better timeout validations

Signed-off-by: GitHub <noreply@github.com>
2025-07-07 11:07:19 +00:00 · 2023-11-26 15:33:56 +00:00 · 2023-11-26 15:33:56 +00:00 · 3898a06c71
commit 3898a06c71
parent b47db15ad2
5 changed files with 34 additions and 9 deletions
--- a/backend/src/plugins/Mutes/events/ReapplyActiveMuteOnJoinEvt.ts
+++ b/backend/src/plugins/Mutes/events/ReapplyActiveMuteOnJoinEvt.ts
@ -1,5 +1,6 @@
 import moment from "moment-timezone";
 import { MuteTypes } from "../../../data/MuteTypes";
+import { noop } from "../../../utils.js";
 import { LogsPlugin } from "../../Logs/LogsPlugin";
 import { RoleManagerPlugin } from "../../RoleManager/RoleManagerPlugin";
 import { getTimeoutExpiryTime } from "../functions/getTimeoutExpiryTime";
@ -25,7 +26,7 @@ export const ReapplyActiveMuteOnJoinEvt = mutesEvt({
      if (!member.isCommunicationDisabled()) {
        const expiresAt = mute.expires_at ? moment.utc(mute.expires_at).valueOf() : null;
        const timeoutExpiresAt = getTimeoutExpiryTime(expiresAt);
-        await member.disableCommunicationUntil(timeoutExpiresAt);
+        await member.disableCommunicationUntil(timeoutExpiresAt).catch(noop);
      }
    }

--- a/backend/src/plugins/Mutes/functions/muteUser.ts
+++ b/backend/src/plugins/Mutes/functions/muteUser.ts
@ -1,4 +1,4 @@
-import { Snowflake } from "discord.js";
+import { PermissionsBitField, Snowflake } from "discord.js";
 import humanizeDuration from "humanize-duration";
 import { GuildPluginData } from "knub";
 import { ERRORS, RecoverablePluginError } from "../../../RecoverablePluginError";
@ -91,6 +91,7 @@ export async function muteUser(
      rolesToRestore = currentUserRoles.filter((x) => (<string[]>restoreRoles).includes(x));
    }

+    const zep = await pluginData.guild.members.fetchMe();
    if (muteType === MuteTypes.Role) {
      // Verify the configured mute role is valid
      const actualMuteRole = pluginData.guild.roles.cache.get(muteRole!);
@ -103,12 +104,11 @@ export async function muteUser(
      }

      // Verify the mute role is not above Zep's roles
-      const zep = await pluginData.guild.members.fetchMe();
      const zepRoles = pluginData.guild.roles.cache.filter((x) => zep.roles.cache.has(x.id));
      if (zepRoles.size === 0 || !zepRoles.some((zepRole) => zepRole.position > actualMuteRole.position)) {
        lock.unlock();
        logs.logBotAlert({
-          body: `Cannot mute users, specified mute role is above Zeppelin in the role hierarchy`,
+          body: `Cannot mute user, specified mute role is above Zeppelin in the role hierarchy`,
        });
        throw new RecoverablePluginError(ERRORS.MUTE_ROLE_ABOVE_ZEP, pluginData.guild);
      }
@ -117,6 +117,23 @@ export async function muteUser(
        pluginData.getPlugin(RoleManagerPlugin).addPriorityRole(member.id, muteRole!);
      }
    } else {
+      if (!member.manageable) {
+        lock.unlock();
+        logs.logBotAlert({
+          body: `Cannot mute user, specified user is above Zeppelin in the role hierarchy`,
+        });
+        throw new RecoverablePluginError(ERRORS.USER_ABOVE_ZEP, pluginData.guild);
+      }
+
+      if (!member.moderatable || member.permissions.has(PermissionsBitField.Flags.Administrator)) {
+        // redundant safety, since canActOn already checks this
+        lock.unlock();
+        logs.logBotAlert({
+          body: `Cannot mute user, specified user is not moderatable`,
+        });
+        throw new RecoverablePluginError(ERRORS.USER_NOT_MODERATABLE, pluginData.guild);
+      }
+
      await member.disableCommunicationUntil(timeoutUntil);
    }

--- a/backend/src/plugins/Mutes/functions/renewTimeoutMute.ts
+++ b/backend/src/plugins/Mutes/functions/renewTimeoutMute.ts
@ -3,7 +3,7 @@ import { GuildPluginData } from "knub";
 import moment from "moment-timezone";
 import { MAX_TIMEOUT_DURATION } from "../../../data/Mutes";
 import { Mute } from "../../../data/entities/Mute";
-import { DBDateFormat, resolveMember } from "../../../utils";
+import { DBDateFormat, noop, resolveMember } from "../../../utils";
 import { MutesPluginType } from "../types";

 export async function renewTimeoutMute(pluginData: GuildPluginData<MutesPluginType>, mute: Mute) {
@ -24,6 +24,6 @@ export async function renewTimeoutMute(pluginData: GuildPluginData<MutesPluginTy
  }

  const expiryTimestamp = moment.utc(newExpiryTime).valueOf();
-  await member.disableCommunicationUntil(expiryTimestamp);
+  await member.disableCommunicationUntil(expiryTimestamp).catch(noop);
  await pluginData.state.mutes.updateTimeoutExpiresAt(mute.user_id, expiryTimestamp);
 }
--- a/backend/src/plugins/Mutes/functions/unmuteUser.ts
+++ b/backend/src/plugins/Mutes/functions/unmuteUser.ts
@ -1,4 +1,4 @@
-import { Snowflake } from "discord.js";
+import { PermissionsBitField, Snowflake } from "discord.js";
 import humanizeDuration from "humanize-duration";
 import { GuildPluginData } from "knub";
 import { CaseTypes } from "../../../data/CaseTypes";
@ -54,8 +54,11 @@ export async function unmuteUser(
    }

    // Update timeout
-    if (existingMute?.type === MuteTypes.Timeout || createdMute?.type === MuteTypes.Timeout) {
-      await member?.disableCommunicationUntil(timeoutExpiresAt);
+    if (member && (existingMute?.type === MuteTypes.Timeout || createdMute?.type === MuteTypes.Timeout)) {
+      if (!member.manageable || !member.moderatable || member.permissions.has(PermissionsBitField.Flags.Administrator))
+        return null;
+
+      await member.disableCommunicationUntil(timeoutExpiresAt);
      await pluginData.state.mutes.updateTimeoutExpiresAt(userId, timeoutExpiresAt);
    }
  } else {