2021-06-06 23:51:32 +02:00
|
|
|
import { ApiPermissions } from "@shared/apiPermissions";
|
2019-11-08 00:04:24 +02:00
|
|
|
import express, { Request, Response } from "express";
|
2021-08-14 18:22:29 +03:00
|
|
|
import { YAMLException } from "js-yaml";
|
2023-04-01 12:58:17 +01:00
|
|
|
import moment from "moment-timezone";
|
2023-05-08 21:33:40 +03:00
|
|
|
import { Queue } from "../Queue";
|
2021-06-06 23:51:32 +02:00
|
|
|
import { validateGuildConfig } from "../configValidator";
|
2019-06-22 18:52:24 +03:00
|
|
|
import { AllowedGuilds } from "../data/AllowedGuilds";
|
2023-04-01 12:58:17 +01:00
|
|
|
import { ApiAuditLog } from "../data/ApiAuditLog";
|
2021-09-05 16:42:35 +03:00
|
|
|
import { ApiPermissionAssignments, ApiPermissionTypes } from "../data/ApiPermissionAssignments";
|
2019-06-23 03:40:53 +03:00
|
|
|
import { Configs } from "../data/Configs";
|
2023-05-08 21:33:40 +03:00
|
|
|
import { AuditLogEventTypes } from "../data/apiAuditLogTypes";
|
2023-04-01 12:58:17 +01:00
|
|
|
import { isSnowflake } from "../utils";
|
|
|
|
|
import { loadYamlSafely } from "../utils/loadYamlSafely";
|
|
|
|
|
import { ObjectAliasError } from "../utils/validateNoObjectAliases";
|
2019-07-22 00:49:05 +03:00
|
|
|
import { apiTokenAuthHandlers } from "./auth";
|
2020-05-23 16:22:03 +03:00
|
|
|
import { hasGuildPermission, requireGuildPermission } from "./permissions";
|
2021-06-06 23:51:32 +02:00
|
|
|
import { clientError, ok, serverError, unauthorized } from "./responses";
|
2020-05-23 17:30:52 +03:00
|
|
|
|
|
|
|
|
const apiPermissionAssignments = new ApiPermissionAssignments();
|
2021-09-05 16:42:35 +03:00
|
|
|
const auditLog = new ApiAuditLog();
|
2019-06-22 18:52:24 +03:00
|
|
|
|
|
|
|
|
export function initGuildsAPI(app: express.Express) {
|
|
|
|
|
const allowedGuilds = new AllowedGuilds();
|
2019-06-23 03:40:53 +03:00
|
|
|
const configs = new Configs();
|
2019-06-22 18:52:24 +03:00
|
|
|
|
2020-05-23 16:22:03 +03:00
|
|
|
const guildRouter = express.Router();
|
|
|
|
|
guildRouter.use(...apiTokenAuthHandlers());
|
|
|
|
|
|
|
|
|
|
guildRouter.get("/available", async (req: Request, res: Response) => {
|
2020-11-09 20:03:57 +02:00
|
|
|
const guilds = await allowedGuilds.getForApiUser(req.user!.userId);
|
2019-06-23 03:40:53 +03:00
|
|
|
res.json(guilds);
|
2019-06-22 18:52:24 +03:00
|
|
|
});
|
2019-06-23 03:40:53 +03:00
|
|
|
|
2021-09-05 16:42:35 +03:00
|
|
|
guildRouter.get(
|
|
|
|
|
"/my-permissions", // a
|
|
|
|
|
async (req: Request, res: Response) => {
|
|
|
|
|
const permissions = await apiPermissionAssignments.getByUserId(req.user!.userId);
|
|
|
|
|
res.json(permissions);
|
|
|
|
|
},
|
|
|
|
|
);
|
|
|
|
|
|
2020-05-23 16:22:03 +03:00
|
|
|
guildRouter.get("/:guildId", async (req: Request, res: Response) => {
|
2020-11-09 20:03:57 +02:00
|
|
|
if (!(await hasGuildPermission(req.user!.userId, req.params.guildId, ApiPermissions.ViewGuild))) {
|
2019-11-08 00:04:24 +02:00
|
|
|
return unauthorized(res);
|
|
|
|
|
}
|
2019-06-23 03:40:53 +03:00
|
|
|
|
2020-05-23 16:22:03 +03:00
|
|
|
const guild = await allowedGuilds.find(req.params.guildId);
|
|
|
|
|
res.json(guild);
|
2019-06-23 03:40:53 +03:00
|
|
|
});
|
|
|
|
|
|
2020-05-23 16:22:03 +03:00
|
|
|
guildRouter.post("/:guildId/check-permission", async (req: Request, res: Response) => {
|
|
|
|
|
const permission = req.body.permission;
|
2020-11-09 20:03:57 +02:00
|
|
|
const hasPermission = await hasGuildPermission(req.user!.userId, req.params.guildId, permission);
|
2020-05-23 16:22:03 +03:00
|
|
|
res.json({ result: hasPermission });
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
guildRouter.get(
|
|
|
|
|
"/:guildId/config",
|
|
|
|
|
requireGuildPermission(ApiPermissions.ReadConfig),
|
|
|
|
|
async (req: Request, res: Response) => {
|
|
|
|
|
const config = await configs.getActiveByKey(`guild-${req.params.guildId}`);
|
|
|
|
|
res.json({ config: config ? config.config : "" });
|
|
|
|
|
},
|
|
|
|
|
);
|
2019-06-23 03:40:53 +03:00
|
|
|
|
2020-05-23 16:22:03 +03:00
|
|
|
guildRouter.post("/:guildId/config", requireGuildPermission(ApiPermissions.EditConfig), async (req, res) => {
|
2019-07-22 00:14:24 +03:00
|
|
|
let config = req.body.config;
|
2019-06-23 03:40:53 +03:00
|
|
|
if (config == null) return clientError(res, "No config supplied");
|
|
|
|
|
|
2019-07-22 00:14:24 +03:00
|
|
|
config = config.trim() + "\n"; // Normalize start/end whitespace in the config
|
|
|
|
|
|
|
|
|
|
const currentConfig = await configs.getActiveByKey(`guild-${req.params.guildId}`);
|
2020-11-09 20:03:57 +02:00
|
|
|
if (currentConfig && config === currentConfig.config) {
|
2019-07-22 00:14:24 +03:00
|
|
|
return ok(res);
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-11 12:23:57 +03:00
|
|
|
// Validate config
|
|
|
|
|
let parsedConfig;
|
|
|
|
|
try {
|
2021-08-14 18:22:29 +03:00
|
|
|
parsedConfig = loadYamlSafely(config);
|
2019-07-11 12:23:57 +03:00
|
|
|
} catch (e) {
|
|
|
|
|
if (e instanceof YAMLException) {
|
2019-07-22 02:00:04 +03:00
|
|
|
return res.status(400).json({ errors: [e.message] });
|
2019-07-11 12:23:57 +03:00
|
|
|
}
|
|
|
|
|
|
2021-08-14 18:22:29 +03:00
|
|
|
if (e instanceof ObjectAliasError) {
|
|
|
|
|
return res.status(400).json({ errors: [e.message] });
|
|
|
|
|
}
|
|
|
|
|
|
2019-11-27 20:30:36 +02:00
|
|
|
// tslint:disable-next-line:no-console
|
2019-07-11 12:23:57 +03:00
|
|
|
console.error("Error when loading YAML: " + e.message);
|
|
|
|
|
return serverError(res, "Server error");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (parsedConfig == null) {
|
|
|
|
|
parsedConfig = {};
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-30 20:40:00 +03:00
|
|
|
const error = await validateGuildConfig(parsedConfig);
|
|
|
|
|
if (error) {
|
|
|
|
|
return res.status(422).json({ errors: [error] });
|
2019-07-11 12:23:57 +03:00
|
|
|
}
|
|
|
|
|
|
2020-11-09 20:03:57 +02:00
|
|
|
await configs.saveNewRevision(`guild-${req.params.guildId}`, config, req.user!.userId);
|
2020-07-28 23:28:26 +03:00
|
|
|
|
2019-06-23 03:40:53 +03:00
|
|
|
ok(res);
|
|
|
|
|
});
|
2020-05-23 16:22:03 +03:00
|
|
|
|
2020-05-23 17:30:52 +03:00
|
|
|
guildRouter.get(
|
|
|
|
|
"/:guildId/permissions",
|
|
|
|
|
requireGuildPermission(ApiPermissions.ManageAccess),
|
|
|
|
|
async (req: Request, res: Response) => {
|
|
|
|
|
const permissions = await apiPermissionAssignments.getByGuildId(req.params.guildId);
|
|
|
|
|
res.json(permissions);
|
|
|
|
|
},
|
|
|
|
|
);
|
|
|
|
|
|
2021-09-05 16:42:35 +03:00
|
|
|
const permissionManagementQueue = new Queue();
|
|
|
|
|
guildRouter.post(
|
|
|
|
|
"/:guildId/set-target-permissions",
|
|
|
|
|
requireGuildPermission(ApiPermissions.ManageAccess),
|
|
|
|
|
async (req: Request, res: Response) => {
|
|
|
|
|
await permissionManagementQueue.add(async () => {
|
|
|
|
|
const { type, targetId, permissions, expiresAt } = req.body;
|
|
|
|
|
|
|
|
|
|
if (type !== ApiPermissionTypes.User) {
|
|
|
|
|
return clientError(res, "Invalid type");
|
|
|
|
|
}
|
2023-12-27 18:35:16 +00:00
|
|
|
if (!isSnowflake(targetId) || targetId === req.user!.userId) {
|
2021-09-05 16:42:35 +03:00
|
|
|
return clientError(res, "Invalid targetId");
|
|
|
|
|
}
|
|
|
|
|
const validPermissions = new Set(Object.values(ApiPermissions));
|
|
|
|
|
validPermissions.delete(ApiPermissions.Owner);
|
2021-09-11 19:06:51 +03:00
|
|
|
if (!Array.isArray(permissions) || permissions.some((p) => !validPermissions.has(p))) {
|
2021-09-05 16:42:35 +03:00
|
|
|
return clientError(res, "Invalid permissions");
|
|
|
|
|
}
|
|
|
|
|
if (expiresAt != null && !moment.utc(expiresAt).isValid()) {
|
|
|
|
|
return clientError(res, "Invalid expiresAt");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const existingAssignment = await apiPermissionAssignments.getByGuildAndUserId(req.params.guildId, targetId);
|
|
|
|
|
if (existingAssignment && existingAssignment.permissions.includes(ApiPermissions.Owner)) {
|
|
|
|
|
return clientError(res, "Can't change owner permissions");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (permissions.length === 0) {
|
|
|
|
|
await apiPermissionAssignments.removeUser(req.params.guildId, targetId);
|
|
|
|
|
await auditLog.addEntry(req.params.guildId, req.user!.userId, AuditLogEventTypes.REMOVE_API_PERMISSION, {
|
|
|
|
|
type: ApiPermissionTypes.User,
|
|
|
|
|
target_id: targetId,
|
|
|
|
|
});
|
|
|
|
|
} else {
|
|
|
|
|
const existing = await apiPermissionAssignments.getByGuildAndUserId(req.params.guildId, targetId);
|
|
|
|
|
if (existing) {
|
|
|
|
|
await apiPermissionAssignments.updateUserPermissions(req.params.guildId, targetId, permissions);
|
|
|
|
|
await auditLog.addEntry(req.params.guildId, req.user!.userId, AuditLogEventTypes.EDIT_API_PERMISSION, {
|
|
|
|
|
type: ApiPermissionTypes.User,
|
|
|
|
|
target_id: targetId,
|
|
|
|
|
permissions,
|
|
|
|
|
expires_at: existing.expires_at,
|
|
|
|
|
});
|
|
|
|
|
} else {
|
|
|
|
|
await apiPermissionAssignments.addUser(req.params.guildId, targetId, permissions, expiresAt);
|
|
|
|
|
await auditLog.addEntry(req.params.guildId, req.user!.userId, AuditLogEventTypes.ADD_API_PERMISSION, {
|
|
|
|
|
type: ApiPermissionTypes.User,
|
|
|
|
|
target_id: targetId,
|
|
|
|
|
permissions,
|
|
|
|
|
expires_at: expiresAt,
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ok(res);
|
|
|
|
|
});
|
|
|
|
|
},
|
|
|
|
|
);
|
|
|
|
|
|
2020-05-23 16:22:03 +03:00
|
|
|
app.use("/guilds", guildRouter);
|
2019-06-22 18:52:24 +03:00
|
|
|
}
|
