Spacebar/server
1
0
Fork 0
mirror of https://github.com/spacebarchat/server.git synced 2024-11-25 11:43:07 +01:00
Code Issues Releases Activity

Add Bulk Ban endpoint

Browse Source 
- /:guild_id/bulk-ban endpoint
- Support multiple required permissions for endpoints (untested as I don't know where those are set)
- New API error BULK_BAN_FAILED
This commit is contained in:
TomatoCake 2024-06-05 06:27:39 +02:00
parent 631788537c
commit 92dea0e89c
7 changed files with 5054 additions and 64037 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

749
assets/openapi.json
View File

@ -61,109 +61,208 @@
"read_states" "read_states"
] ]
}, },
"DiagnosticsChannel.Response": { "ConnectedAccountCommonOAuthTokenResponse": {
"type": "object", "type": "object",
"properties": { "properties": {
"statusCode": { "access_token": {
"type": "integer"
},
"statusText": {
"type": "string" "type": "string"
}, },
"headers": { "token_type": {
"type": "array", "type": "string"
"items": { },
"type": "object", "scope": {
"additionalProperties": false, "type": "string"
"patternProperties": { },
"^[0-9]+$": { "refresh_token": {
"type": "integer" "type": "string"
} },
} "expires_in": {
} "type": "integer"
} }
}, },
"required": [ "required": [
"headers", "access_token",
"statusCode", "scope",
"statusText" "token_type"
] ]
}, },
"Headers": { "ApplicationAuthorizeSchema": {
"type": "object", "type": "object",
"properties": { "properties": {
"append": { "authorize": {
"type": "object", "type": "boolean"
"additionalProperties": false
}, },
"delete": { "guild_id": {
"type": "object", "type": "string"
"additionalProperties": false
}, },
"get": { "permissions": {
"type": "object", "type": "string"
"additionalProperties": false
}, },
"has": { "captcha_key": {
"type": "object", "type": "string"
"additionalProperties": false
}, },
"set": { "code": {
"type": "object", "type": "string"
"additionalProperties": false
},
"getSetCookie": {
"type": "object",
"additionalProperties": false
},
"forEach": {
"description": "Performs the specified action for each element in an array.",
"type": "object",
"additionalProperties": false
},
"keys": {
"description": "Returns an array consisting of the keys of the object",
"type": "object",
"additionalProperties": false
},
"values": {
"type": "object",
"additionalProperties": false
},
"entries": {
"description": "Returns an array consisting of the key value pairs of the object",
"type": "object",
"additionalProperties": false
},
"__@iterator": {
"type": "object",
"additionalProperties": false
} }
}, },
"required": [ "required": [
"__@iterator", "authorize",
"append", "guild_id",
"delete", "permissions"
"entries",
"forEach",
"get",
"getSetCookie",
"has",
"keys",
"set",
"values"
] ]
}, },
"ResponseType": { "ApplicationCreateSchema": {
"enum": [ "type": "object",
"basic", "properties": {
"cors", "name": {
"default", "type": "string"
"error", },
"opaque", "team_id": {
"opaqueredirect" "type": [
], "string",
"type": "string" "integer"
]
}
},
"required": [
"name"
]
},
"ApplicationModifySchema": {
"type": "object",
"properties": {
"description": {
"type": "string"
},
"icon": {
"type": "string"
},
"interactions_endpoint_url": {
"type": "string"
},
"max_participants": {
"type": "integer",
"nullable": true
},
"name": {
"type": "string"
},
"privacy_policy_url": {
"type": "string"
},
"role_connections_verification_url": {
"type": "string"
},
"tags": {
"type": "array",
"items": {
"type": "string"
}
},
"terms_of_service_url": {
"type": "string"
},
"bot_public": {
"type": "boolean"
},
"bot_require_code_grant": {
"type": "boolean"
},
"flags": {
"type": "integer"
}
}
},
"BackupCodesChallengeSchema": {
"type": "object",
"properties": {
"password": {
"type": "string"
}
},
"required": [
"password"
]
},
"BanCreateSchema": {
"type": "object",
"properties": {
"delete_message_seconds": {
"type": "string"
},
"delete_message_days": {
"type": "string"
},
"reason": {
"type": "string"
}
}
},
"BanModeratorSchema": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"user_id": {
"type": "string"
},
"guild_id": {
"type": "string"
},
"executor_id": {
"type": "string"
},
"reason": {
"type": "string"
}
},
"required": [
"executor_id",
"guild_id",
"id",
"user_id"
]
},
"BanRegistrySchema": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"user_id": {
"type": "string"
},
"guild_id": {
"type": "string"
},
"executor_id": {
"type": "string"
},
"ip": {
"type": "string"
},
"reason": {
"type": "string"
}
},
"required": [
"executor_id",
"guild_id",
"id",
"user_id"
]
},
"BotModifySchema": {
"type": "object",
"properties": {
"avatar": {
"type": "string"
},
"username": {
"type": "string"
}
}
}, },
"ChannelPermissionOverwriteType": { "ChannelPermissionOverwriteType": {
"enum": [ "enum": [
@ -3543,14 +3642,14 @@
"APIGuild": { "APIGuild": {
"type": "object", "type": "object",
"properties": { "properties": {
"name": {
"type": "string"
},
"reload": { "reload": {
"description": "Reloads entity data from the database.", "description": "Reloads entity data from the database.",
"type": "object", "type": "object",
"additionalProperties": false "additionalProperties": false
}, },
"name": {
"type": "string"
},
"id": { "id": {
"type": "string" "type": "string"
}, },
@ -4263,372 +4362,6 @@
"webauthn" "webauthn"
] ]
}, },
"_Response": {
"type": "object",
"properties": {
"headers": {
"$ref": "#/components/schemas/Headers"
},
"ok": {
"type": "boolean"
},
"status": {
"type": "integer"
},
"statusText": {
"type": "string"
},
"type": {
"$ref": "#/components/schemas/ResponseType"
},
"url": {
"type": "string"
},
"redirected": {
"type": "boolean"
},
"body": {
"anyOf": [
{
"$ref": "#/components/schemas/ReadableStream<any>"
},
{
"type": "null"
}
]
},
"bodyUsed": {
"type": "boolean"
},
"arrayBuffer": {
"type": "object",
"additionalProperties": false
},
"blob": {
"type": "object",
"additionalProperties": false
},
"formData": {
"type": "object",
"additionalProperties": false
},
"json": {
"type": "object",
"additionalProperties": false
},
"text": {
"type": "object",
"additionalProperties": false
},
"clone": {
"type": "object",
"additionalProperties": false
}
},
"required": [
"arrayBuffer",
"blob",
"body",
"bodyUsed",
"clone",
"formData",
"headers",
"json",
"ok",
"redirected",
"status",
"statusText",
"text",
"type",
"url"
]
},
"global.Response": {
"type": "object",
"properties": {
"headers": {
"$ref": "#/components/schemas/Headers"
},
"ok": {
"type": "boolean"
},
"status": {
"type": "integer"
},
"statusText": {
"type": "string"
},
"type": {
"$ref": "#/components/schemas/ResponseType"
},
"url": {
"type": "string"
},
"redirected": {
"type": "boolean"
},
"body": {
"anyOf": [
{
"$ref": "#/components/schemas/ReadableStream<any>"
},
{
"type": "null"
}
]
},
"bodyUsed": {
"type": "boolean"
},
"arrayBuffer": {
"type": "object",
"additionalProperties": false
},
"blob": {
"type": "object",
"additionalProperties": false
},
"formData": {
"type": "object",
"additionalProperties": false
},
"json": {
"type": "object",
"additionalProperties": false
},
"text": {
"type": "object",
"additionalProperties": false
},
"clone": {
"type": "object",
"additionalProperties": false
}
},
"required": [
"arrayBuffer",
"blob",
"body",
"bodyUsed",
"clone",
"formData",
"headers",
"json",
"ok",
"redirected",
"status",
"statusText",
"text",
"type",
"url"
]
},
"ConnectedAccountCommonOAuthTokenResponse": {
"type": "object",
"properties": {
"access_token": {
"type": "string"
},
"token_type": {
"type": "string"
},
"scope": {
"type": "string"
},
"refresh_token": {
"type": "string"
},
"expires_in": {
"type": "integer"
}
},
"required": [
"access_token",
"scope",
"token_type"
]
},
"ExpressResponse": {
"type": "object"
},
"ApplicationAuthorizeSchema": {
"type": "object",
"properties": {
"authorize": {
"type": "boolean"
},
"guild_id": {
"type": "string"
},
"permissions": {
"type": "string"
},
"captcha_key": {
"type": "string"
},
"code": {
"type": "string"
}
},
"required": [
"authorize",
"guild_id",
"permissions"
]
},
"ApplicationCreateSchema": {
"type": "object",
"properties": {
"name": {
"type": "string"
},
"team_id": {
"type": [
"string",
"integer"
]
}
},
"required": [
"name"
]
},
"ApplicationModifySchema": {
"type": "object",
"properties": {
"description": {
"type": "string"
},
"icon": {
"type": "string"
},
"interactions_endpoint_url": {
"type": "string"
},
"max_participants": {
"type": "integer",
"nullable": true
},
"name": {
"type": "string"
},
"privacy_policy_url": {
"type": "string"
},
"role_connections_verification_url": {
"type": "string"
},
"tags": {
"type": "array",
"items": {
"type": "string"
}
},
"terms_of_service_url": {
"type": "string"
},
"bot_public": {
"type": "boolean"
},
"bot_require_code_grant": {
"type": "boolean"
},
"flags": {
"type": "integer"
}
}
},
"BackupCodesChallengeSchema": {
"type": "object",
"properties": {
"password": {
"type": "string"
}
},
"required": [
"password"
]
},
"BanCreateSchema": {
"type": "object",
"properties": {
"delete_message_seconds": {
"type": "string"
},
"delete_message_days": {
"type": "string"
},
"reason": {
"type": "string"
}
}
},
"BanModeratorSchema": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"user_id": {
"type": "string"
},
"guild_id": {
"type": "string"
},
"executor_id": {
"type": "string"
},
"reason": {
"type": "string"
}
},
"required": [
"executor_id",
"guild_id",
"id",
"user_id"
]
},
"BanRegistrySchema": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"user_id": {
"type": "string"
},
"guild_id": {
"type": "string"
},
"executor_id": {
"type": "string"
},
"ip": {
"type": "string"
},
"reason": {
"type": "string"
}
},
"required": [
"executor_id",
"guild_id",
"id",
"user_id"
]
},
"BotModifySchema": {
"type": "object",
"properties": {
"avatar": {
"type": "string"
},
"username": {
"type": "string"
}
}
},
"ChannelPermissionOverwriteSchema": { "ChannelPermissionOverwriteSchema": {
"type": "object", "type": "object",
"properties": { "properties": {
@ -5486,9 +5219,6 @@
"MessageEditSchema": { "MessageEditSchema": {
"type": "object", "type": "object",
"properties": { "properties": {
"embed": {
"$ref": "#/components/schemas/Embed"
},
"file": { "file": {
"type": "object", "type": "object",
"properties": { "properties": {
@ -5501,29 +5231,12 @@
"filename" "filename"
] ]
}, },
"embed": {
"$ref": "#/components/schemas/Embed"
},
"flags": { "flags": {
"type": "integer" "type": "integer"
}, },
"attachments": {
"description": "TODO: we should create an interface for attachments\nTODO: OpenWAAO<-->attachment-style metadata conversion",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"filename": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"filename",
"id"
]
}
},
"content": { "content": {
"type": "string" "type": "string"
}, },
@ -5597,6 +5310,26 @@
"payload_json": { "payload_json": {
"type": "string" "type": "string"
}, },
"attachments": {
"description": "TODO: we should create an interface for attachments\nTODO: OpenWAAO<-->attachment-style metadata conversion",
"type": "array",
"items": {
"type": "object",
"properties": {
"id": {
"type": "string"
},
"filename": {
"type": "string"
}
},
"additionalProperties": false,
"required": [
"filename",
"id"
]
}
},
"sticker_ids": { "sticker_ids": {
"type": "array", "type": "array",
"items": { "items": {
@ -13994,6 +13727,62 @@
] ]
} }
}, },
"/guilds/{guild_id}/bulk-ban/": {
"post": {
"x-permission-required": "BAN_MEMBERS",
"security": [
{
"bearer": []
}
],
"responses": {
"200": {
"description": "",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/Ban"
}
}
}
},
"400": {
"description": "",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/APIErrorResponse"
}
}
}
},
"403": {
"description": "",
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/APIErrorResponse"
}
}
}
}
},
"parameters": [
{
"name": "guild_id",
"in": "path",
"required": true,
"schema": {
"type": "string"
},
"description": "guild_id"
}
],
"tags": [
"guilds"
]
}
},
"/guilds/{guild_id}/bans/": { "/guilds/{guild_id}/bans/": {
"get": { "get": {
"x-permission-required": "BAN_MEMBERS", "x-permission-required": "BAN_MEMBERS",
@ -14040,7 +13829,7 @@
] ]
} }
}, },
"/guilds/{guild_id}/bans/{user}": { "/guilds/{guild_id}/bans/{user_id}": {
"get": { "get": {
"x-permission-required": "BAN_MEMBERS", "x-permission-required": "BAN_MEMBERS",
"security": [ "security": [
@ -14091,21 +13880,19 @@
"description": "guild_id" "description": "guild_id"
}, },
{ {
"name": "user", "name": "user_id",
"in": "path", "in": "path",
"required": true, "required": true,
"schema": { "schema": {
"type": "string" "type": "string"
}, },
"description": "user" "description": "user_id"
} }
], ],
"tags": [ "tags": [
"guilds" "guilds"
] ]
} },
},
"/guilds/{guild_id}/bans/{user_id}": {
"put": { "put": {
"x-permission-required": "BAN_MEMBERS", "x-permission-required": "BAN_MEMBERS",
"security": [ "security": [

68161
assets/schemas.json
View File

File diff suppressed because it is too large Load Diff

1
package.json
View File

@ -10,6 +10,7 @@
"start:cdn": "node dist/cdn/start.js", "start:cdn": "node dist/cdn/start.js",
"start:gateway": "node dist/gateway/start.js", "start:gateway": "node dist/gateway/start.js",
"build": "tsc -p .", "build": "tsc -p .",
"watch": "tsc -w -p .",
"test": "node scripts/test.js", "test": "node scripts/test.js",
"lint": "eslint .", "lint": "eslint .",
"setup": "npm run build && npm run generate:schema", "setup": "npm run build && npm run generate:schema",

124
src/api/routes/guilds/#guild_id/bulk-ban.ts Normal file
View File

@ -0,0 +1,124 @@
/*
Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
Copyright (C) 2023 Spacebar and Spacebar Contributors
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
import { getIpAdress, route } from "@spacebar/api";
import {
Ban,
DiscordApiErrors,
GuildBanAddEvent,
Member,
User,
emitEvent,
} from "@spacebar/util";
import { Request, Response, Router } from "express";
import { HTTPError } from "lambert-server";
const router: Router = Router();
router.post(
"/",
route({
requestBody: "BulkBanSchema",
permission: ["BAN_MEMBERS", "MANAGE_GUILD"],
responses: {
200: {
body: "Ban",
},
400: {
body: "APIErrorResponse",
},
403: {
body: "APIErrorResponse",
},
},
}),
async (req: Request, res: Response) => {
const { guild_id } = req.params;
const userIds: Array<string> = req.body.user_ids;
if (!userIds)
throw new HTTPError("The user_ids array is missing", 400);
if (userIds.length > 200)
throw new HTTPError("The user_ids array must be between 1 and 200 in length", 400);
const banned_users = [];
const failed_users = [];
for await (const banned_user_id of userIds) {
if (
req.user_id === banned_user_id &&
banned_user_id === req.permission?.cache.guild?.owner_id
) {
failed_users.push(banned_user_id);
continue;
}
if (req.permission?.cache.guild?.owner_id === banned_user_id) {
failed_users.push(banned_user_id);
continue;
}
const existingBan = await Ban.findOne({
where: { guild_id: guild_id, user_id: banned_user_id },
});
if (existingBan) {
failed_users.push(banned_user_id);
continue;
}
let banned_user;
try {
banned_user = await User.getPublicUser(banned_user_id);
} catch {
failed_users.push(banned_user_id);
continue;
}
const ban = Ban.create({
user_id: banned_user_id,
guild_id: guild_id,
ip: getIpAdress(req),
executor_id: req.user_id,
reason: req.body.reason, // || otherwise empty
});
try {
await Promise.all([
Member.removeFromGuild(banned_user_id, guild_id),
ban.save(),
emitEvent({
event: "GUILD_BAN_ADD",
data: {
guild_id: guild_id,
user: banned_user,
},
guild_id: guild_id,
} as GuildBanAddEvent),
]);
banned_users.push(banned_user_id);
} catch {
failed_users.push(banned_user_id);
continue;
}
}
if (banned_users.length === 0 && failed_users.length > 0) throw DiscordApiErrors.BULK_BAN_FAILED;
return res.json({ banned_users: banned_users, failed_users: failed_users });
},
);
export default router;

22
src/api/util/handlers/route.ts
View File

@ -1,17 +1,17 @@
/* /*
Spacebar: A FOSS re-implementation and extension of the Discord.com backend. Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
Copyright (C) 2023 Spacebar and Spacebar Contributors Copyright (C) 2023 Spacebar and Spacebar Contributors
This program is free software: you can redistribute it and/or modify This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version. (at your option) any later version.
This program is distributed in the hope that it will be useful, This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details. GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>. along with this program. If not, see <https://www.gnu.org/licenses/>.
*/ */
@ -90,19 +90,21 @@ export function route(opts: RouteOptions) {
return async (req: Request, res: Response, next: NextFunction) => { return async (req: Request, res: Response, next: NextFunction) => {
if (opts.permission) { if (opts.permission) {
const required = new Permissions(opts.permission);
req.permission = await getPermission( req.permission = await getPermission(
req.user_id, req.user_id,
req.params.guild_id, req.params.guild_id,
req.params.channel_id, req.params.channel_id,
); );
// bitfield comparison: check if user lacks certain permission const requiredPerms = Array.isArray(opts.permission) ? opts.permission : [opts.permission];
if (!req.permission.has(required)) { requiredPerms.forEach((perm) => {
throw DiscordApiErrors.MISSING_PERMISSIONS.withParams( // bitfield comparison: check if user lacks certain permission
opts.permission as string, if (!req.permission!.has(new Permissions(perm))) {
); throw DiscordApiErrors.MISSING_PERMISSIONS.withParams(
} perm as string,
);
}
});
} }
if (opts.right) { if (opts.right) {

22
src/util/schemas/BulkBanSchema.ts Normal file
View File

@ -0,0 +1,22 @@
/*
Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
Copyright (C) 2023 Spacebar and Spacebar Contributors
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
export interface BulkBanSchema {
user_ids: string[];
delete_message_seconds?: number;
}

12
src/util/util/Constants.ts
View File

@ -1,17 +1,17 @@
/* /*
Spacebar: A FOSS re-implementation and extension of the Discord.com backend. Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
Copyright (C) 2023 Spacebar and Spacebar Contributors Copyright (C) 2023 Spacebar and Spacebar Contributors
This program is free software: you can redistribute it and/or modify This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version. (at your option) any later version.
This program is distributed in the hope that it will be useful, This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details. GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>. along with this program. If not, see <https://www.gnu.org/licenses/>.
*/ */
@ -553,6 +553,8 @@ export const VerificationLevels = [
* * LOTTIE_ANIMATION_MAXIMUM_DIMENSIONS * * LOTTIE_ANIMATION_MAXIMUM_DIMENSIONS
* * STICKER_FRAME_RATE_TOO_SMALL_OR_TOO_LARGE * * STICKER_FRAME_RATE_TOO_SMALL_OR_TOO_LARGE
* * STICKER_ANIMATION_DURATION_MAXIMUM * * STICKER_ANIMATION_DURATION_MAXIMUM
* * AUTOMODERATOR_BLOCK
* * BULK_BAN_FAILED
* * UNKNOWN_VOICE_STATE * * UNKNOWN_VOICE_STATE
* @typedef {string} APIError * @typedef {string} APIError
*/ */
@ -1001,6 +1003,10 @@ export const DiscordApiErrors = {
"Message was blocked by automatic moderation", "Message was blocked by automatic moderation",
200000, 200000,
), ),
BULK_BAN_FAILED: new ApiError(
"Failed to ban users",
500000
),
//Other errors //Other errors
UNKNOWN_VOICE_STATE: new ApiError("Unknown Voice State", 10065, 404), UNKNOWN_VOICE_STATE: new ApiError("Unknown Voice State", 10065, 404),