From e0c04edea565318479142aeac448cd7a656fecac Mon Sep 17 00:00:00 2001 From: zekroTJA Date: Fri, 17 Mar 2023 22:29:04 +0000 Subject: [PATCH 1/3] fix permission check on report revoke [fix #418] --- internal/services/permissions/permissions.go | 7 +++++++ .../services/webserver/v1/controllers/reports.go | 14 +++++++++++--- 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/internal/services/permissions/permissions.go b/internal/services/permissions/permissions.go index 88bf813f..5e7ee1b3 100644 --- a/internal/services/permissions/permissions.go +++ b/internal/services/permissions/permissions.go @@ -1,6 +1,7 @@ package permissions import ( + "errors" "strings" "github.com/gofiber/fiber/v2" @@ -84,6 +85,12 @@ func (pmw *Permissions) HandleWs(s discordutil.ISession, required string) fiber. return fiber.ErrForbidden } + if guildID == "" { + return errors.New("guildId is not set (this should actually not happen - " + + "if it does so, please create an issue including details where and how this " + + "missbehaviour occured)") + } + ok, _, err := pmw.CheckPermissions(s, guildID, uid, required) if err != nil { return err diff --git a/internal/services/webserver/v1/controllers/reports.go b/internal/services/webserver/v1/controllers/reports.go index 39238d99..125cd756 100644 --- a/internal/services/webserver/v1/controllers/reports.go +++ b/internal/services/webserver/v1/controllers/reports.go @@ -18,6 +18,7 @@ type ReportsController struct { cfg config.Provider db database.Database repSvc *report.ReportService + pmw *permissions.Permissions } func (c *ReportsController) Setup(container di.Container, router fiber.Router) { @@ -25,11 +26,10 @@ func (c *ReportsController) Setup(container di.Container, router fiber.Router) { c.cfg = container.Get(static.DiConfig).(config.Provider) c.db = container.Get(static.DiDatabase).(database.Database) c.repSvc = container.Get(static.DiReport).(*report.ReportService) - - pmw := container.Get(static.DiPermissions).(*permissions.Permissions) + c.pmw = container.Get(static.DiPermissions).(*permissions.Permissions) router.Get("/:id", c.getReport) - router.Post("/:id/revoke", pmw.HandleWs(c.session, "sp.guild.mod.report"), c.postRevoke) + router.Post("/:id/revoke", c.postRevoke) } // @Summary Get Report @@ -92,6 +92,14 @@ func (c *ReportsController) postRevoke(ctx *fiber.Ctx) (err error) { return err } + ok, _, err := c.pmw.CheckPermissions(c.session, rep.GuildID, uid, "sp.guild.mod.report.revoke") + if err != nil { + return err + } + if !ok { + return fiber.ErrForbidden + } + var reason models.ReasonRequest if err := ctx.BodyParser(&reason); err != nil { return fiber.NewError(fiber.StatusBadRequest, err.Error()) From b4f6afe0b66cb77f45fff1e9e4acd808eb187601 Mon Sep 17 00:00:00 2001 From: zekroTJA Date: Sat, 18 Mar 2023 10:40:27 +0000 Subject: [PATCH 2/3] update report error handling [fix #419] - suppress DM errors - add more details to modlog channel send error --- internal/services/report/report.go | 30 ++++++++++++++++++++---------- internal/slashcommands/report.go | 2 +- 2 files changed, 21 insertions(+), 11 deletions(-) diff --git a/internal/services/report/report.go b/internal/services/report/report.go index 035ef1bb..8410c430 100644 --- a/internal/services/report/report.go +++ b/internal/services/report/report.go @@ -79,11 +79,14 @@ func (r *ReportService) PushReport(rep models.Report) (models.Report, error) { } if modlogChan, err := r.db.GetGuildModLog(rep.GuildID); err == nil && modlogChan != "" { - r.s.ChannelMessageSendEmbed(modlogChan, rep.AsEmbed(r.cfg.Config().WebServer.PublicAddr)) + _, err = r.s.ChannelMessageSendEmbed(modlogChan, rep.AsEmbed(r.cfg.Config().WebServer.PublicAddr)) + } + if err != nil { + err = fmt.Errorf("failed sending message to modlog channel: %s", err) } - dmChan, err := r.s.UserChannelCreate(rep.VictimID) - if err == nil && dmChan != nil { + dmChan, errDm := r.s.UserChannelCreate(rep.VictimID) + if errDm == nil && dmChan != nil { r.s.ChannelMessageSendEmbed(dmChan.ID, rep.AsEmbed(r.cfg.Config().WebServer.PublicAddr)) } @@ -306,11 +309,14 @@ func (r *ReportService) RevokeMute(guildID, executorID, victimID, reason string) } if modlogChan, err := r.db.GetGuildModLog(guildID); err == nil { - r.s.ChannelMessageSendEmbed(modlogChan, emb) + _, err = r.s.ChannelMessageSendEmbed(modlogChan, emb) + } + if err != nil { + err = fmt.Errorf("failed sending message to modlog channel: %s", err) } - dmChan, err := r.s.UserChannelCreate(victimID) - if err == nil { + dmChan, errDm := r.s.UserChannelCreate(victimID) + if errDm == nil { r.s.ChannelMessageSendEmbed(dmChan.ID, emb) } @@ -352,14 +358,18 @@ func (r *ReportService) RevokeReport( } if modlogChan, err := r.db.GetGuildModLog(rep.GuildID); err == nil { - r.s.ChannelMessageSendEmbed(modlogChan, emb) + _, err = r.s.ChannelMessageSendEmbed(modlogChan, emb) } - dmChan, err := r.s.UserChannelCreate(rep.VictimID) - if err == nil { + if err != nil { + err = fmt.Errorf("failed sending message to modlog channel: %s", err) + } + + dmChan, errDm := r.s.UserChannelCreate(rep.VictimID) + if errDm == nil { r.s.ChannelMessageSendEmbed(dmChan.ID, emb) } - return + return emb, nil } func (r *ReportService) UnbanReport( diff --git a/internal/slashcommands/report.go b/internal/slashcommands/report.go index 5c86a82e..445349c9 100644 --- a/internal/slashcommands/report.go +++ b/internal/slashcommands/report.go @@ -240,7 +240,7 @@ func (c *Report) revoke(ctx ken.SubCommandContext) (err error) { ) if err != nil { - return + return err } return cctx.FollowUpEmbed(emb).Send().Error From d137f693cafd5636537e931d0895701e4c107a23 Mon Sep 17 00:00:00 2001 From: zekroTJA Date: Sat, 18 Mar 2023 12:12:02 +0000 Subject: [PATCH 3/3] update readme --- CHANGELOG.md | 99 +++------------------------------------------------- 1 file changed, 5 insertions(+), 94 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2a5a8cfb..1ccaac13 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,101 +1,12 @@ [VERSION] - +> **Note** +> This is a hotfix patch. If you want to see the changelog for release 1.30.0, please look [**here**](https://github.com/zekroTJA/shinpuru/releases/tag/1.39.0). -## New Web Interface +# Bug Fixes -This release finally brings a huge update to the web interface of shinpuru. Because the old web interface had no clear style concept while also growing with each new feature, it got more and more cluttered, unstructured, obscure and simply uglier. So I decided [almost a year ago](https://github.com/zekroTJA/shinpuru/issues/370) to rewrite the whole web interface, which has now come to the final stage. There is still a lot to do and - especially translation-wise - a lot missing, but the feature set is now 100% ported and so I decided to finally port it over. - -Here you can see a very small demo of the new web interface. - -https://user-images.githubusercontent.com/16734205/225418408-beecb181-5dbe-4c0b-9110-94b8e715f308.mp4 -
- -The whole web interface is now also more optimized for mobile usage! - -https://user-images.githubusercontent.com/16734205/225419824-63543e4a-bca8-40bb-8312-3b14a588e7b7.mp4 -
- -And because the web app is now a [PWA](https://developer.mozilla.org/en-US/docs/Web/Progressive_web_apps) as well, you can even install it on your device when you are using a chromium browser! - -https://user-images.githubusercontent.com/16734205/225420680-12dbc648-7768-490e-8707-1c92da804854.mp4 -
- -But feel free to [discover](https://shnp.de) the new web interface on your own. It is still far from perfect, so if you spot an issue or have an idea for improvement, feel free to [create an issue](https://github.com/zekroTJA/shinpuru/issues/new/choose)! - -Also, there are still a lot of [german translations](https://github.com/zekroTJA/shinpuru/tree/dev/web/public/locales/de) missing. So if you want to contribute some translations, feel free to do so. In the [Contributing](https://github.com/zekroTJA/shinpuru/blob/master/CONTRIBUTING.md) document, you can find some useful information on how to work with the language files. - -## Unban Request Improvements - -The unban request received a small "rework". First of all, special reports are created in the mod log which display if an unban request has been accepted or rejected and who has processed the unban request. - - - - -Additionally, people will not be able to re-request an unban for 14 days after being rejected. After that period has passed, the banned user can try another unban request. - -Also, a bug has been fixed where people were able to request unbans for guilds where they were already unbanned from. - -## New Logger - -To improve the logs of shinpuru both in visibility as well as in flexibility, I've created my own logging package called [rogu](https://github.com/zekroTJA/rogu). It allows colorful, human readable, taggable, strctured logging with a simple API to append multiple output writers. - -![](https://user-images.githubusercontent.com/16734205/222913731-86c08d45-e769-49f2-96f1-a19adf1eda9e.png) - -An additional [output writer](https://github.com/zekroTJA/shinpuru/tree/master/pkg/lokiwriter) has been written for pushing logs to [Grafana Loki](https://github.com/grafana/loki) which allows central log aggregation for multiple instances of shinpuru. Simply add the following config to your logging config to enable loki log pushing. - -```yml -# Logging preferences -logging: - # Set the log level of the logger - # Log levels can be found here: - # https://github.com/zekroTJA/rogu/blob/main/level/level.go - loglevel: 4 - # Specify Grafana Loki configuration - # for log aggregation - loki: - # Whether to enable sending logs to loki or not - enabled: true - # The address of the loki instance - address: "https://loki.example.com" - # The basic auth user name (leave empty if not used) - username: "username" - # The basic auth password (leave empty if not used) - password: "2374n8er7nt8034675782345" - # Additional labels set to all log entries. - labels: - # Some examples ... - app: "shinpuru" - instance: "main" -``` - -The provided [example Grafana Dashboard](config/grafana/example-dashboard.json) shows how aggregated logs can be visualized in Grafana. - -![image](https://user-images.githubusercontent.com/16734205/222915283-41e6a6c7-6497-451e-8a83-a7eaa6a6bdd7.png) - -## PushCode Login - -Because there is a potential risk that the pushcode login system could be abused by attackers to phish login sessions, a confirmation promt has been added with a warning that you should **never** enter a login code to shinpuru's DMs which you have received from someone else (see issue #412). - -![](https://user-images.githubusercontent.com/16734205/222915580-09db7f99-6a44-480d-bd5c-ea5905fca67b.png) - - -## API Changes - -- New API Endpoint [`GET /allpermissions`](https://app.swaggerhub.com/apis-docs/zekroTJA/shinpuru-main-api/1.0#/Etc/get_allpermissions) which returns a list of all available permissions. -- New API Endpoint [`GET /healthcheck`](https://app.swaggerhub.com/apis-docs/zekroTJA/shinpuru-main-api/1.0#/Etc/get_healthcheck) which can be requested to get the health state of shinpuru services. -- New API Endpoint [`GET /guilds/{id}/starboard/count`](https://app.swaggerhub.com/apis-docs/zekroTJA/shinpuru-main-api/1.0#/Guilds/get_guilds__id__starboard_count) to retrieve the total count of starboard entries for a given guild. -- New API Endpoint [`GET /guilds/{id}/unbanrequests/count`](https://app.swaggerhub.com/apis-docs/zekroTJA/shinpuru-main-api/1.0#/Guilds/get_guilds__id__unbanrequests_count) to retrieve the total count of unbanrequests for a given guild. -- Update API Endpoint [`POST /guilds/{id}/permissions`](https://app.swaggerhub.com/apis-docs/zekroTJA/shinpuru-main-api/1.0#/Guilds/post_guilds__id__permissions) which now returns the resulting updated permissions map. - -## Docker Image - -The docker image now includes a healthcheck which shows and monitors the state of the shinpuru instance using the [`GET /healthcheck`](https://app.swaggerhub.com/apis-docs/zekroTJA/shinpuru-main-api/1.0#/Etc/get_healthcheck) API endpoint. - -## Other Stuff - -- The state cache duration for users and members has now be increased from 30 days to 90 days for better performance. +- A bug has been fixed which resulted in a faulty permission check on revoking reports in the web interface. [#418] +- When the report message can not be sent via DM to the target user, the error will no more be reported. Also, when the report fails to be sent in the mod log channel, the reported error is now more concise. [#419] # Docker