mirror of
https://github.com/spacebarchat/server.git
synced 2024-11-22 02:12:40 +01:00
Start implementing webhooks
This commit is contained in:
parent
0a6f6a095d
commit
99d9bf563f
5065
assets/schemas.json
5065
assets/schemas.json
File diff suppressed because it is too large
Load Diff
@ -16,8 +16,8 @@
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
import { checkToken, Rights } from "@spacebar/util";
|
||||
import * as Sentry from "@sentry/node";
|
||||
import { checkToken, Rights } from "@spacebar/util";
|
||||
import { NextFunction, Request, Response } from "express";
|
||||
import { HTTPError } from "lambert-server";
|
||||
|
||||
@ -32,7 +32,7 @@ export const NO_AUTHORIZATION_ROUTES = [
|
||||
"/auth/forgot",
|
||||
"/auth/reset",
|
||||
// Routes with a seperate auth system
|
||||
"/webhooks/",
|
||||
/\/webhooks\/\d+\/\w+\/?/, // no token requires auth
|
||||
// Public information endpoints
|
||||
"/ping",
|
||||
"/gateway",
|
||||
|
@ -26,8 +26,8 @@ import {
|
||||
WebhookCreateSchema,
|
||||
WebhookType,
|
||||
handleFile,
|
||||
trimSpecial,
|
||||
isTextChannel,
|
||||
trimSpecial,
|
||||
} from "@spacebar/util";
|
||||
import crypto from "crypto";
|
||||
import { Request, Response, Router } from "express";
|
||||
@ -35,10 +35,12 @@ import { HTTPError } from "lambert-server";
|
||||
|
||||
const router: Router = Router();
|
||||
|
||||
//TODO: implement webhooks
|
||||
router.get(
|
||||
"/",
|
||||
route({
|
||||
description:
|
||||
"Returns a list of channel webhook objects. Requires the MANAGE_WEBHOOKS permission.",
|
||||
permission: "MANAGE_WEBHOOKS",
|
||||
responses: {
|
||||
200: {
|
||||
body: "APIWebhookArray",
|
||||
@ -46,7 +48,18 @@ router.get(
|
||||
},
|
||||
}),
|
||||
async (req: Request, res: Response) => {
|
||||
res.json([]);
|
||||
const { channel_id } = req.params;
|
||||
const webhooks = await Webhook.find({
|
||||
where: { channel_id },
|
||||
relations: [
|
||||
"user",
|
||||
"guild",
|
||||
"source_guild",
|
||||
"application" /*"source_channel"*/,
|
||||
],
|
||||
});
|
||||
|
||||
return res.json(webhooks);
|
||||
},
|
||||
);
|
||||
|
||||
@ -89,15 +102,15 @@ router.post(
|
||||
|
||||
if (avatar) avatar = await handleFile(`/avatars/${channel_id}`, avatar);
|
||||
|
||||
const hook = Webhook.create({
|
||||
const hook = await Webhook.create({
|
||||
type: WebhookType.Incoming,
|
||||
name,
|
||||
avatar,
|
||||
guild_id: channel.guild_id,
|
||||
channel_id: channel.id,
|
||||
user_id: req.user_id,
|
||||
token: crypto.randomBytes(24).toString("base64"),
|
||||
});
|
||||
token: crypto.randomBytes(24).toString("base64url"),
|
||||
}).save();
|
||||
|
||||
const user = await User.getPublicUser(req.user_id);
|
||||
|
||||
|
@ -16,12 +16,37 @@
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
import { Router, Response, Request } from "express";
|
||||
import { route } from "@spacebar/api";
|
||||
import { Webhook } from "@spacebar/util";
|
||||
import { Request, Response, Router } from "express";
|
||||
const router = Router();
|
||||
|
||||
//TODO: implement webhooks
|
||||
router.get("/", route({}), async (req: Request, res: Response) => {
|
||||
res.json([]);
|
||||
});
|
||||
router.get(
|
||||
"/",
|
||||
route({
|
||||
description:
|
||||
"Returns a list of guild webhook objects. Requires the MANAGE_WEBHOOKS permission.",
|
||||
permission: "MANAGE_WEBHOOKS",
|
||||
responses: {
|
||||
200: {
|
||||
body: "APIWebhookArray",
|
||||
},
|
||||
},
|
||||
}),
|
||||
async (req: Request, res: Response) => {
|
||||
const { guild_id } = req.params;
|
||||
const webhooks = await Webhook.find({
|
||||
where: { guild_id },
|
||||
relations: [
|
||||
"user",
|
||||
"guild",
|
||||
"source_guild",
|
||||
"application" /*"source_channel"*/,
|
||||
],
|
||||
});
|
||||
|
||||
return res.json(webhooks);
|
||||
},
|
||||
);
|
||||
|
||||
export default router;
|
||||
|
215
src/api/routes/webhooks/#webhook_id/#token/index.ts
Normal file
215
src/api/routes/webhooks/#webhook_id/#token/index.ts
Normal file
@ -0,0 +1,215 @@
|
||||
import { handleMessage, route } from "@spacebar/api";
|
||||
import {
|
||||
Attachment,
|
||||
Config,
|
||||
DiscordApiErrors,
|
||||
FieldErrors,
|
||||
Message,
|
||||
Webhook,
|
||||
WebhookExecuteSchema,
|
||||
uploadFile,
|
||||
} from "@spacebar/util";
|
||||
import { Request, Response, Router } from "express";
|
||||
import { HTTPError } from "lambert-server";
|
||||
import multer from "multer";
|
||||
import { MoreThan } from "typeorm";
|
||||
const router = Router();
|
||||
|
||||
router.get(
|
||||
"/",
|
||||
route({
|
||||
description: "Returns a webhook object for the given id.",
|
||||
responses: {
|
||||
200: {
|
||||
body: "APIWebhook",
|
||||
},
|
||||
404: {},
|
||||
},
|
||||
}),
|
||||
async (req: Request, res: Response) => {
|
||||
const { webhook_id, token } = req.params;
|
||||
const webhook = await Webhook.findOne({
|
||||
where: {
|
||||
id: webhook_id,
|
||||
},
|
||||
relations: ["channel", "guild", "application"],
|
||||
});
|
||||
|
||||
if (!webhook) {
|
||||
throw DiscordApiErrors.UNKNOWN_WEBHOOK;
|
||||
}
|
||||
|
||||
if (webhook.token !== token) {
|
||||
throw DiscordApiErrors.INVALID_WEBHOOK_TOKEN_PROVIDED;
|
||||
}
|
||||
|
||||
return res.json(webhook);
|
||||
},
|
||||
);
|
||||
|
||||
// TODO: config max upload size
|
||||
const messageUpload = multer({
|
||||
limits: {
|
||||
fileSize: Config.get().limits.message.maxAttachmentSize,
|
||||
fields: 10,
|
||||
// files: 1
|
||||
},
|
||||
storage: multer.memoryStorage(),
|
||||
}); // max upload 50 mb
|
||||
|
||||
// https://discord.com/developers/docs/resources/webhook#execute-webhook
|
||||
router.post(
|
||||
"/",
|
||||
messageUpload.any(),
|
||||
(req, res, next) => {
|
||||
if (req.body.payload_json) {
|
||||
req.body = JSON.parse(req.body.payload_json);
|
||||
}
|
||||
|
||||
next();
|
||||
},
|
||||
route({
|
||||
requestBody: "WebhookExecuteSchema",
|
||||
query: {
|
||||
wait: {
|
||||
type: "boolean",
|
||||
required: false,
|
||||
description:
|
||||
"waits for server confirmation of message send before response, and returns the created message body",
|
||||
},
|
||||
thread_id: {
|
||||
type: "string",
|
||||
required: false,
|
||||
description:
|
||||
"Send a message to the specified thread within a webhook's channel.",
|
||||
},
|
||||
},
|
||||
responses: {
|
||||
204: {},
|
||||
400: {
|
||||
body: "APIErrorResponse",
|
||||
},
|
||||
404: {},
|
||||
},
|
||||
}),
|
||||
async (req: Request, res: Response) => {
|
||||
const { webhook_id, token } = req.params;
|
||||
const body = req.body as WebhookExecuteSchema;
|
||||
const attachments: Attachment[] = [];
|
||||
|
||||
// ensure one of content, embeds, components, or file is present
|
||||
if (
|
||||
!body.content &&
|
||||
!body.embeds &&
|
||||
!body.components &&
|
||||
!body.file &&
|
||||
!body.attachments
|
||||
) {
|
||||
throw DiscordApiErrors.CANNOT_SEND_EMPTY_MESSAGE;
|
||||
}
|
||||
|
||||
// block username from containing certain words
|
||||
// TODO: configurable additions
|
||||
const blockedContains = ["discord", "clyde", "spacebar"];
|
||||
for (const word of blockedContains) {
|
||||
if (body.username?.toLowerCase().includes(word)) {
|
||||
return res.status(400).json({
|
||||
username: [`Username cannot contain "${word}"`],
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
// block username from being certain words
|
||||
// TODO: configurable additions
|
||||
const blockedEquals = ["everyone", "here"];
|
||||
for (const word of blockedEquals) {
|
||||
if (body.username?.toLowerCase() === word) {
|
||||
return res.status(400).json({
|
||||
username: [`Username cannot be "${word}"`],
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
const webhook = await Webhook.findOne({
|
||||
where: {
|
||||
id: webhook_id,
|
||||
},
|
||||
relations: ["channel", "guild", "application"],
|
||||
});
|
||||
|
||||
if (!webhook) {
|
||||
throw DiscordApiErrors.UNKNOWN_WEBHOOK;
|
||||
}
|
||||
|
||||
if (!webhook.channel.isWritable()) {
|
||||
throw new HTTPError(
|
||||
`Cannot send messages to channel of type ${webhook.channel.type}`,
|
||||
400,
|
||||
);
|
||||
}
|
||||
|
||||
if (webhook.token !== token) {
|
||||
throw DiscordApiErrors.INVALID_WEBHOOK_TOKEN_PROVIDED;
|
||||
}
|
||||
|
||||
// TODO: creating messages by users checks if the user can bypass rate limits, we cant do that on webhooks, but maybe we could check the application if there is one?
|
||||
const limits = Config.get().limits;
|
||||
if (limits.absoluteRate.register.enabled) {
|
||||
const count = await Message.count({
|
||||
where: {
|
||||
channel_id: webhook.channel_id,
|
||||
timestamp: MoreThan(
|
||||
new Date(
|
||||
Date.now() - limits.absoluteRate.sendMessage.window,
|
||||
),
|
||||
),
|
||||
},
|
||||
});
|
||||
|
||||
if (count >= limits.absoluteRate.sendMessage.limit)
|
||||
throw FieldErrors({
|
||||
channel_id: {
|
||||
code: "TOO_MANY_MESSAGES",
|
||||
message: req.t("common:toomany.MESSAGE"),
|
||||
},
|
||||
});
|
||||
}
|
||||
|
||||
const files = (req.files as Express.Multer.File[]) ?? [];
|
||||
for (const currFile of files) {
|
||||
try {
|
||||
const file = await uploadFile(
|
||||
`/attachments/${webhook.channel.id}`,
|
||||
currFile,
|
||||
);
|
||||
attachments.push(
|
||||
Attachment.create({ ...file, proxy_url: file.url }),
|
||||
);
|
||||
} catch (error) {
|
||||
return res.status(400).json({ message: error?.toString() });
|
||||
}
|
||||
}
|
||||
|
||||
// TODO: set username and avatar based on body
|
||||
|
||||
const embeds = body.embeds || [];
|
||||
const message = await handleMessage({
|
||||
...body,
|
||||
type: 0,
|
||||
pinned: false,
|
||||
webhook_id: webhook.id,
|
||||
application_id: webhook.application?.id,
|
||||
embeds,
|
||||
channel_id: webhook.channel_id,
|
||||
attachments,
|
||||
timestamp: new Date(),
|
||||
});
|
||||
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
|
||||
//@ts-ignore dont care2
|
||||
message.edited_timestamp = null;
|
||||
|
||||
webhook.channel.last_message_id = message.id;
|
||||
},
|
||||
);
|
||||
|
||||
export default router;
|
32
src/api/routes/webhooks/#webhook_id/index.ts
Normal file
32
src/api/routes/webhooks/#webhook_id/index.ts
Normal file
@ -0,0 +1,32 @@
|
||||
import { route } from "@spacebar/api";
|
||||
import { Webhook } from "@spacebar/util";
|
||||
import { Request, Response, Router } from "express";
|
||||
const router = Router();
|
||||
|
||||
router.get(
|
||||
"/",
|
||||
route({
|
||||
description: "Returns a webhook object for the given id.",
|
||||
responses: {
|
||||
200: {
|
||||
body: "APIWebhook",
|
||||
},
|
||||
404: {},
|
||||
},
|
||||
}),
|
||||
async (req: Request, res: Response) => {
|
||||
const { webhook_id } = req.params;
|
||||
const webhook = await Webhook.findOneOrFail({
|
||||
where: { id: webhook_id },
|
||||
relations: [
|
||||
"user",
|
||||
"guild",
|
||||
"source_guild",
|
||||
"application" /*"source_channel"*/,
|
||||
],
|
||||
});
|
||||
return res.json(webhook);
|
||||
},
|
||||
);
|
||||
|
||||
export default router;
|
@ -18,7 +18,7 @@
|
||||
|
||||
import { Embed } from "@spacebar/util";
|
||||
|
||||
type Attachment = {
|
||||
export type MessageCreateAttachment = {
|
||||
id: string;
|
||||
filename: string;
|
||||
};
|
||||
@ -52,7 +52,7 @@ export interface MessageCreateSchema {
|
||||
TODO: we should create an interface for attachments
|
||||
TODO: OpenWAAO<-->attachment-style metadata conversion
|
||||
**/
|
||||
attachments?: Attachment[];
|
||||
attachments?: MessageCreateAttachment[];
|
||||
sticker_ids?: string[];
|
||||
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
||||
components?: any[];
|
||||
|
@ -16,7 +16,6 @@
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
// TODO: webhooks
|
||||
export interface WebhookCreateSchema {
|
||||
/**
|
||||
* @maxLength 80
|
||||
|
46
src/util/schemas/WebhookExecuteSchema.ts
Normal file
46
src/util/schemas/WebhookExecuteSchema.ts
Normal file
@ -0,0 +1,46 @@
|
||||
/*
|
||||
Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
|
||||
Copyright (C) 2023 Spacebar and Spacebar Contributors
|
||||
|
||||
This program is free software: you can redistribute it and/or modify
|
||||
it under the terms of the GNU Affero General Public License as published
|
||||
by the Free Software Foundation, either version 3 of the License, or
|
||||
(at your option) any later version.
|
||||
|
||||
This program is distributed in the hope that it will be useful,
|
||||
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
GNU Affero General Public License for more details.
|
||||
|
||||
You should have received a copy of the GNU Affero General Public License
|
||||
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
import { Embed } from "../entities";
|
||||
import { MessageCreateAttachment } from "./MessageCreateSchema";
|
||||
|
||||
export interface WebhookExecuteSchema {
|
||||
content?: string;
|
||||
username?: string;
|
||||
avatar_url?: string;
|
||||
tts?: boolean;
|
||||
embeds?: Embed[];
|
||||
allowed_mentions?: {
|
||||
parse?: string[];
|
||||
roles?: string[];
|
||||
users?: string[];
|
||||
replied_user?: boolean;
|
||||
};
|
||||
// eslint-disable-next-line @typescript-eslint/no-explicit-any
|
||||
components?: any[];
|
||||
file?: { filename: string };
|
||||
payload_json?: string;
|
||||
/**
|
||||
TODO: we should create an interface for attachments
|
||||
TODO: OpenWAAO<-->attachment-style metadata conversion
|
||||
**/
|
||||
attachments?: MessageCreateAttachment[];
|
||||
flags?: number;
|
||||
thread_name?: string;
|
||||
applied_tags?: string[];
|
||||
}
|
@ -79,5 +79,6 @@ export * from "./VoiceStateUpdateSchema";
|
||||
export * from "./VoiceVideoSchema";
|
||||
export * from "./WebAuthnSchema";
|
||||
export * from "./WebhookCreateSchema";
|
||||
export * from "./WebhookExecuteSchema";
|
||||
export * from "./WidgetModifySchema";
|
||||
export * from "./responses";
|
||||
|
@ -576,7 +576,7 @@ export const DiscordApiErrors = {
|
||||
UNKNOWN_TOKEN: new ApiError("Unknown token", 10012),
|
||||
UNKNOWN_USER: new ApiError("Unknown user", 10013),
|
||||
UNKNOWN_EMOJI: new ApiError("Unknown emoji", 10014),
|
||||
UNKNOWN_WEBHOOK: new ApiError("Unknown webhook", 10015),
|
||||
UNKNOWN_WEBHOOK: new ApiError("Unknown webhook", 10015, 404),
|
||||
UNKNOWN_WEBHOOK_SERVICE: new ApiError("Unknown webhook service", 10016),
|
||||
UNKNOWN_CONNECTION: new ApiError("Unknown connection", 10017, 400),
|
||||
UNKNOWN_SESSION: new ApiError("Unknown session", 10020),
|
||||
|
Loading…
Reference in New Issue
Block a user