import { getServerSession } from "next-auth"; type Permission = | "authifier" | `accounts${ | "" | `/fetch${"" | "/by-id"}` | "/disable" | "/restore" | `/deletion${"" | "/queue" | "/cancel"}`}` | `bots${ | "" | `/fetch${"" | "/by-id" | "/by-user"}` | `/update${"" | "/discoverability"}`}` | `channels${"" | `/fetch${"" | "/by-id" | "/dm"}` | `/create${"" | "/dm"}`}` | `messages${"" | `/fetch${"" | "/by-id"}`}` | `reports${ | "" | `/fetch${ | "" | "/by-id" | "/open" | `/related${"" | "/by-content" | "/by-user"}` | `/snapshots${"" | "/by-report" | "/by-user"}`}` | `/update${ | "" | "/notes" | "/resolve" | "/reject" | "/reopen" | `/bulk-close${"" | "/by-user"}`}`}` | `sessions${"" | `/fetch${"" | "/by-account-id"}`}` | `servers${ | "" | `/fetch${"" | "/by-id"}` | `/update${"" | "/flags" | "/discoverability"}`}` | `users${ | "" | `/fetch${"" | "/by-id" | "/memberships"}` | `/create${"" | "/alert" | "/strike"}` | `/update${"" | "/badges"}` | `/action${"" | "/unsuspend" | "/suspend" | "/wipe" | "/ban"}`}`; const PermissionSets = { "view-open-reports": [ // Required for viewing open reports "users/fetch/by-id", "reports/fetch/open", "reports/fetch/by-id", "reports/fetch/related", "reports/fetch/snapshots/by-report", ] as Permission[], }; const Roles = { moderator: [...PermissionSets["view-open-reports"]], }; const ACL: Record> = { "insert@revolt.chat": new Set([...Roles["moderator"]] as Permission[]), }; function hasPermission(email: string, permission: Permission) { const segments = permission.split("/"); while (segments.length) { if (ACL[email].has(segments.join("/") as Permission)) { return true; } segments.pop(); } return false; } export async function hasPermissionFromSession(permission: Permission) { const session = await getServerSession(); if (!session?.user?.email) throw "Not authenticated."; return hasPermission(session.user.email, permission); } export async function checkPermission(permission: Permission) { if (!(await hasPermissionFromSession(permission))) throw `Missing permission ${permission}`; }