vale
/
panel
forked from administration/panel
1
0
Fork 0
Code Pull Requests Activity

chore: reduce permissions required to wipe / update badges

dufisgsd
Paul Makles 2023-08-10 12:29:54 +01:00
parent 70133ff82b
commit a896884593
No known key found for this signature in database
GPG Key ID: 5059F398521BB0F6
1 changed files with 47 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
lib/actions.ts
View File

@ -18,6 +18,7 @@ import {
AccountInfo, AccountInfo,
AccountStrike, AccountStrike,
Bot, Bot,
Channel,
File, File,
Member, Member,
Message, Message,
@ -281,10 +282,7 @@ export async function suspendUser(userId: string) {
} }
} }
export async function updateUserBadges( export async function updateUserBadges(userId: string, badges: number) {
userId: string,
badges: number
): Promise<{ updatePublished: boolean }> {
await checkPermission("users/update/badges", userId, { badges }); await checkPermission("users/update/badges", userId, { badges });
await mongo().db("revolt").collection<User>("users").updateOne( await mongo().db("revolt").collection<User>("users").updateOne(
{ {
@ -297,8 +295,12 @@ export async function updateUserBadges(
} }
); );
try { const memberships = await mongo()
const memberships = await fetchMembershipsByUser(userId); .db("revolt")
.collection<{ _id: { user: string; server: string } }>("server_members")
.find({ "_id.user": userId })
.toArray();
for (const topic of [userId, ...memberships.map((x) => x._id.server)]) { for (const topic of [userId, ...memberships.map((x) => x._id.server)]) {
await publishMessage(topic, { await publishMessage(topic, {
type: "UserUpdate", type: "UserUpdate",
@ -309,11 +311,6 @@ export async function updateUserBadges(
clear: [], clear: [],
}); });
} }
} catch (e) {
return { updatePublished: false };
}
return { updatePublished: true };
} }
export async function wipeUser(userId: string, flags = 4) { export async function wipeUser(userId: string, flags = 4) {
@ -321,16 +318,39 @@ export async function wipeUser(userId: string, flags = 4) {
await checkPermission("users/action/wipe", userId, { flags }); await checkPermission("users/action/wipe", userId, { flags });
const user = await mongo()
.db("revolt")
.collection<User>("users")
.findOne({ _id: userId });
const messages = await mongo()
.db("revolt")
.collection<Message>("messages")
.find({ author: userId }, { sort: { _id: -1 } })
.toArray();
const dms = await mongo()
.db("revolt")
.collection<Channel>("channels")
.find({
channel_type: "DirectMessage",
recipients: userId,
})
.toArray();
const memberships = await mongo()
.db("revolt")
.collection<{ _id: { user: string; server: string } }>("server_members")
.find({ "_id.user": userId })
.toArray();
// retrieve messages, dm channels, relationships, server memberships // retrieve messages, dm channels, relationships, server memberships
const backup = { const backup = {
_event: "wipe", _event: "wipe",
user: await fetchUserById(userId), user,
messages: await fetchMessages({ author: userId }, undefined), messages,
dms: await fetchChannels({ dms,
channel_type: "DirectMessage", memberships,
recipients: userId,
}),
memberships: await fetchMembershipsByUser(userId),
}; };
await writeFile( await writeFile(