feat: add pick, remove, and update the general /roleypoly command

2025-06-17 09:59:10 +00:00 · 2021-08-01 20:18:07 -04:00 · 2021-08-01 20:18:07 -04:00 · 1f55d0370a
commit 1f55d0370a
parent a4207d5713
10 changed files with 251 additions and 34 deletions
--- a/packages/api/handlers/interactions-pick-role.ts
+++ b/packages/api/handlers/interactions-pick-role.ts
@ -1,22 +1,103 @@
+import { CategoryType, RoleSafety } from '@roleypoly/types';
+import { AuthType, discordFetch, respond } from '@roleypoly/worker-utils';
+import { difference, keyBy } from 'lodash';
 import { interactionsEndpoint } from '../utils/api-tools';
-import { getGuildData } from '../utils/guild';
-import { invalid, notFound, ok } from '../utils/responses';
+import { botToken } from '../utils/config';
+import {
+  getGuild,
+  getGuildData,
+  getGuildMember,
+  updateGuildMember,
+} from '../utils/guild';
+import { conflict, invalid, notAuthenticated, notFound, ok } from '../utils/responses';

 export const InteractionsPickRole = interactionsEndpoint(
  async (request: Request): Promise<Response> => {
+    const mode = request.method === 'PUT' ? 'add' : 'remove';
    const reqURL = new URL(request.url);
-    const [, , serverID, userID, roleID] = reqURL.pathname.split('/');
-    if (!serverID || !userID || !roleID) {
+    const [, , guildID, userID, roleID] = reqURL.pathname.split('/');
+    if (!guildID || !userID || !roleID) {
      return invalid();
    }

-    const guildData = await getGuildData(serverID);
-    if (!guildData) {
+    const guildP = getGuild(guildID);
+    const guildDataP = getGuildData(guildID);
+    const guildMemberP = getGuildMember(
+      { serverID: guildID, userID },
+      { skipCachePull: true }
+    );
+
+    const [guild, guildData, guildMember] = await Promise.all([
+      guildP,
+      guildDataP,
+      guildMemberP,
+    ]);
+
+    if (!guild || !guildData || !guildMember) {
      return notFound();
    }

-    // We get exactly one role, but we have to interact with it the same way as UI does.
-    // So check for safety, disable any "single" mode roles
+    let memberRoles = guildMember.roles;
+
+    if (
+      (mode === 'add' && memberRoles.includes(roleID)) ||
+      (mode !== 'add' && !memberRoles.includes(roleID))
+    ) {
+      return conflict();
+    }
+
+    const roleMap = keyBy(guild.roles, 'id');
+
+    const category = guildData.categories.find((category) =>
+      category.roles.includes(roleID)
+    );
+    // No category? illegal.
+    if (!category) {
+      return notFound();
+    }
+
+    // Category is hidden, this is illegal
+    if (category.hidden) {
+      return notFound();
+    }
+
+    // Role is unsafe, super illegal.
+    if (roleMap[roleID].safety !== RoleSafety.Safe) {
+      return notAuthenticated();
+    }
+
+    // In add mode, if the category is a single-mode, remove the other roles in the category.
+    if (mode === 'add' && category.type === CategoryType.Single) {
+      memberRoles = difference(memberRoles, category.roles);
+    }
+
+    if (mode === 'add') {
+      memberRoles = [...memberRoles, roleID];
+    } else {
+      memberRoles = memberRoles.filter((id) => id !== roleID);
+    }
+
+    const patchMemberRoles = await discordFetch<Member>(
+      `/guilds/${guildID}/members/${userID}`,
+      botToken,
+      AuthType.Bot,
+      {
+        method: 'PATCH',
+        headers: {
+          'content-type': 'application/json',
+          'x-audit-log-reason': `Picked their roles via slash command`,
+        },
+        body: JSON.stringify({
+          roles: memberRoles,
+        }),
+      }
+    );
+
+    if (!patchMemberRoles) {
+      return respond({ error: 'discord rejected the request' }, { status: 500 });
+    }
+
+    await updateGuildMember({ serverID: guildID, userID });

    return ok();
  }
--- a/packages/api/handlers/update-roles.ts
+++ b/packages/api/handlers/update-roles.ts
@ -1,5 +1,3 @@
-import { memberPassesAccessControl } from '@roleypoly/api/utils/access-control';
-import { accessControlViolation } from '@roleypoly/api/utils/responses';
 import {
  GuildData,
  Member,
@ -13,7 +11,7 @@ import {
 import { AuthType, discordFetch, respond } from '@roleypoly/worker-utils';
 import { difference, groupBy, keyBy, union } from 'lodash';
 import { withSession } from '../utils/api-tools';
-import { botToken } from '../utils/config';
+import { botToken, uiPublicURI } from '../utils/config';
 import {
  getGuild,
  getGuildData,
@ -58,10 +56,6 @@ export const UpdateRoles = withSession(

      const guildData = await getGuildData(guildID);

-      if (!memberPassesAccessControl(guildCheck, guildMember, guildData.accessControl)) {
-        return accessControlViolation();
-      }
-
      const newRoles = calculateNewRoles({
        currentRoles: guildMember.roles,
        guildRoles: guild.roles,
@ -77,7 +71,7 @@ export const UpdateRoles = withSession(
          method: 'PATCH',
          headers: {
            'content-type': 'application/json',
-            'x-audit-log-reason': `${username}#${discriminator} changes their roles via ${url.hostname}`,
+            'x-audit-log-reason': `Picked their roles via ${uiPublicURI}`,
          },
          body: JSON.stringify({
            roles: newRoles,
--- a/packages/api/index.ts
+++ b/packages/api/index.ts
@ -36,7 +36,8 @@ router.add('POST', 'clear-guild-cache', ClearGuildCache);

 // Interactions endpoints
 router.add('GET', 'interactions-pickable-roles', InteractionsPickableRoles);
-router.add('POST', 'interactions-pick-role', InteractionsPickRole);
+router.add('PUT', 'interactions-pick-role', InteractionsPickRole);
+router.add('DELETE', 'interactions-pick-role', InteractionsPickRole);

 // Tester Routes
 router.add('GET', 'x-headers', (request) => {