1
0
mirror of https://github.com/spacebarchat/server.git synced 2024-11-22 02:12:40 +01:00

Start implementing webhooks

This commit is contained in:
Puyodead1 2023-12-10 17:02:27 -05:00
parent 0a6f6a095d
commit 99d9bf563f
No known key found for this signature in database
GPG Key ID: A4FA4FEC0DD353FC
11 changed files with 5029 additions and 401 deletions

File diff suppressed because it is too large Load Diff

View File

@ -16,8 +16,8 @@
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
import { checkToken, Rights } from "@spacebar/util";
import * as Sentry from "@sentry/node";
import { checkToken, Rights } from "@spacebar/util";
import { NextFunction, Request, Response } from "express";
import { HTTPError } from "lambert-server";
@ -32,7 +32,7 @@ export const NO_AUTHORIZATION_ROUTES = [
"/auth/forgot",
"/auth/reset",
// Routes with a seperate auth system
"/webhooks/",
/\/webhooks\/\d+\/\w+\/?/, // no token requires auth
// Public information endpoints
"/ping",
"/gateway",

View File

@ -26,8 +26,8 @@ import {
WebhookCreateSchema,
WebhookType,
handleFile,
trimSpecial,
isTextChannel,
trimSpecial,
} from "@spacebar/util";
import crypto from "crypto";
import { Request, Response, Router } from "express";
@ -35,10 +35,12 @@ import { HTTPError } from "lambert-server";
const router: Router = Router();
//TODO: implement webhooks
router.get(
"/",
route({
description:
"Returns a list of channel webhook objects. Requires the MANAGE_WEBHOOKS permission.",
permission: "MANAGE_WEBHOOKS",
responses: {
200: {
body: "APIWebhookArray",
@ -46,7 +48,18 @@ router.get(
},
}),
async (req: Request, res: Response) => {
res.json([]);
const { channel_id } = req.params;
const webhooks = await Webhook.find({
where: { channel_id },
relations: [
"user",
"guild",
"source_guild",
"application" /*"source_channel"*/,
],
});
return res.json(webhooks);
},
);
@ -89,15 +102,15 @@ router.post(
if (avatar) avatar = await handleFile(`/avatars/${channel_id}`, avatar);
const hook = Webhook.create({
const hook = await Webhook.create({
type: WebhookType.Incoming,
name,
avatar,
guild_id: channel.guild_id,
channel_id: channel.id,
user_id: req.user_id,
token: crypto.randomBytes(24).toString("base64"),
});
token: crypto.randomBytes(24).toString("base64url"),
}).save();
const user = await User.getPublicUser(req.user_id);

View File

@ -16,12 +16,37 @@
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
import { Router, Response, Request } from "express";
import { route } from "@spacebar/api";
import { Webhook } from "@spacebar/util";
import { Request, Response, Router } from "express";
const router = Router();
//TODO: implement webhooks
router.get("/", route({}), async (req: Request, res: Response) => {
res.json([]);
});
router.get(
"/",
route({
description:
"Returns a list of guild webhook objects. Requires the MANAGE_WEBHOOKS permission.",
permission: "MANAGE_WEBHOOKS",
responses: {
200: {
body: "APIWebhookArray",
},
},
}),
async (req: Request, res: Response) => {
const { guild_id } = req.params;
const webhooks = await Webhook.find({
where: { guild_id },
relations: [
"user",
"guild",
"source_guild",
"application" /*"source_channel"*/,
],
});
return res.json(webhooks);
},
);
export default router;

View File

@ -0,0 +1,215 @@
import { handleMessage, route } from "@spacebar/api";
import {
Attachment,
Config,
DiscordApiErrors,
FieldErrors,
Message,
Webhook,
WebhookExecuteSchema,
uploadFile,
} from "@spacebar/util";
import { Request, Response, Router } from "express";
import { HTTPError } from "lambert-server";
import multer from "multer";
import { MoreThan } from "typeorm";
const router = Router();
router.get(
"/",
route({
description: "Returns a webhook object for the given id.",
responses: {
200: {
body: "APIWebhook",
},
404: {},
},
}),
async (req: Request, res: Response) => {
const { webhook_id, token } = req.params;
const webhook = await Webhook.findOne({
where: {
id: webhook_id,
},
relations: ["channel", "guild", "application"],
});
if (!webhook) {
throw DiscordApiErrors.UNKNOWN_WEBHOOK;
}
if (webhook.token !== token) {
throw DiscordApiErrors.INVALID_WEBHOOK_TOKEN_PROVIDED;
}
return res.json(webhook);
},
);
// TODO: config max upload size
const messageUpload = multer({
limits: {
fileSize: Config.get().limits.message.maxAttachmentSize,
fields: 10,
// files: 1
},
storage: multer.memoryStorage(),
}); // max upload 50 mb
// https://discord.com/developers/docs/resources/webhook#execute-webhook
router.post(
"/",
messageUpload.any(),
(req, res, next) => {
if (req.body.payload_json) {
req.body = JSON.parse(req.body.payload_json);
}
next();
},
route({
requestBody: "WebhookExecuteSchema",
query: {
wait: {
type: "boolean",
required: false,
description:
"waits for server confirmation of message send before response, and returns the created message body",
},
thread_id: {
type: "string",
required: false,
description:
"Send a message to the specified thread within a webhook's channel.",
},
},
responses: {
204: {},
400: {
body: "APIErrorResponse",
},
404: {},
},
}),
async (req: Request, res: Response) => {
const { webhook_id, token } = req.params;
const body = req.body as WebhookExecuteSchema;
const attachments: Attachment[] = [];
// ensure one of content, embeds, components, or file is present
if (
!body.content &&
!body.embeds &&
!body.components &&
!body.file &&
!body.attachments
) {
throw DiscordApiErrors.CANNOT_SEND_EMPTY_MESSAGE;
}
// block username from containing certain words
// TODO: configurable additions
const blockedContains = ["discord", "clyde", "spacebar"];
for (const word of blockedContains) {
if (body.username?.toLowerCase().includes(word)) {
return res.status(400).json({
username: [`Username cannot contain "${word}"`],
});
}
}
// block username from being certain words
// TODO: configurable additions
const blockedEquals = ["everyone", "here"];
for (const word of blockedEquals) {
if (body.username?.toLowerCase() === word) {
return res.status(400).json({
username: [`Username cannot be "${word}"`],
});
}
}
const webhook = await Webhook.findOne({
where: {
id: webhook_id,
},
relations: ["channel", "guild", "application"],
});
if (!webhook) {
throw DiscordApiErrors.UNKNOWN_WEBHOOK;
}
if (!webhook.channel.isWritable()) {
throw new HTTPError(
`Cannot send messages to channel of type ${webhook.channel.type}`,
400,
);
}
if (webhook.token !== token) {
throw DiscordApiErrors.INVALID_WEBHOOK_TOKEN_PROVIDED;
}
// TODO: creating messages by users checks if the user can bypass rate limits, we cant do that on webhooks, but maybe we could check the application if there is one?
const limits = Config.get().limits;
if (limits.absoluteRate.register.enabled) {
const count = await Message.count({
where: {
channel_id: webhook.channel_id,
timestamp: MoreThan(
new Date(
Date.now() - limits.absoluteRate.sendMessage.window,
),
),
},
});
if (count >= limits.absoluteRate.sendMessage.limit)
throw FieldErrors({
channel_id: {
code: "TOO_MANY_MESSAGES",
message: req.t("common:toomany.MESSAGE"),
},
});
}
const files = (req.files as Express.Multer.File[]) ?? [];
for (const currFile of files) {
try {
const file = await uploadFile(
`/attachments/${webhook.channel.id}`,
currFile,
);
attachments.push(
Attachment.create({ ...file, proxy_url: file.url }),
);
} catch (error) {
return res.status(400).json({ message: error?.toString() });
}
}
// TODO: set username and avatar based on body
const embeds = body.embeds || [];
const message = await handleMessage({
...body,
type: 0,
pinned: false,
webhook_id: webhook.id,
application_id: webhook.application?.id,
embeds,
channel_id: webhook.channel_id,
attachments,
timestamp: new Date(),
});
// eslint-disable-next-line @typescript-eslint/ban-ts-comment
//@ts-ignore dont care2
message.edited_timestamp = null;
webhook.channel.last_message_id = message.id;
},
);
export default router;

View File

@ -0,0 +1,32 @@
import { route } from "@spacebar/api";
import { Webhook } from "@spacebar/util";
import { Request, Response, Router } from "express";
const router = Router();
router.get(
"/",
route({
description: "Returns a webhook object for the given id.",
responses: {
200: {
body: "APIWebhook",
},
404: {},
},
}),
async (req: Request, res: Response) => {
const { webhook_id } = req.params;
const webhook = await Webhook.findOneOrFail({
where: { id: webhook_id },
relations: [
"user",
"guild",
"source_guild",
"application" /*"source_channel"*/,
],
});
return res.json(webhook);
},
);
export default router;

View File

@ -18,7 +18,7 @@
import { Embed } from "@spacebar/util";
type Attachment = {
export type MessageCreateAttachment = {
id: string;
filename: string;
};
@ -52,7 +52,7 @@ export interface MessageCreateSchema {
TODO: we should create an interface for attachments
TODO: OpenWAAO<-->attachment-style metadata conversion
**/
attachments?: Attachment[];
attachments?: MessageCreateAttachment[];
sticker_ids?: string[];
// eslint-disable-next-line @typescript-eslint/no-explicit-any
components?: any[];

View File

@ -16,7 +16,6 @@
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
// TODO: webhooks
export interface WebhookCreateSchema {
/**
* @maxLength 80

View File

@ -0,0 +1,46 @@
/*
Spacebar: A FOSS re-implementation and extension of the Discord.com backend.
Copyright (C) 2023 Spacebar and Spacebar Contributors
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
*/
import { Embed } from "../entities";
import { MessageCreateAttachment } from "./MessageCreateSchema";
export interface WebhookExecuteSchema {
content?: string;
username?: string;
avatar_url?: string;
tts?: boolean;
embeds?: Embed[];
allowed_mentions?: {
parse?: string[];
roles?: string[];
users?: string[];
replied_user?: boolean;
};
// eslint-disable-next-line @typescript-eslint/no-explicit-any
components?: any[];
file?: { filename: string };
payload_json?: string;
/**
TODO: we should create an interface for attachments
TODO: OpenWAAO<-->attachment-style metadata conversion
**/
attachments?: MessageCreateAttachment[];
flags?: number;
thread_name?: string;
applied_tags?: string[];
}

View File

@ -79,5 +79,6 @@ export * from "./VoiceStateUpdateSchema";
export * from "./VoiceVideoSchema";
export * from "./WebAuthnSchema";
export * from "./WebhookCreateSchema";
export * from "./WebhookExecuteSchema";
export * from "./WidgetModifySchema";
export * from "./responses";

View File

@ -576,7 +576,7 @@ export const DiscordApiErrors = {
UNKNOWN_TOKEN: new ApiError("Unknown token", 10012),
UNKNOWN_USER: new ApiError("Unknown user", 10013),
UNKNOWN_EMOJI: new ApiError("Unknown emoji", 10014),
UNKNOWN_WEBHOOK: new ApiError("Unknown webhook", 10015),
UNKNOWN_WEBHOOK: new ApiError("Unknown webhook", 10015, 404),
UNKNOWN_WEBHOOK_SERVICE: new ApiError("Unknown webhook service", 10016),
UNKNOWN_CONNECTION: new ApiError("Unknown connection", 10017, 400),
UNKNOWN_SESSION: new ApiError("Unknown session", 10020),