zeppelin/backend/src/api/guilds.ts

import express, { Request, Response } from "express";
import { AllowedGuilds } from "../data/AllowedGuilds";
import { clientError, ok, serverError, unauthorized } from "./responses";
import { Configs } from "../data/Configs";
import { validateGuildConfig } from "../configValidator";
import yaml, { YAMLException } from "js-yaml";
import { apiTokenAuthHandlers } from "./auth";
import { ApiPermissions, hasPermission, permissionArrToSet } from "@shared/apiPermissions";
import { ApiPermissionAssignments } from "../data/ApiPermissionAssignments";

export function initGuildsAPI(app: express.Express) {
  const allowedGuilds = new AllowedGuilds();
  const apiPermissionAssignments = new ApiPermissionAssignments();
  const configs = new Configs();

  app.get("/guilds/available", ...apiTokenAuthHandlers(), async (req: Request, res: Response) => {
    const guilds = await allowedGuilds.getForApiUser(req.user.userId);
    res.json(guilds);
  });

  app.get("/guilds/:guildId/config", ...apiTokenAuthHandlers(), async (req: Request, res: Response) => {
    const permAssignment = await apiPermissionAssignments.getByGuildAndUserId(req.params.guildId, req.user.userId);
    if (!permAssignment || !hasPermission(permissionArrToSet(permAssignment.permissions), ApiPermissions.ReadConfig)) {
      return unauthorized(res);
    }

    const config = await configs.getActiveByKey(`guild-${req.params.guildId}`);
    res.json({ config: config ? config.config : "" });
  });

  app.post("/guilds/:guildId/config", ...apiTokenAuthHandlers(), async (req, res) => {
    const permAssignment = await apiPermissionAssignments.getByGuildAndUserId(req.params.guildId, req.user.userId);
    if (!permAssignment || !hasPermission(permissionArrToSet(permAssignment.permissions), ApiPermissions.EditConfig)) {
      return unauthorized(res);
    }

    let config = req.body.config;
    if (config == null) return clientError(res, "No config supplied");

    config = config.trim() + "\n"; // Normalize start/end whitespace in the config

    const currentConfig = await configs.getActiveByKey(`guild-${req.params.guildId}`);
    if (config === currentConfig.config) {
      return ok(res);
    }

    // Validate config
    let parsedConfig;
    try {
      parsedConfig = yaml.safeLoad(config);
    } catch (e) {
      if (e instanceof YAMLException) {
        return res.status(400).json({ errors: [e.message] });
      }

      console.error("Error when loading YAML: " + e.message);
      return serverError(res, "Server error");
    }

    if (parsedConfig == null) {
      parsedConfig = {};
    }

    const errors = validateGuildConfig(parsedConfig);
    if (errors) {
      return res.status(422).json({ errors });
    }

    await configs.saveNewRevision(`guild-${req.params.guildId}`, config, req.user.userId);
    ok(res);
  });
}
More work on API permissions 2019-11-08 00:04:24 +02:00			`import express, { Request, Response } from "express";`
Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00			`import { AllowedGuilds } from "../data/AllowedGuilds";`
More work on API permissions 2019-11-08 00:04:24 +02:00			`import { clientError, ok, serverError, unauthorized } from "./responses";`
dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00			`import { Configs } from "../data/Configs";`
Switch from ajv to io-ts for config validation; validate configs on save in the API/dashboard; start work on creating io-ts schemas for all plugins 2019-07-11 12:23:57 +03:00			`import { validateGuildConfig } from "../configValidator";`
			`import yaml, { YAMLException } from "js-yaml";`
Fix overzealous auth requirement in API 2019-07-22 00:49:05 +03:00			`import { apiTokenAuthHandlers } from "./auth";`
More work on API permissions 2019-11-08 00:04:24 +02:00			`import { ApiPermissions, hasPermission, permissionArrToSet } from "@shared/apiPermissions";`
			`import { ApiPermissionAssignments } from "../data/ApiPermissionAssignments";`
Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00
			`export function initGuildsAPI(app: express.Express) {`
			`const allowedGuilds = new AllowedGuilds();`
More work on API permissions 2019-11-08 00:04:24 +02:00			`const apiPermissionAssignments = new ApiPermissionAssignments();`
dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00			`const configs = new Configs();`
Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00
More work on API permissions 2019-11-08 00:04:24 +02:00			`app.get("/guilds/available", ...apiTokenAuthHandlers(), async (req: Request, res: Response) => {`
Dashboard work and related 2019-06-23 19:18:41 +03:00			`const guilds = await allowedGuilds.getForApiUser(req.user.userId);`
dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00			`res.json(guilds);`
Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00			`});`
dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00
More work on API permissions 2019-11-08 00:04:24 +02:00			`app.get("/guilds/:guildId/config", ...apiTokenAuthHandlers(), async (req: Request, res: Response) => {`
			`const permAssignment = await apiPermissionAssignments.getByGuildAndUserId(req.params.guildId, req.user.userId);`
			`if (!permAssignment \|\| !hasPermission(permissionArrToSet(permAssignment.permissions), ApiPermissions.ReadConfig)) {`
			`return unauthorized(res);`
			`}`
dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00
			const config = await configs.getActiveByKey(`guild-${req.params.guildId}`);
			`res.json({ config: config ? config.config : "" });`
			`});`

Fix overzealous auth requirement in API 2019-07-22 00:49:05 +03:00			`app.post("/guilds/:guildId/config", ...apiTokenAuthHandlers(), async (req, res) => {`
More work on API permissions 2019-11-08 00:04:24 +02:00			`const permAssignment = await apiPermissionAssignments.getByGuildAndUserId(req.params.guildId, req.user.userId);`
			`if (!permAssignment \|\| !hasPermission(permissionArrToSet(permAssignment.permissions), ApiPermissions.EditConfig)) {`
			`return unauthorized(res);`
			`}`
dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00
Don't save identical configs as new revisions 2019-07-22 00:14:24 +03:00			`let config = req.body.config;`
dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00			`if (config == null) return clientError(res, "No config supplied");`

Don't save identical configs as new revisions 2019-07-22 00:14:24 +03:00			`config = config.trim() + "\n"; // Normalize start/end whitespace in the config`

			const currentConfig = await configs.getActiveByKey(`guild-${req.params.guildId}`);
			`if (config === currentConfig.config) {`
			`return ok(res);`
			`}`

Switch from ajv to io-ts for config validation; validate configs on save in the API/dashboard; start work on creating io-ts schemas for all plugins 2019-07-11 12:23:57 +03:00			`// Validate config`
			`let parsedConfig;`
			`try {`
			`parsedConfig = yaml.safeLoad(config);`
			`} catch (e) {`
			`if (e instanceof YAMLException) {`
Fix YAML errors not showing the proper error message in config editor 2019-07-22 02:00:04 +03:00			`return res.status(400).json({ errors: [e.message] });`
Switch from ajv to io-ts for config validation; validate configs on save in the API/dashboard; start work on creating io-ts schemas for all plugins 2019-07-11 12:23:57 +03:00			`}`

			`console.error("Error when loading YAML: " + e.message);`
			`return serverError(res, "Server error");`
			`}`

			`if (parsedConfig == null) {`
			`parsedConfig = {};`
			`}`

			`const errors = validateGuildConfig(parsedConfig);`
			`if (errors) {`
			`return res.status(422).json({ errors });`
			`}`

dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00			await configs.saveNewRevision(`guild-${req.params.guildId}`, config, req.user.userId);
			`ok(res);`
			`});`
Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00			`}`