KayFaraday
/
Zaimki
Archived
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
This repository has been archived on 2024-07-22. You can view files and clone it, but cannot push or open issues or pull requests.
Zaimki/server/routes/names.js

112 lines
3.4 KiB
JavaScript
Raw Normal View History

[names] #265 move names to db
2021-09-25 05:55:53 -07:00
import { Router } from 'express';
import SQL from 'sql-template-strings';
import {ulid} from "ulid";
import {handleErrorAsync, isTroll} from "../../src/helpers";
import { caches } from "../../src/cache";
const approve = async (db, id) => {
const { base_id } = await db.get(SQL`SELECT base_id FROM names WHERE id=${id}`);
if (base_id) {
await db.get(SQL`
UPDATE names
SET deleted=1
WHERE id = ${base_id}
`);
}
await db.get(SQL`
UPDATE names
SET approved = 1, base_id = NULL
WHERE id = ${id}
`);
await caches.names.invalidate();
}
const router = Router();
router.get('/names', handleErrorAsync(async (req, res) => {
return res.json(await caches.names.fetch(async () => {
return await req.db.all(SQL`
SELECT n.*, u.username AS author FROM names n
LEFT JOIN users u ON n.author_id = u.id
WHERE n.locale = ${global.config.locale}
AND n.deleted = 0
AND n.approved >= ${req.isGranted('names') ? 0 : 1}
ORDER BY n.approved, n.name
`)
}, !req.isGranted('names')));
}));
router.post('/names/submit', handleErrorAsync(async (req, res) => {
[security] #286 prevent banned users from submitting content
2021-12-02 10:11:04 -08:00
if (!req.user || !await req.isUserAllowedToPost()) {
return res.status(401).json({error: 'Unauthorised'});
[names] #265 move names to db
2021-09-25 05:55:53 -07:00
}
if (!(req.user && req.user.admin) && isTroll(JSON.stringify(req.body))) {
return res.json('ok');
}
const id = ulid();
await req.db.get(SQL`
INSERT INTO names (id, name, locale, origin, meaning, usage, legally, pros, cons, notablePeople, links, namedays, namedaysComment, deleted, approved, base_id, author_id)
VALUES (
${id},
${req.body.name}, ${global.config.locale},
${req.body.origin || null}, ${req.body.meaning || null}, ${req.body.usage || null}, ${req.body.legally || null},
${req.body.pros.length ? req.body.pros.join('|') : null}, ${req.body.cons.length ? req.body.cons.join('|') : null},
${req.body.notablePeople.length ? req.body.notablePeople.join('|') : null}, ${req.body.links.length ? req.body.links.join('|') : null},
${req.body.namedays.length ? req.body.namedays.join('|') : null}, ${req.body.namedaysComment || null},
0, 0, ${req.body.base}, ${req.user ? req.user.id : null}
)
`);
if (req.isGranted('names')) {
await approve(req.db, id);
}
return res.json('ok');
}));
router.post('/names/hide/:id', handleErrorAsync(async (req, res) => {
if (!req.isGranted('names')) {
[security] #286 prevent banned users from submitting content
2021-12-02 10:11:04 -08:00
return res.status(401).json({error: 'Unauthorised'});
[names] #265 move names to db
2021-09-25 05:55:53 -07:00
}
await req.db.get(SQL`
UPDATE names
SET approved = 0
WHERE id = ${req.params.id}
`);
await caches.names.invalidate();
return res.json('ok');
}));
router.post('/names/approve/:id', handleErrorAsync(async (req, res) => {
if (!req.isGranted('names')) {
[security] #286 prevent banned users from submitting content
2021-12-02 10:11:04 -08:00
return res.status(401).json({error: 'Unauthorised'});
[names] #265 move names to db
2021-09-25 05:55:53 -07:00
}
await approve(req.db, req.params.id);
return res.json('ok');
}));
router.post('/names/remove/:id', handleErrorAsync(async (req, res) => {
if (!req.isGranted('names')) {
[security] #286 prevent banned users from submitting content
2021-12-02 10:11:04 -08:00
return res.status(401).json({error: 'Unauthorised'});
[names] #265 move names to db
2021-09-25 05:55:53 -07:00
}
await req.db.get(SQL`
UPDATE names
SET deleted=1
WHERE id = ${req.params.id}
`);
await caches.names.invalidate();
return res.json('ok');
}));
export default router;