zeppelin/backend/src/api/guilds.ts

import { ApiPermissions } from "@shared/apiPermissions";
import express, { Request, Response } from "express";
import yaml, { YAMLException } from "js-yaml";
import { validateGuildConfig } from "../configValidator";
import { AllowedGuilds } from "../data/AllowedGuilds";
import { ApiPermissionAssignments } from "../data/ApiPermissionAssignments";
import { Configs } from "../data/Configs";
import { apiTokenAuthHandlers } from "./auth";
import { hasGuildPermission, requireGuildPermission } from "./permissions";
import { clientError, ok, serverError, unauthorized } from "./responses";

const apiPermissionAssignments = new ApiPermissionAssignments();

export function initGuildsAPI(app: express.Express) {
  const allowedGuilds = new AllowedGuilds();
  const configs = new Configs();

  const guildRouter = express.Router();
  guildRouter.use(...apiTokenAuthHandlers());

  guildRouter.get("/available", async (req: Request, res: Response) => {
    const guilds = await allowedGuilds.getForApiUser(req.user!.userId);
    res.json(guilds);
  });

  guildRouter.get("/:guildId", async (req: Request, res: Response) => {
    if (!(await hasGuildPermission(req.user!.userId, req.params.guildId, ApiPermissions.ViewGuild))) {
      return unauthorized(res);
    }

    const guild = await allowedGuilds.find(req.params.guildId);
    res.json(guild);
  });

  guildRouter.post("/:guildId/check-permission", async (req: Request, res: Response) => {
    const permission = req.body.permission;
    const hasPermission = await hasGuildPermission(req.user!.userId, req.params.guildId, permission);
    res.json({ result: hasPermission });
  });

  guildRouter.get(
    "/:guildId/config",
    requireGuildPermission(ApiPermissions.ReadConfig),
    async (req: Request, res: Response) => {
      const config = await configs.getActiveByKey(`guild-${req.params.guildId}`);
      res.json({ config: config ? config.config : "" });
    },
  );

  guildRouter.post("/:guildId/config", requireGuildPermission(ApiPermissions.EditConfig), async (req, res) => {
    let config = req.body.config;
    if (config == null) return clientError(res, "No config supplied");

    config = config.trim() + "\n"; // Normalize start/end whitespace in the config

    const currentConfig = await configs.getActiveByKey(`guild-${req.params.guildId}`);
    if (currentConfig && config === currentConfig.config) {
      return ok(res);
    }

    // Validate config
    let parsedConfig;
    try {
      parsedConfig = yaml.safeLoad(config);
    } catch (e) {
      if (e instanceof YAMLException) {
        return res.status(400).json({ errors: [e.message] });
      }

      // tslint:disable-next-line:no-console
      console.error("Error when loading YAML: " + e.message);
      return serverError(res, "Server error");
    }

    if (parsedConfig == null) {
      parsedConfig = {};
    }

    const error = await validateGuildConfig(parsedConfig);
    if (error) {
      return res.status(422).json({ errors: [error] });
    }

    await configs.saveNewRevision(`guild-${req.params.guildId}`, config, req.user!.userId);

    ok(res);
  });

  guildRouter.get(
    "/:guildId/permissions",
    requireGuildPermission(ApiPermissions.ManageAccess),
    async (req: Request, res: Response) => {
      const permissions = await apiPermissionAssignments.getByGuildId(req.params.guildId);
      res.json(permissions);
    },
  );

  app.use("/guilds", guildRouter);
}
Organise all imports, make Mutes depend on Logs 2021-06-06 23:51:32 +02:00			`import { ApiPermissions } from "@shared/apiPermissions";`
More work on API permissions 2019-11-08 00:04:24 +02:00			`import express, { Request, Response } from "express";`
Organise all imports, make Mutes depend on Logs 2021-06-06 23:51:32 +02:00			`import yaml, { YAMLException } from "js-yaml";`
			`import { validateGuildConfig } from "../configValidator";`
Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00			`import { AllowedGuilds } from "../data/AllowedGuilds";`
Organise all imports, make Mutes depend on Logs 2021-06-06 23:51:32 +02:00			`import { ApiPermissionAssignments } from "../data/ApiPermissionAssignments";`
dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00			`import { Configs } from "../data/Configs";`
Fix overzealous auth requirement in API 2019-07-22 00:49:05 +03:00			`import { apiTokenAuthHandlers } from "./auth";`
dashboard/api: add support for Zeppelin staff members; add ViewGuild permission; code cleanup 2020-05-23 16:22:03 +03:00			`import { hasGuildPermission, requireGuildPermission } from "./permissions";`
Organise all imports, make Mutes depend on Logs 2021-06-06 23:51:32 +02:00			`import { clientError, ok, serverError, unauthorized } from "./responses";`
dashboard: work on guild access page 2020-05-23 17:30:52 +03:00
			`const apiPermissionAssignments = new ApiPermissionAssignments();`
Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00
			`export function initGuildsAPI(app: express.Express) {`
			`const allowedGuilds = new AllowedGuilds();`
dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00			`const configs = new Configs();`
Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00
dashboard/api: add support for Zeppelin staff members; add ViewGuild permission; code cleanup 2020-05-23 16:22:03 +03:00			`const guildRouter = express.Router();`
			`guildRouter.use(...apiTokenAuthHandlers());`

			`guildRouter.get("/available", async (req: Request, res: Response) => {`
Turn on strict TS compilation. Fix up and tweak types accordingly. 2020-11-09 20:03:57 +02:00			`const guilds = await allowedGuilds.getForApiUser(req.user!.userId);`
dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00			`res.json(guilds);`
Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00			`});`
dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00
dashboard/api: add support for Zeppelin staff members; add ViewGuild permission; code cleanup 2020-05-23 16:22:03 +03:00			`guildRouter.get("/:guildId", async (req: Request, res: Response) => {`
Turn on strict TS compilation. Fix up and tweak types accordingly. 2020-11-09 20:03:57 +02:00			`if (!(await hasGuildPermission(req.user!.userId, req.params.guildId, ApiPermissions.ViewGuild))) {`
More work on API permissions 2019-11-08 00:04:24 +02:00			`return unauthorized(res);`
			`}`
dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00
dashboard/api: add support for Zeppelin staff members; add ViewGuild permission; code cleanup 2020-05-23 16:22:03 +03:00			`const guild = await allowedGuilds.find(req.params.guildId);`
			`res.json(guild);`
dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00			`});`

dashboard/api: add support for Zeppelin staff members; add ViewGuild permission; code cleanup 2020-05-23 16:22:03 +03:00			`guildRouter.post("/:guildId/check-permission", async (req: Request, res: Response) => {`
			`const permission = req.body.permission;`
Turn on strict TS compilation. Fix up and tweak types accordingly. 2020-11-09 20:03:57 +02:00			`const hasPermission = await hasGuildPermission(req.user!.userId, req.params.guildId, permission);`
dashboard/api: add support for Zeppelin staff members; add ViewGuild permission; code cleanup 2020-05-23 16:22:03 +03:00			`res.json({ result: hasPermission });`
			`});`

			`guildRouter.get(`
			`"/:guildId/config",`
			`requireGuildPermission(ApiPermissions.ReadConfig),`
			`async (req: Request, res: Response) => {`
			const config = await configs.getActiveByKey(`guild-${req.params.guildId}`);
			`res.json({ config: config ? config.config : "" });`
			`},`
			`);`
dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00
dashboard/api: add support for Zeppelin staff members; add ViewGuild permission; code cleanup 2020-05-23 16:22:03 +03:00			`guildRouter.post("/:guildId/config", requireGuildPermission(ApiPermissions.EditConfig), async (req, res) => {`
Don't save identical configs as new revisions 2019-07-22 00:14:24 +03:00			`let config = req.body.config;`
dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00			`if (config == null) return clientError(res, "No config supplied");`

Don't save identical configs as new revisions 2019-07-22 00:14:24 +03:00			`config = config.trim() + "\n"; // Normalize start/end whitespace in the config`

			const currentConfig = await configs.getActiveByKey(`guild-${req.params.guildId}`);
Turn on strict TS compilation. Fix up and tweak types accordingly. 2020-11-09 20:03:57 +02:00			`if (currentConfig && config === currentConfig.config) {`
Don't save identical configs as new revisions 2019-07-22 00:14:24 +03:00			`return ok(res);`
			`}`

Switch from ajv to io-ts for config validation; validate configs on save in the API/dashboard; start work on creating io-ts schemas for all plugins 2019-07-11 12:23:57 +03:00			`// Validate config`
			`let parsedConfig;`
			`try {`
			`parsedConfig = yaml.safeLoad(config);`
			`} catch (e) {`
			`if (e instanceof YAMLException) {`
Fix YAML errors not showing the proper error message in config editor 2019-07-22 02:00:04 +03:00			`return res.status(400).json({ errors: [e.message] });`
Switch from ajv to io-ts for config validation; validate configs on save in the API/dashboard; start work on creating io-ts schemas for all plugins 2019-07-11 12:23:57 +03:00			`}`

Disable unneeded tslint warning 2019-11-27 20:30:36 +02:00			`// tslint:disable-next-line:no-console`
Switch from ajv to io-ts for config validation; validate configs on save in the API/dashboard; start work on creating io-ts schemas for all plugins 2019-07-11 12:23:57 +03:00			`console.error("Error when loading YAML: " + e.message);`
			`return serverError(res, "Server error");`
			`}`

			`if (parsedConfig == null) {`
			`parsedConfig = {};`
			`}`

Handle plugin load errors gracefully 2020-07-30 20:40:00 +03:00			`const error = await validateGuildConfig(parsedConfig);`
			`if (error) {`
			`return res.status(422).json({ errors: [error] });`
Switch from ajv to io-ts for config validation; validate configs on save in the API/dashboard; start work on creating io-ts schemas for all plugins 2019-07-11 12:23:57 +03:00			`}`

Turn on strict TS compilation. Fix up and tweak types accordingly. 2020-11-09 20:03:57 +02:00			await configs.saveNewRevision(`guild-${req.params.guildId}`, config, req.user!.userId);
Fix API config validation not taking default options into account 2020-07-28 23:28:26 +03:00
dashboard: auth fixes, guild listing, config editing 2019-06-23 03:40:53 +03:00			`ok(res);`
			`});`
dashboard/api: add support for Zeppelin staff members; add ViewGuild permission; code cleanup 2020-05-23 16:22:03 +03:00
dashboard: work on guild access page 2020-05-23 17:30:52 +03:00			`guildRouter.get(`
			`"/:guildId/permissions",`
			`requireGuildPermission(ApiPermissions.ManageAccess),`
			`async (req: Request, res: Response) => {`
			`const permissions = await apiPermissionAssignments.getByGuildId(req.params.guildId);`
			`res.json(permissions);`
			`},`
			`);`

dashboard/api: add support for Zeppelin staff members; add ViewGuild permission; code cleanup 2020-05-23 16:22:03 +03:00			`app.use("/guilds", guildRouter);`
Dashboard work. Move configs to DB. Some script reorganization. Add nodemon configs. 2019-06-22 18:52:24 +03:00			`}`