Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include proper security practices #48

Merged
merged 2 commits into from
Jan 21, 2024
Merged

Include proper security practices #48

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e99330c
Add cooldowns for commands and proper error handling
No767 Jan 21, 2024
ee2fb76
[pre-commit.ci] auto fixes from pre-commit.com hooks
pre-commit-ci[bot] Jan 21, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion bot/cogs/admin.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ def reload_lib_modules(self, module: str) -> list[tuple[str, str]]:
# To learn more about it, see the link below (and ?tag ass on the dpy server):
# https://about.abstractumbra.dev/discord.py/2023/01/29/sync-command-example.html
@commands.guild_only()
@commands.command(name="sync")
@commands.command(name="sync", hidden=True)
async def sync(
self,
ctx: RoboContext,
Expand Down
2 changes: 2 additions & 0 deletions bot/cogs/config.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -127,6 +127,7 @@ async def config(self, ctx: GuildContext) -> None:
if ctx.invoked_subcommand is None:
await ctx.send_help(ctx.command)

@commands.cooldown(1, 20, commands.BucketType.guild)
@config.command(name="setup", usage="ticket_name: <str> log_name: <str>")
async def setup(self, ctx: GuildContext, *, flags: SetupFlags) -> None:
"""First-time setup for Rodhaj
Expand Down Expand Up @@ -278,6 +279,7 @@ async def setup(self, ctx: GuildContext, *, flags: SetupFlags) -> None:
msg = f"Rodhaj channels successfully created! The ticket channel can be found under {ticket_channel.mention}"
await ctx.send(msg)

@commands.cooldown(1, 20, commands.BucketType.guild)
@config.command(name="delete")
async def delete(self, ctx: GuildContext) -> None:
"""Permanently deletes Rodhaj channels and tickets."""
Expand Down
5 changes: 5 additions & 0 deletions bot/cogs/tickets.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -320,6 +320,7 @@ def get_solved_tag(
### Feature commands

@is_ticket_or_dm()
@commands.cooldown(1, 20, commands.BucketType.channel)
@commands.hybrid_command(name="close", aliases=["solved", "closed", "resolved"])
async def close(self, ctx: RoboContext) -> None:
"""Closes the thread"""
Expand Down Expand Up @@ -356,7 +357,11 @@ async def close(self, ctx: RoboContext) -> None:
self.get_ticket_owner_id.cache_invalidate(closed_ticket.id)
await self.notify_finished_ticket(ctx, owner_id)

# 10 command invocations per 12 seconds for each member
# These values should not be tripped unless someone is spamming
# https://github.com/Rapptz/RoboDanny/blob/rewrite/cogs/mod.py#L524C9-L524C74
@is_ticket_thread()
@commands.cooldown(10, 12, commands.BucketType.member)
@commands.command(name="reply", aliases=["r"])
async def reply(
self, ctx: GuildContext, *, message: Annotated[str, commands.clean_content]
Expand Down
34 changes: 16 additions & 18 deletions bot/libs/utils/errors.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,27 +29,27 @@ def create_premade_embed(title: str, description: str) -> ErrorEmbed:
return embed


def build_cooldown_embed(error: commands.CommandOnCooldown) -> ErrorEmbed:
embed = ErrorEmbed()
embed.timestamp = discord.utils.utcnow()
embed.title = "Command On Cooldown"
embed.description = (
f"This command is on cooldown. Try again in {error.retry_after:.2f}s"
)
return embed


async def send_error_embed(ctx: commands.Context, error: commands.CommandError) -> None:
if isinstance(error, commands.CommandInvokeError) or isinstance(
if isinstance(error, commands.CommandOnCooldown):
await ctx.send(embed=build_cooldown_embed(error))
elif isinstance(error, commands.CommandInvokeError) or isinstance(
error, commands.HybridCommandError
):
await ctx.send(embed=produce_error_embed(error))
elif isinstance(error, commands.CommandNotFound):
await ctx.send(
elif isinstance(error, commands.NoPrivateMessage):
await ctx.author.send(
embed=create_premade_embed(
"Command not found",
"The command you were looking for could not be found",
)
)
elif isinstance(error, commands.NotOwner):
# Basically completely silence it making people not know what happened
return
elif isinstance(error, commands.MissingPermissions):
missing_perms = ", ".join(error.missing_permissions).rstrip(",")
await ctx.send(
embed=create_premade_embed(
"Missing Permissions",
f"You are missing the following permissions: {missing_perms}",
"Guild Only", "This command cannot be used in private messages"
)
)
elif isinstance(error, commands.MissingRequiredArgument):
Expand All @@ -59,5 +59,3 @@ async def send_error_embed(ctx: commands.Context, error: commands.CommandError)
f"You are missing the following argument(s): {error.param.name}",
)
)
else:
await ctx.send(embed=produce_error_embed(error))