jwt.verify(token, jwtSecret, JWTOptions, async (err, decoded: any) => {
 			if (err || !decoded) return rej("Invalid Token");
 
-			const user = await User.findOne({ id: decoded.id }, { select: ["data", "bot", "disabled", "deleted"] });
+			const user = await User.findOne(
+				{ id: decoded.id },
+				{ select: ["data", "bot", "disabled", "deleted", "rights"] }
+			);
 			if (!user) return rej("Invalid Token");
 			// we need to round it to seconds as it saved as seconds in jwt iat and valid_tokens_since is stored in milliseconds
 			if (decoded.iat * 1000 < new Date(user.data.valid_tokens_since).setSeconds(0, 0))

util/src/util/index.ts

@@ -12,6 +12,7 @@ export * from "./MessageFlags";
 export * from "./Permissions";
 export * from "./RabbitMQ";
 export * from "./Regex";
+export * from "./Rights";
 export * from "./Snowflake";
 export * from "./String";
 export * from "./Array";