StyAndCo/zeppelin
3
0
Fork 0
mirror of https://github.com/ZeppelinBot/Zeppelin.git synced 2025-05-21 16:55:03 +00:00
Code Releases Activity

Fix overzealous auth requirement in API

Browse source
This commit is contained in:
Dragory 2019-07-22 00:49:05 +03:00
parent 153674da7d
commit e37987946f
2 changed files with 6 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

13
src/api/guilds.ts
View file

@ -1,28 +1,25 @@
import express from "express";
import passport from "passport";
import { AllowedGuilds } from "../data/AllowedGuilds";
import { requireAPIToken } from "./auth";
import { ApiPermissions } from "../data/ApiPermissions";
import { clientError, error, ok, serverError, unauthorized } from "./responses";
import { Configs } from "../data/Configs";
import { ApiRoles } from "../data/ApiRoles";
import { validateGuildConfig } from "../configValidator";
import yaml, { YAMLException } from "js-yaml";
import { apiTokenAuthHandlers } from "./auth";
export function initGuildsAPI(app: express.Express) {
const guildAPIRouter = express.Router();
requireAPIToken(guildAPIRouter);
const allowedGuilds = new AllowedGuilds();
const apiPermissions = new ApiPermissions();
const configs = new Configs();
guildAPIRouter.get("/guilds/available", async (req, res) => {
app.get("/guilds/available", ...apiTokenAuthHandlers(), async (req, res) => {
const guilds = await allowedGuilds.getForApiUser(req.user.userId);
res.json(guilds);
});
guildAPIRouter.get("/guilds/:guildId/config", async (req, res) => {
app.get("/guilds/:guildId/config", ...apiTokenAuthHandlers(), async (req, res) => {
const permissions = await apiPermissions.getByGuildAndUserId(req.params.guildId, req.user.userId);
if (!permissions) return unauthorized(res);
@ -30,7 +27,7 @@ export function initGuildsAPI(app: express.Express) {
res.json({ config: config ? config.config : "" });
});
guildAPIRouter.post("/guilds/:guildId/config", async (req, res) => {
app.post("/guilds/:guildId/config", ...apiTokenAuthHandlers(), async (req, res) => {
const permissions = await apiPermissions.getByGuildAndUserId(req.params.guildId, req.user.userId);
if (!permissions || ApiRoles[permissions.role] < ApiRoles.Editor) return unauthorized(res);
@ -69,6 +66,4 @@ export function initGuildsAPI(app: express.Express) {
await configs.saveNewRevision(`guild-${req.params.guildId}`, config, req.user.userId);
ok(res);
});
app.use(guildAPIRouter);
}