2022-11-18 15:21:28 +01:00
const express = require ( 'express' ) ;
const passport = require ( 'passport' ) ;
const crypto = require ( 'crypto' ) ;
const db = require ( '../db' ) ;
const router = express . Router ( ) ;
async function create _message ( channel _id , msg , author ) {
2022-11-18 17:38:24 +01:00
console . log ( "create_message: " + channel _id + msg + author ) ;
2022-11-18 15:21:28 +01:00
let r = await db . query ( 'SELECT * FROM channels WHERE id=$1' , [ channel _id ] ) ;
if ( r . rowCount < 1 ) {
console . error ( 'Channel not found' ) ;
return false ;
}
const channel = r . rows [ 0 ] ;
if ( channel . private ) {
// check permissions
r = await db . query ( 'SELECT * FROM allowed_users WHERE channel_id = $1 AND user_email = $2' , [ channel _id , author ] ) ;
if ( r . rowCount < 1 ) {
console . error ( 'You are not allowed to write in this channel' ) ;
return false ;
}
}
await db . query ( 'INSERT INTO messages (id, channel_id, data, author) VALUES ($1,$2,$3,$4)' , [ crypto . randomUUID ( ) , channel _id , msg , author ] ) ;
return true ;
}
async function list _channels ( user ) {
2022-11-18 17:38:24 +01:00
console . log ( "list_channel" + user ) ;
2022-11-18 15:21:28 +01:00
const r = await db . query ( 'SELECT id, detail, private FROM channels WHERE private=FALSE UNION SELECT id, detail, private FROM channels, allowed_users WHERE id = channel_id AND user_email = $1' , [ user ] ) ;
return r . rows ;
}
router . get ( '/channel' , async ( req , res , next ) => {
const channels = await list _channels ( req . user . email ) ;
res . render ( 'channels' , { channels , favorites : req . cookies } ) ;
} ) ;
router . get ( '/channel/:id' , async ( req , res , next ) => {
const chanid = req . params . id ;
let r = await db . query ( 'SELECT * FROM channels WHERE id=$1' , [ chanid ] ) ;
const channel = r . rows [ 0 ] ;
r = await db . query ( 'SELECT * FROM messages WHERE channel_id=$1' , [ chanid ] ) ;
const messages = r . rows ;
if ( ! channel ) {
return res . status ( 404 ) . send ( 'not found' ) ;
}
if ( channel . private ) {
let r = await db . query ( 'SELECT user_email FROM allowed_users WHERE user_email=$1 AND channel_id=$2' , [ req . user . email , chanid ] ) ;
if ( r . rowCount < 1 ) {
res . locals . errormsg = 'You are not allowed to do this' ;
return res . status ( 403 ) . render ( 'error' ) ;
}
}
res . render ( 'channel' , { channel , messages } ) ;
} ) ;
router . post ( '/new_channel' , async ( req , res , next ) => {
2022-11-18 17:38:24 +01:00
console . log ( "/ne_chanell" + req . body ) ;
2022-11-18 15:21:28 +01:00
const { channelid , detail } = req . body ;
const user = req . user . email ;
if ( ! /[a-zA-Z0-9]{4,40}/ . test ( channelid ) ) {
return res . status ( 400 ) . json ( { error : 'Invalid channel name' } ) ;
}
await db . query ( 'INSERT INTO channels (id, detail, private) VALUES ($1,$2,$3)' , [ channelid , detail , true ] ) ;
await db . query ( 'INSERT INTO allowed_users (user_email, channel_id) VALUES ($1,$2)' , [ user , channelid ] ) ;
res . cookie ( channelid , 'true' ) ;
return res . json ( { msg : 'Channel created' } ) ;
} ) ;
router . post ( '/new_message' , async ( req , res , next ) => {
const { msg , channelid } = req . body ;
2022-11-18 17:38:24 +01:00
console . log ( "/new_message" , + req . body ) ;
2022-11-18 15:21:28 +01:00
const author = req . user . email ;
try {
await create _message ( channelid , msg , author ) ;
res . json ( { msg : 'Message created' } ) ;
} catch ( error ) {
// console.error(error);
res . status ( 500 ) . send ( error . toString ( ) ) ;
}
} ) ;
router . post ( '/invite' , async ( req , res , next ) => {
const { channelid , user } = req . body ;
const logged _user = req . user . email ;
2022-11-18 17:38:24 +01:00
console . log ( "/invite" , + req . body ) ;
2022-11-18 15:21:28 +01:00
let r = await db . query ( 'SELECT user_email FROM allowed_users WHERE user_email=$1 AND channel_id=$2' , [ logged _user , channelid ] ) ;
if ( r . rowCount < 1 ) {
return res . status ( 403 ) . json ( { error : 'You are not allowed to do this' } ) ;
}
r = await db . query ( 'SELECT email FROM users WHERE nickname=$1 OR email=$1' , [ user ] ) ;
if ( r . rowCount < 1 ) {
return res . status ( 403 ) . json ( { error : 'User not found' } ) ;
}
const invited _email = r . rows [ 0 ] . email ;
try {
await db . query ( 'INSERT INTO allowed_users (user_email, channel_id) VALUES ($1,$2)' , [ invited _email , channelid ] ) ;
} catch ( error ) {
console . log ( error ) ;
}
return res . json ( { msg : 'User invited' } ) ;
} ) ;
router . get ( '/broadcast' , async ( req , res , next ) => {
const channels = await list _channels ( req . user . email ) ;
res . render ( 'broadcast' , { channels , favorites : req . cookies } ) ;
} ) ;
router . post ( '/broadcast' , async ( req , res , next ) => {
2022-11-18 17:38:24 +01:00
console . log ( "/broadcast" , req . body ) ;
2022-11-18 15:21:28 +01:00
let { msg } = req . body ;
const author = req . user . email ;
const channels = Object . keys ( req . cookies ) ;
console . log ( 'BROADCAST' ) ;
console . error ( channels ) ;
let promises = [ ] ;
for ( const c of channels ) {
promises . push ( create _message ( c , msg , author ) ) ;
}
await Promise . all ( promises ) ;
res . redirect ( '/channel' ) ;
} ) ;
module . exports = router ;