145 lines
4.4 KiB
JavaScript
Executable File
145 lines
4.4 KiB
JavaScript
Executable File
const express = require('express');
|
|
const passport = require('passport');
|
|
const crypto = require('crypto');
|
|
|
|
const db = require('../db');
|
|
|
|
const router = express.Router();
|
|
|
|
async function create_message(channel_id, msg, author) {
|
|
let r = await db.query('SELECT * FROM channels WHERE id=$1', [channel_id]);
|
|
|
|
if (r.rowCount < 1) {
|
|
console.error('Channel not found');
|
|
return false;
|
|
}
|
|
|
|
const channel = r.rows[0];
|
|
|
|
if (channel.private) {
|
|
// check permissions
|
|
r = await db.query('SELECT * FROM allowed_users WHERE channel_id = $1 AND user_email = $2', [channel_id, author]);
|
|
if (r.rowCount < 1) {
|
|
console.error('You are not allowed to write in this channel');
|
|
return false;
|
|
}
|
|
}
|
|
|
|
await db.query('INSERT INTO messages (id, channel_id, data, author) VALUES ($1,$2,$3,$4)', [crypto.randomUUID(), channel_id, msg, author]);
|
|
return true;
|
|
}
|
|
|
|
async function list_channels(user) {
|
|
const r = await db.query('SELECT id, detail, private FROM channels WHERE private=FALSE UNION SELECT id, detail, private FROM channels, allowed_users WHERE id = channel_id AND user_email = $1', [user]);
|
|
return r.rows;
|
|
}
|
|
|
|
|
|
router.get('/channel', async (req, res, next) => {
|
|
const channels = await list_channels(req.user.email);
|
|
res.render('channels', { channels, favorites: req.cookies });
|
|
});
|
|
|
|
router.get('/channel/:id', async (req, res, next) => {
|
|
const chanid = req.params.id;
|
|
|
|
let r = await db.query('SELECT * FROM channels WHERE id=$1', [chanid]);
|
|
const channel = r.rows[0];
|
|
r = await db.query('SELECT * FROM messages WHERE channel_id=$1', [chanid]);
|
|
const messages = r.rows;
|
|
|
|
if (!channel) {
|
|
return res.status(404).send('not found');
|
|
}
|
|
|
|
if (channel.private) {
|
|
let r = await db.query('SELECT user_email FROM allowed_users WHERE user_email=$1 AND channel_id=$2', [req.user.email, chanid]);
|
|
|
|
if (r.rowCount < 1) {
|
|
res.locals.errormsg = 'You are not allowed to do this';
|
|
return res.status(403).render('error');
|
|
}
|
|
}
|
|
|
|
res.render('channel', { channel, messages });
|
|
});
|
|
|
|
router.post('/new_channel', async (req, res, next) => {
|
|
const { channelid, detail } = req.body;
|
|
const user = req.user.email;
|
|
|
|
if (!/[a-zA-Z0-9]{4,40}/.test(channelid)) {
|
|
return res.status(400).json({ error: 'Invalid channel name' });
|
|
}
|
|
|
|
await db.query('INSERT INTO channels (id, detail, private) VALUES ($1,$2,$3)', [channelid, detail, true]);
|
|
await db.query('INSERT INTO allowed_users (user_email, channel_id) VALUES ($1,$2)', [user, channelid]);
|
|
|
|
res.cookie(channelid, 'true');
|
|
return res.json({ msg: 'Channel created' });
|
|
});
|
|
|
|
router.post('/new_message', async (req, res, next) => {
|
|
const { msg, channelid } = req.body;
|
|
const author = req.user.email;
|
|
|
|
try {
|
|
await create_message(channelid, msg, author);
|
|
res.json({ msg: 'Message created' });
|
|
} catch (error) {
|
|
// console.error(error);
|
|
res.status(500).send(error.toString());
|
|
}
|
|
});
|
|
|
|
router.post('/invite', async (req, res, next) => {
|
|
const { channelid, user } = req.body;
|
|
const logged_user = req.user.email;
|
|
|
|
let r = await db.query('SELECT user_email FROM allowed_users WHERE user_email=$1 AND channel_id=$2', [logged_user, channelid]);
|
|
|
|
if (r.rowCount < 1) {
|
|
return res.status(403).json({ error: 'You are not allowed to do this' });
|
|
}
|
|
|
|
r = await db.query('SELECT email FROM users WHERE nickname=$1 OR email=$1', [user]);
|
|
if (r.rowCount < 1) {
|
|
return res.status(403).json({ error: 'User not found' });
|
|
}
|
|
|
|
const invited_email = r.rows[0].email;
|
|
|
|
try {
|
|
await db.query('INSERT INTO allowed_users (user_email, channel_id) VALUES ($1,$2)', [invited_email, channelid]);
|
|
} catch (error) {
|
|
console.log(error);
|
|
}
|
|
|
|
return res.json({ msg: 'User invited' });
|
|
});
|
|
|
|
|
|
router.get('/broadcast', async (req, res, next) => {
|
|
const channels = await list_channels(req.user.email);
|
|
res.render('broadcast', { channels, favorites: req.cookies });
|
|
});
|
|
|
|
router.post('/broadcast', async (req, res, next) => {
|
|
let { msg } = req.body;
|
|
const author = req.user.email;
|
|
const channels = Object.keys(req.cookies);
|
|
|
|
console.log('BROADCAST');
|
|
console.error(channels);
|
|
|
|
let promises = [];
|
|
for (const c of channels) {
|
|
promises.push(create_message(c, msg, author));
|
|
}
|
|
|
|
await Promise.all(promises);
|
|
res.redirect('/channel');
|
|
|
|
});
|
|
|
|
module.exports = router; |