[deploy] filter dashboard guilds to manageable ones

src/web/routes/api.ts

@@ -30,9 +30,25 @@ router.get('/me', requireAuth, (req, res) => {
   res.json({ user: { ...req.session.user, isAdmin } });
 });
 
-router.get('/guilds', requireAuth, (_req, res) => {
+router.get('/guilds', requireAuth, (req, res) => {
+  const sessionGuilds = Array.isArray(req.session?.guilds) ? req.session.guilds : [];
+  // Only allow guilds the user owns or can manage (manage_guild or admin) and where the bot is present
+  const allowedIds = new Set(
+    sessionGuilds
+      .filter((g: any) => {
+        if (!g) return false;
+        if (g.owner) return true;
+        const perms = g.permissions ? BigInt(g.permissions) : 0n;
+        const hasAdmin = (perms & 0x8n) === 0x8n;
+        const hasManageGuild = (perms & 0x20n) === 0x20n;
+        return hasAdmin || hasManageGuild;
+      })
+      .map((g: any) => g.id)
+  );
   const guilds =
-    context.client?.guilds.cache.map((g) => ({
+    context.client?.guilds.cache
+      .filter((g) => allowedIds.has(g.id))
+      .map((g) => ({
         id: g.id,
         name: g.name,
         icon: g.icon