33262cc7 · 33262cc7 · 8e908ce1 · 33262cc7 · 33262cc7 · 33262cc7
--- a/src/routes/channels/permissions_set_default.rs
+++ b/src/routes/channels/permissions_set_default.rs
+use mongodb::bson::doc;
+use rocket_contrib::json::Json;
+use serde::{Serialize, Deserialize};
+
+use crate::database::*;
+use crate::database::permissions::channel::{ ChannelPermission, DEFAULT_PERMISSION_DM };
+use crate::notifications::events::ClientboundNotification;
+use crate::util::result::{Error, Result};
+
+#[derive(Serialize, Deserialize)]
+pub struct Data {
+    permissions: u32
+}
+
+#[put("/<target>/permissions/default", data = "<data>", rank = 1)]
+pub async fn req(user: User, target: Ref, data: Json<Data>) -> Result<()> {
+    let target = target.fetch_channel().await?;
+
+    match target {
+        Channel::Group { id, owner, .. } => {
+            if user.id == owner {
+                let permissions: u32 = ChannelPermission::View as u32 | (data.permissions & *DEFAULT_PERMISSION_DM);
+                
+                get_collection("channels")
+                    .update_one(
+                        doc! { "_id": &id },
+                        doc! {
+                            "$set": {
+                                "permissions": permissions as i32
+                            }
+                        },
+                        None
+                    )
+                    .await
+                    .map_err(|_| Error::DatabaseError {
+                        operation: "update_one",
+                        with: "channel"
+                    })?;
+                
+                ClientboundNotification::ChannelUpdate {
+                    id: id.clone(),
+                    data: json!({
+                        "permissions": permissions as i32
+                    }),
+                    clear: None
+                }
+                .publish(id);
+                
+                Ok(())
+            } else {
+                Err(Error::MissingPermission)
+            }
+        }
+        Channel::TextChannel { id, server, .. }
+        | Channel::VoiceChannel { id, server, .. } => {
+            let target = Ref::from_unchecked(server).fetch_server().await?;
+            let perm = permissions::PermissionCalculator::new(&user)
+                .with_server(&target)
+                .for_server()
+                .await?;
+        
+            if !perm.get_manage_roles() {
+                return Err(Error::MissingPermission);
+            }
+
+            let permissions: u32 = ChannelPermission::View as u32 | data.permissions;
+            
+            get_collection("channels")
+                .update_one(
+                    doc! { "_id": &id },
+                    doc! {
+                        "$set": {
+                            "default_permissions": permissions as i32
+                        }
+                    },
+                    None
+                )
+                .await
+                .map_err(|_| Error::DatabaseError {
+                    operation: "update_one",
+                    with: "channel"
+                })?;
+            
+            ClientboundNotification::ChannelUpdate {
+                id: id.clone(),
+                data: json!({
+                    "default_permissions": permissions as i32
+                }),
+                clear: None
+            }
+            .publish(id);
+
+            Ok(())
+        }
+        _ => Err(Error::InvalidOperation)
+    }
+}
--- a/src/routes/channels/voice_join.rs
+++ b/src/routes/channels/voice_join.rs
+use crate::database::*;
+use crate::util::result::{Error, Result};
+use crate::util::variables::{USE_VOSO, VOSO_MANAGE_TOKEN, VOSO_URL};
+
+use rocket_contrib::json::JsonValue;
+use serde::{Deserialize, Serialize};
+
+#[derive(Serialize, Deserialize)]
+struct CreateUserResponse {
+    token: String,
+}
+
+#[post("/<target>/join_call")]
+pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
+    if !*USE_VOSO {
+        return Err(Error::VosoUnavailable);
+    }
+
+    let target = target.fetch_channel().await?;
+    match target {
+        Channel::SavedMessages { .. } | Channel::TextChannel { .. } => {
+            return Err(Error::CannotJoinCall)
+        }
+        _ => {}
+    }
+
+    let perm = permissions::PermissionCalculator::new(&user)
+        .with_channel(&target)
+        .for_channel()
+        .await?;
+
+    if !perm.get_voice_call() {
+        return Err(Error::MissingPermission);
+    }
+
+    // To join a call:
+    // - Check if the room exists.
+    // - If not, create it.
+    let client = reqwest::Client::new();
+    let result = client
+        .get(&format!("{}/room/{}", *VOSO_URL, target.id()))
+        .header(
+            reqwest::header::AUTHORIZATION,
+            VOSO_MANAGE_TOKEN.to_string(),
+        )
+        .send()
+        .await;
+
+    match result {
+        Err(_) => return Err(Error::VosoUnavailable),
+        Ok(result) => match result.status() {
+            reqwest::StatusCode::OK => (),
+            reqwest::StatusCode::NOT_FOUND => {
+                if let Err(_) = client
+                    .post(&format!("{}/room/{}", *VOSO_URL, target.id()))
+                    .header(
+                        reqwest::header::AUTHORIZATION,
+                        VOSO_MANAGE_TOKEN.to_string(),
+                    )
+                    .send()
+                    .await
+                {
+                    return Err(Error::VosoUnavailable);
+                }
+            }
+            _ => return Err(Error::VosoUnavailable),
+        },
+    }
+
+    // Then create a user for the room.
+    if let Ok(response) = client
+        .post(&format!(
+            "{}/room/{}/user/{}",
+            *VOSO_URL,
+            target.id(),
+            user.id
+        ))
+        .header(
+            reqwest::header::AUTHORIZATION,
+            VOSO_MANAGE_TOKEN.to_string(),
+        )
+        .send()
+        .await
+    {
+        let res: CreateUserResponse = response.json().await.map_err(|_| Error::InvalidOperation)?;
+
+        Ok(json!(res))
+    } else {
+        Err(Error::VosoUnavailable)
+    }
+}
--- a/src/routes/guild.rs
+++ b/src/routes/guild.rs
-use crate::database::{ self, user::User };
-
-use bson::{ bson, doc };
-use rocket_contrib::json::{ JsonValue, Json };
-use serde::{ Serialize, Deserialize };
-use ulid::Ulid;
-
-use super::channel::ChannelType;
-
-#[derive(Serialize, Deserialize)]
-pub struct CreateGuild {
-    name: String,
-    description: Option<String>,
-    nonce: String,
-}
-
-/// send a message to a channel
-#[post("/create", data = "<info>")]
-pub fn create_guild(user: User, info: Json<CreateGuild>) -> JsonValue {
-    if !user.email_verification.verified {
-        return json!({
-            "success": false,
-            "error": "Email not verified!",
-        });
-    }
-
-    let name: String = info.name.chars().take(32).collect();
-    let description: String = info.description.clone().unwrap_or("No description.".to_string()).chars().take(255).collect();
-    let nonce: String = info.nonce.chars().take(32).collect();
-    
-	let channels = database::get_collection("channels");
-	let col = database::get_collection("guilds");
-	if let Some(_) = col.find_one(doc! { "nonce": nonce.clone() }, None).unwrap() {
-		return json!({
-			"success": false,
-		    "error": "Guild already created!"
-		})
-    }
-
-    let channel_id = Ulid::new().to_string();
-    if let Err(_) = channels.insert_one(
-        doc! {
-            "_id": channel_id.clone(),
-            "channel_type": ChannelType::GUILDCHANNEL as u32,
-            "name": "general",
-        },
-        None) {
-        return json!({
-            "success": false,
-            "error": "Failed to create guild channel."
-        })
-    }
-    
-	let id = Ulid::new().to_string();
-    if col.insert_one(
-		doc! {
-			"_id": id.clone(),
-			"nonce": nonce,
-			"name": name,
-			"description": description,
-            "owner": user.id.clone(),
-            "channels": [
-                channel_id.clone()
-            ],
-            "members": [
-                user.id
-            ],
-            "invites": [],
-		},
-		None
-	).is_ok() {
-        json!({
-            "success": true,
-            "id": id,
-        })
-    } else {
-        channels.delete_one(doc! { "_id": channel_id }, None).expect("Failed to delete the channel we just made.");
-
-        json!({
-            "success": false,
-            "error": "Failed to create guild."
-        })
-    }
-}
--- a/src/routes/invites/invite_delete.rs
+++ b/src/routes/invites/invite_delete.rs
+use crate::database::*;
+use crate::util::result::{Error, Result};
+
+#[delete("/<target>")]
+pub async fn req(user: User, target: Ref) -> Result<()> {
+    let target = target.fetch_invite().await?;
+
+    if target.creator() == &user.id {
+        target.delete().await
+    } else {
+        match &target {
+            Invite::Server { server, .. } => {
+                let server = Ref::from_unchecked(server.clone()).fetch_server().await?;
+                let perm = permissions::PermissionCalculator::new(&user)
+                    .with_server(&server)
+                    .for_server()
+                    .await?;
+
+                if !perm.get_manage_server() {
+                    return Err(Error::MissingPermission);
+                }
+
+                target.delete().await
+            }
+            _ => unreachable!(),
+        }
+    }
+}
--- a/src/routes/invites/invite_fetch.rs
+++ b/src/routes/invites/invite_fetch.rs
+use crate::database::*;
+use crate::util::result::Result;
+
+use rocket_contrib::json::JsonValue;
+use serde::Serialize;
+
+#[derive(Serialize, Debug, Clone)]
+#[serde(tag = "type")]
+pub enum InviteResponse {
+    Server {
+        server_id: String,
+        server_name: String,
+        #[serde(skip_serializing_if = "Option::is_none")]
+        server_icon: Option<File>,
+        #[serde(skip_serializing_if = "Option::is_none")]
+        server_banner: Option<File>,
+        channel_id: String,
+        channel_name: String,
+        #[serde(skip_serializing_if = "Option::is_none")]
+        channel_description: Option<String>,
+        user_name: String,
+        #[serde(skip_serializing_if = "Option::is_none")]
+        user_avatar: Option<File>,
+        member_count: i64,
+    },
+}
+
+#[get("/<target>")]
+pub async fn req(target: Ref) -> Result<JsonValue> {
+    let target = target.fetch_invite().await?;
+
+    match target {
+        Invite::Server {
+            channel, creator, ..
+        } => {
+            let channel = Ref::from_unchecked(channel).fetch_channel().await?;
+            let creator = Ref::from_unchecked(creator).fetch_user().await?;
+
+            match channel {
+                Channel::TextChannel { id, server, name, description, .. }
+                | Channel::VoiceChannel { id, server, name, description, .. } => {
+                    let server = Ref::from_unchecked(server).fetch_server().await?;
+    
+                    Ok(json!(InviteResponse::Server {
+                        member_count: Server::get_member_count(&server.id).await?,
+                        server_id: server.id,
+                        server_name: server.name,
+                        server_icon: server.icon,
+                        server_banner: server.banner,
+                        channel_id: id,
+                        channel_name: name,
+                        channel_description: description,
+                        user_name: creator.username,
+                        user_avatar: creator.avatar
+                    }))
+                }
+                _ => unreachable!()
+            }
+        }
+        _ => unreachable!(),
+    }
+}
--- a/src/routes/invites/invite_join.rs
+++ b/src/routes/invites/invite_join.rs
+use crate::database::*;
+use crate::util::result::Result;
+
+use rocket_contrib::json::JsonValue;
+
+#[post("/<target>")]
+pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
+    let target = target.fetch_invite().await?;
+
+    match target {
+        Invite::Server { channel, .. } => {
+            let channel = Ref::from_unchecked(channel).fetch_channel().await?;
+            let server = match &channel {
+                Channel::TextChannel { server, .. }
+                | Channel::VoiceChannel { server, .. } => {
+                    Ref::from_unchecked(server.clone()).fetch_server().await?
+                }
+                _ => unreachable!()
+            };
+
+            server.join_member(&user.id).await?;
+
+            Ok(json!({
+                "type": "Server",
+                "channel": channel,
+                "server": server
+            }))
+        }
+        _ => unreachable!(),
+    }
+}
--- a/src/routes/invites/mod.rs
+++ b/src/routes/invites/mod.rs
+use rocket::Route;
+
+mod invite_delete;
+mod invite_fetch;
+mod invite_join;
+
+pub fn routes() -> Vec<Route> {
+    routes![invite_fetch::req, invite_join::req, invite_delete::req]
+}
--- a/src/routes/mod.rs
+++ b/src/routes/mod.rs
+pub use rocket::http::Status;
+pub use rocket::response::Redirect;
 use rocket::Rocket;

-pub mod root;
-pub mod account;
-pub mod user;
-pub mod channel;
-pub mod guild;
+mod channels;
+mod invites;
+mod onboard;
+mod push;
+mod root;
+mod servers;
+mod sync;
+mod users;

 pub fn mount(rocket: Rocket) -> Rocket {
-	rocket
-		.mount("/api", routes![ root::root ])
-		.mount("/api/account", routes![ account::create, account::verify_email, account::resend_email, account::login, account::token ])
-		.mount("/api/users", routes![ user::me, user::user, user::lookup, user::dms, user::dm, user::get_friends, user::get_friend, user::add_friend, user::remove_friend ])
-		.mount("/api/channels", routes![ channel::channel, channel::delete, channel::messages, channel::get_message, channel::send_message, channel::edit_message, channel::delete_message ])
-		.mount("/api/guild", routes![ guild::create_guild ])
+    rocket
+        .mount("/", routes![root::root])
+        .mount("/onboard", onboard::routes())
+        .mount("/users", users::routes())
+        .mount("/channels", channels::routes())
+        .mount("/servers", servers::routes())
+        .mount("/invites", invites::routes())
+        .mount("/push", push::routes())
+        .mount("/sync", sync::routes())
 }
--- a/src/routes/onboard/complete.rs
+++ b/src/routes/onboard/complete.rs
+use crate::database::*;
+use crate::util::result::{Error, Result};
+
+use mongodb::bson::doc;
+use rauth::auth::Session;
+use regex::Regex;
+use rocket_contrib::json::Json;
+use serde::{Deserialize, Serialize};
+use validator::Validate;
+
+lazy_static! {
+    static ref RE_USERNAME: Regex = Regex::new(r"^[a-zA-Z0-9_.]+$").unwrap();
+}
+
+#[derive(Validate, Serialize, Deserialize)]
+pub struct Data {
+    #[validate(length(min = 2, max = 32), regex = "RE_USERNAME")]
+    username: String,
+}
+
+#[post("/complete", data = "<data>")]
+pub async fn req(session: Session, user: Option<User>, data: Json<Data>) -> Result<()> {
+    if user.is_some() {
+        Err(Error::AlreadyOnboarded)?
+    }
+
+    data.validate()
+        .map_err(|error| Error::FailedValidation { error })?;
+
+    if User::is_username_taken(&data.username).await? {
+        return Err(Error::UsernameTaken);
+    }
+
+    get_collection("users")
+        .insert_one(
+            doc! {
+                "_id": session.user_id,
+                "username": &data.username
+            },
+            None,
+        )
+        .await
+        .map_err(|_| Error::DatabaseError {
+            operation: "insert_one",
+            with: "user",
+        })?;
+
+    Ok(())
+}
--- a/src/routes/onboard/hello.rs
+++ b/src/routes/onboard/hello.rs
+use crate::database::*;
+
+use rauth::auth::Session;
+use rocket_contrib::json::JsonValue;
+
+#[get("/hello")]
+pub async fn req(_session: Session, user: Option<User>) -> JsonValue {
+    json!({
+        "onboarding": user.is_none()
+    })
+}
--- a/src/routes/onboard/mod.rs
+++ b/src/routes/onboard/mod.rs
+use rocket::Route;
+
+mod complete;
+mod hello;
+
+pub fn routes() -> Vec<Route> {
+    routes![hello::req, complete::req]
+}
--- a/src/routes/push/mod.rs
+++ b/src/routes/push/mod.rs
+use rocket::Route;
+
+mod subscribe;
+mod unsubscribe;
+
+pub fn routes() -> Vec<Route> {
+    routes![subscribe::req, unsubscribe::req]
+}
--- a/src/routes/push/subscribe.rs
+++ b/src/routes/push/subscribe.rs
+use crate::database::*;
+use crate::util::result::{Error, Result};
+
+use mongodb::bson::{doc, to_document};
+use rauth::auth::Session;
+use rocket_contrib::json::Json;
+use serde::{Deserialize, Serialize};
+
+#[derive(Serialize, Deserialize)]
+pub struct Subscription {
+    endpoint: String,
+    p256dh: String,
+    auth: String,
+}
+
+#[post("/subscribe", data = "<data>")]
+pub async fn req(session: Session, data: Json<Subscription>) -> Result<()> {
+    let data = data.into_inner();
+    get_collection("accounts")
+        .update_one(
+            doc! {
+                "_id": session.user_id,
+                "sessions.id": session.id.unwrap()
+            },
+            doc! {
+                "$set": {
+                    "sessions.$.subscription": to_document(&data)
+                        .map_err(|_| Error::DatabaseError { operation: "to_document", with: "subscription" })?
+                }
+            },
+            None,
+        )
+        .await
+        .map_err(|_| Error::DatabaseError { operation: "update_one", with: "account" })?;
+
+    Ok(())
+}
--- a/src/routes/push/unsubscribe.rs
+++ b/src/routes/push/unsubscribe.rs
+use crate::database::*;
+use crate::util::result::{Error, Result};
+
+use mongodb::bson::doc;
+use rauth::auth::Session;
+
+#[post("/unsubscribe")]
+pub async fn req(session: Session) -> Result<()> {
+    get_collection("accounts")
+        .update_one(
+            doc! {
+                "_id": session.user_id,
+                "sessions.id": session.id.unwrap()
+            },
+            doc! {
+                "$unset": {
+                    "sessions.$.subscription": 1
+                }
+            },
+            None,
+        )
+        .await
+        .map_err(|_| Error::DatabaseError {
+            operation: "to_document",
+            with: "subscription",
+        })?;
+
+    Ok(())
+}
--- a/src/routes/root.rs
+++ b/src/routes/root.rs
-use rocket_contrib::json::{ JsonValue };
-use bson::{ doc };
+use crate::util::variables::{
+    APP_URL, AUTUMN_URL, EXTERNAL_WS_URL, HCAPTCHA_SITEKEY, INVITE_ONLY, JANUARY_URL, USE_AUTUMN,
+    USE_EMAIL, USE_HCAPTCHA, USE_JANUARY, USE_VOSO, VAPID_PUBLIC_KEY, VOSO_URL, VOSO_WS_HOST,
+};
+
+use mongodb::bson::doc;
+use rocket_contrib::json::JsonValue;

-/// root
 #[get("/")]
-pub fn root() -> JsonValue {
-	json!({
-		"revolt": "0.0.1"
-	})
+pub async fn root() -> JsonValue {
+    json!({
+        "revolt": crate::version::VERSION,
+        "features": {
+            "captcha": {
+                "enabled": *USE_HCAPTCHA,
+                "key": HCAPTCHA_SITEKEY.to_string()
+            },
+            "email": *USE_EMAIL,
+            "invite_only": *INVITE_ONLY,
+            "autumn": {
+                "enabled": *USE_AUTUMN,
+                "url": *AUTUMN_URL
+            },
+            "january": {
+                "enabled": *USE_JANUARY,
+                "url": *JANUARY_URL
+            },
+            "voso": {
+                "enabled": *USE_VOSO,
+                "url": *VOSO_URL,
+                "ws": *VOSO_WS_HOST
+            }
+        },
+        "ws": *EXTERNAL_WS_URL,
+        "app": *APP_URL,
+        "vapid": *VAPID_PUBLIC_KEY
+    })
 }
--- a/src/routes/servers/ban_create.rs
+++ b/src/routes/servers/ban_create.rs
+use crate::database::*;
+use crate::util::result::{Error, Result};
+
+use mongodb::bson::doc;
+use rocket_contrib::json::Json;
+use serde::{Deserialize, Serialize};
+use validator::Validate;
+
+#[derive(Validate, Serialize, Deserialize)]
+pub struct Data {
+    #[validate(length(min = 1, max = 1024))]
+    reason: Option<String>,
+}
+
+#[put("/<server>/bans/<target>", data = "<data>")]
+pub async fn req(user: User, server: Ref, target: Ref, data: Json<Data>) -> Result<()> {
+    let data = data.into_inner();
+    data.validate()
+        .map_err(|error| Error::FailedValidation { error })?;
+
+    let server = server.fetch_server().await?;
+
+    let perm = permissions::PermissionCalculator::new(&user)
+        .with_server(&server)
+        .for_server()
+        .await?;
+
+    if !perm.get_ban_members() {
+        Err(Error::MissingPermission)?
+    }
+
+    let target = target.fetch_user().await?;
+    if target.id == user.id {
+        return Err(Error::InvalidOperation);
+    }
+
+    if target.id == server.owner {
+        return Err(Error::MissingPermission);
+    }
+
+    let mut document = doc! {
+        "_id": {
+            "server": &server.id,
+            "user": &target.id
+        }
+    };
+
+    if let Some(reason) = data.reason {
+        document.insert("reason", reason);
+    }
+
+    get_collection("server_bans")
+        .insert_one(document, None)
+        .await
+        .map_err(|_| Error::DatabaseError {
+            operation: "insert_one",
+            with: "server_ban",
+        })?;
+
+    server.remove_member(&target.id, RemoveMember::Ban).await
+}
--- a/src/routes/servers/ban_list.rs
+++ b/src/routes/servers/ban_list.rs
+use crate::database::*;
+use crate::util::result::{Error, Result};
+
+use futures::StreamExt;
+use mongodb::options::FindOptions;
+use serde::{Serialize, Deserialize};
+use rocket_contrib::json::JsonValue;
+use mongodb::bson::{doc, from_document};
+
+#[derive(Serialize, Deserialize)]
+struct BannedUser {
+    _id: String,
+    username: String,
+    avatar: Option<File>
+}
+
+#[get("/<target>/bans")]
+pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
+    let target = target.fetch_server().await?;
+
+    let perm = permissions::PermissionCalculator::new(&user)
+        .with_server(&target)
+        .for_server()
+        .await?;
+
+    if !perm.get_ban_members() {
+        return Err(Error::MissingPermission);
+    }
+
+    let mut cursor = get_collection("server_bans")
+        .find(
+            doc! {
+                "_id.server": target.id
+            },
+            None,
+        )
+        .await
+        .map_err(|_| Error::DatabaseError {
+            operation: "find",
+            with: "server_bans",
+        })?;
+
+    let mut bans = vec![];
+    let mut user_ids = vec![];
+    while let Some(result) = cursor.next().await {
+        if let Ok(doc) = result {
+            if let Ok(ban) = from_document::<Ban>(doc) {
+                user_ids.push(ban.id.user.clone());
+                bans.push(ban);
+            }
+        }
+    }
+
+    let mut cursor = get_collection("users")
+        .find(
+            doc! {
+                "_id": {
+                    "$in": user_ids
+                }
+            },
+            FindOptions::builder()
+                .projection(doc! {
+                    "username": 1,
+                    "avatar": 1
+                })
+                .build(),
+        )
+        .await
+        .map_err(|_| Error::DatabaseError {
+            operation: "find",
+            with: "users",
+        })?;
+
+    let mut users = vec![];
+    while let Some(result) = cursor.next().await {
+        if let Ok(doc) = result {
+            if let Ok(user) = from_document::<BannedUser>(doc) {
+                users.push(user);
+            }
+        }
+    }
+
+    Ok(json!({
+        "users": users,
+        "bans": bans
+    }))
+}
--- a/src/routes/servers/ban_remove.rs
+++ b/src/routes/servers/ban_remove.rs
+use crate::database::*;
+use crate::util::result::{Error, Result};
+
+use mongodb::bson::doc;
+
+#[delete("/<server>/bans/<target>")]
+pub async fn req(user: User, server: Ref, target: Ref) -> Result<()> {
+    let server = server.fetch_server().await?;
+
+    let perm = permissions::PermissionCalculator::new(&user)
+        .with_server(&server)
+        .for_server()
+        .await?;
+
+    if !perm.get_ban_members() {
+        Err(Error::MissingPermission)?
+    }
+
+    if target.id == user.id {
+        return Err(Error::InvalidOperation);
+    }
+
+    if target.id == server.owner {
+        return Err(Error::MissingPermission);
+    }
+
+    let target = target.fetch_ban(&server.id).await?;
+    get_collection("server_bans")
+        .delete_one(
+            doc! {
+                "_id.server": &server.id,
+                "_id.user": &target.id.user
+            },
+            None,
+        )
+        .await
+        .map_err(|_| Error::DatabaseError {
+            operation: "delete_one",
+            with: "server_ban",
+        })?;
+
+    Ok(())
+}
--- a/src/routes/servers/channel_create.rs
+++ b/src/routes/servers/channel_create.rs
+use std::collections::HashMap;
+
+use crate::database::*;
+use crate::util::result::{Error, Result};
+
+use mongodb::bson::doc;
+use rocket_contrib::json::{Json, JsonValue};
+use serde::{Deserialize, Serialize};
+use ulid::Ulid;
+use validator::Validate;
+
+#[derive(Serialize, Deserialize)]
+enum ChannelType {
+    Text,
+    Voice
+}
+
+impl Default for ChannelType {
+    fn default() -> Self {
+        ChannelType::Text
+    }
+}
+
+#[derive(Validate, Serialize, Deserialize)]
+pub struct Data {
+    #[serde(rename = "type", default = "ChannelType::default")]
+    channel_type: ChannelType,
+    #[validate(length(min = 1, max = 32))]
+    name: String,
+    #[validate(length(min = 0, max = 1024))]
+    description: Option<String>,
+    // Maximum length of 36 allows both ULIDs and UUIDs.
+    #[validate(length(min = 1, max = 36))]
+    nonce: String,
+}
+
+#[post("/<target>/channels", data = "<info>")]
+pub async fn req(user: User, target: Ref, info: Json<Data>) -> Result<JsonValue> {
+    let info = info.into_inner();
+    info.validate()
+        .map_err(|error| Error::FailedValidation { error })?;
+
+    let target = target.fetch_server().await?;
+    let perm = permissions::PermissionCalculator::new(&user)
+        .with_server(&target)
+        .for_server()
+        .await?;
+
+    if !perm.get_manage_channels() {
+        Err(Error::MissingPermission)?
+    }
+
+    if get_collection("channels")
+        .find_one(
+            doc! {
+                "nonce": &info.nonce
+            },
+            None,
+        )
+        .await
+        .map_err(|_| Error::DatabaseError {
+            operation: "find_one",
+            with: "channel",
+        })?
+        .is_some()
+    {
+        Err(Error::DuplicateNonce)?
+    }
+
+    let id = Ulid::new().to_string();
+    let channel = match info.channel_type {
+        ChannelType::Text => Channel::TextChannel {
+            id: id.clone(),
+            server: target.id.clone(),
+            nonce: Some(info.nonce),
+
+            name: info.name,
+            description: info.description,
+            icon: None,
+            last_message: None,
+
+            default_permissions: None,
+            role_permissions: HashMap::new()
+        },
+        ChannelType::Voice => Channel::VoiceChannel {
+            id: id.clone(),
+            server: target.id.clone(),
+            nonce: Some(info.nonce),
+
+            name: info.name,
+            description: info.description,
+            icon: None,
+
+            default_permissions: None,
+            role_permissions: HashMap::new()
+        }
+    };
+
+    channel.clone().publish().await?;
+    get_collection("servers")
+        .update_one(
+            doc! {
+                "_id": target.id
+            },
+            doc! {
+                "$addToSet": {
+                    "channels": id
+                }
+            },
+            None,
+        )
+        .await
+        .map_err(|_| Error::DatabaseError {
+            operation: "update_one",
+            with: "server",
+        })?;
+
+    Ok(json!(channel))
+}
--- a/src/routes/servers/invites_fetch.rs
+++ b/src/routes/servers/invites_fetch.rs
+use crate::database::*;
+use crate::util::result::{Error, Result};
+
+use futures::StreamExt;
+use mongodb::bson::{doc, from_document};
+use rocket_contrib::json::JsonValue;
+use serde::{Deserialize, Serialize};
+
+#[derive(Serialize, Deserialize, Debug, Clone)]
+pub struct ServerInvite {
+    #[serde(rename = "_id")]
+    code: String,
+    creator: String,
+    channel: String,
+}
+
+#[get("/<target>/invites")]
+pub async fn req(user: User, target: Ref) -> Result<JsonValue> {
+    let target = target.fetch_server().await?;
+
+    let perm = permissions::PermissionCalculator::new(&user)
+        .with_server(&target)
+        .for_server()
+        .await?;
+
+    if !perm.get_manage_server() {
+        Err(Error::MissingPermission)?
+    }
+
+    let mut cursor = get_collection("channel_invites")
+        .find(
+            doc! {
+                "server": target.id
+            },
+            None,
+        )
+        .await
+        .map_err(|_| Error::DatabaseError {
+            operation: "find",
+            with: "channel_invites",
+        })?;
+
+    let mut invites = vec![];
+    while let Some(result) = cursor.next().await {
+        if let Ok(doc) = result {
+            if let Ok(invite) = from_document::<Invite>(doc) {
+                invites.push(invite);
+            }
+        }
+    }
+
+    Ok(json!(invites))
+}
No results found