Zaimki/server/routes/terms.js

import { Router } from 'express';
import SQL from 'sql-template-strings';
import {ulid} from "ulid";
import {isTroll, handleErrorAsync, sortClearedLinkedText, clearKey} from "../../src/helpers";
import { caches } from "../../src/cache";

const approve = async (db, id) => {
    const { base_id } = await db.get(SQL`SELECT base_id FROM terms WHERE id=${id}`);
    if (base_id) {
        await db.get(SQL`
            UPDATE terms
            SET deleted=1
            WHERE id = ${base_id}
        `);
    }
    await db.get(SQL`
        UPDATE terms
        SET approved = 1, base_id = NULL
        WHERE id = ${id}
    `);
    await caches.terms.invalidate();
}

const linkOtherVersions = async (req, terms) => {
    const keys = new Set(terms.filter(s => !!s && s.key).map(s => `'` + clearKey(s.key) + `'`));

    const otherVersions = await req.db.all(SQL`
        SELECT t.*, u.username AS author FROM terms t
        LEFT JOIN users u ON t.author_id = u.id
        WHERE t.locale != ${global.config.locale}
        AND t.deleted = 0
        AND t.approved >= ${req.isGranted('terms') ? 0 : 1}
        AND t.key IN (`.append([...keys].join(',')).append(SQL`)
    `));

    const otherVersionsMap = {};
    otherVersions.forEach(version => {
        if (otherVersionsMap[version.key] === undefined) {
            otherVersionsMap[version.key] = [];
        }
        otherVersionsMap[version.key].push(version);
    });

    return terms.map(t => {
        t.versions = t.key ? otherVersionsMap[t.key] || [] : [];
        return t;
    });
};

const router = Router();

router.get('/terms', handleErrorAsync(async (req, res) => {
    return res.json(await caches.terms.fetch(async () => {
        return await linkOtherVersions(
            req,
            sortClearedLinkedText(await req.db.all(SQL`
                SELECT i.*, u.username AS author FROM terms i
                LEFT JOIN users u ON i.author_id = u.id
                WHERE i.locale = ${global.config.locale}
                AND i.approved >= ${req.isGranted('terms') ? 0 : 1}
                AND i.deleted = 0
            `), 'term'),
        );
    }, !req.isGranted('terms')));
}));

router.get('/terms/search/:term', handleErrorAsync(async (req, res) => {
    const term = '%' + req.params.term + '%';
    return res.json(
        await linkOtherVersions(
            req,
            sortClearedLinkedText(await req.db.all(SQL`
                SELECT i.*, u.username AS author FROM terms i
                LEFT JOIN users u ON i.author_id = u.id
                WHERE i.locale = ${global.config.locale}
                AND i.approved >= ${req.isGranted('terms') ? 0 : 1}
                AND i.deleted = 0
                AND (i.term like ${term} OR i.original like ${term})
            `), 'term'),
        )
    );
}));

router.post('/terms/submit', handleErrorAsync(async (req, res) => {
    if (!req.user || !await req.isUserAllowedToPost()) {
        return res.status(401).json({error: 'Unauthorised'});
    }

    if (!(req.user && req.user.admin) && isTroll(JSON.stringify(req.body))) {
        return res.json('ok');
    }

    const id = ulid();
    await req.db.get(SQL`
        INSERT INTO terms (id, term, original, key, definition, approved, base_id, locale, author_id, category, flags, images)
        VALUES (
            ${id},
            ${req.body.term.join('|')}, ${req.body.original.join('|')}, ${clearKey(req.body.key)}, ${req.body.definition},
            0, ${req.body.base}, ${global.config.locale}, ${req.user ? req.user.id : null},
            ${req.body.categories.join(',')}, ${JSON.stringify(req.body.flags)}, ${req.body.images}
        )
    `);

    if (req.isGranted('terms')) {
        await approve(req.db, id);
    }

    return res.json('ok');
}));

router.post('/terms/hide/:id', handleErrorAsync(async (req, res) => {
    if (!req.isGranted('terms')) {
        return res.status(401).json({error: 'Unauthorised'});
    }

    await req.db.get(SQL`
        UPDATE terms
        SET approved = 0
        WHERE id = ${req.params.id}
    `);

    await caches.terms.invalidate();

    return res.json('ok');
}));

router.post('/terms/approve/:id', handleErrorAsync(async (req, res) => {
    if (!req.isGranted('terms')) {
        return res.status(401).json({error: 'Unauthorised'});
    }

    await approve(req.db, req.params.id);

    return res.json('ok');
}));

router.post('/terms/remove/:id', handleErrorAsync(async (req, res) => {
    if (!req.isGranted('terms')) {
        return res.status(401).json({error: 'Unauthorised'});
    }

    await req.db.get(SQL`
        UPDATE terms
        SET deleted=1
        WHERE id = ${req.params.id}
    `);

    await caches.terms.invalidate();

    return res.json('ok');
}));

export default router;
#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00			`import { Router } from 'express';`
			`import SQL from 'sql-template-strings';`
			`import {ulid} from "ulid";`
[sec] remove apostrophes from keys 2021-08-11 14:12:55 -07:00			`import {isTroll, handleErrorAsync, sortClearedLinkedText, clearKey} from "../../src/helpers";`
fix cache invalidation 2021-07-02 16:15:44 -07:00			`import { caches } from "../../src/cache";`
#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00
			`const approve = async (db, id) => {`
			const { base_id } = await db.get(SQL`SELECT base_id FROM terms WHERE id=${id}`);
			`if (base_id) {`
			await db.get(SQL`
			`UPDATE terms`
			`SET deleted=1`
			`WHERE id = ${base_id}`
			`);
			`}`
			await db.get(SQL`
			`UPDATE terms`
			`SET approved = 1, base_id = NULL`
			`WHERE id = ${id}`
			`);
fix cache invalidation 2021-07-02 16:15:44 -07:00			`await caches.terms.invalidate();`
#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00			`}`

#236 [pl][terms] add a key 2021-07-30 03:51:12 -07:00			`const linkOtherVersions = async (req, terms) => {`
[sec] remove apostrophes from keys 2021-08-11 14:29:41 -07:00			const keys = new Set(terms.filter(s => !!s && s.key).map(s => `'` + clearKey(s.key) + `'`));
#236 [pl][terms] add a key 2021-07-30 03:51:12 -07:00
			const otherVersions = await req.db.all(SQL`
			`SELECT t.*, u.username AS author FROM terms t`
			`LEFT JOIN users u ON t.author_id = u.id`
			`WHERE t.locale != ${global.config.locale}`
			`AND t.deleted = 0`
			`AND t.approved >= ${req.isGranted('terms') ? 0 : 1}`
			AND t.key IN (`.append([...keys].join(',')).append(SQL`)
			`));

			`const otherVersionsMap = {};`
			`otherVersions.forEach(version => {`
			`if (otherVersionsMap[version.key] === undefined) {`
			`otherVersionsMap[version.key] = [];`
			`}`
			`otherVersionsMap[version.key].push(version);`
			`});`

			`return terms.map(t => {`
			`t.versions = t.key ? otherVersionsMap[t.key] \|\| [] : [];`
			`return t;`
			`});`
			`};`

#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00			`const router = Router();`

#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`router.get('/terms', handleErrorAsync(async (req, res) => {`
[nouns][terms][inclusive] fix sorting 2021-07-03 04:19:43 -07:00			`return res.json(await caches.terms.fetch(async () => {`
#236 [pl][terms] add a key 2021-07-30 03:51:12 -07:00			`return await linkOtherVersions(`
			`req,`
			sortClearedLinkedText(await req.db.all(SQL`
			`SELECT i.*, u.username AS author FROM terms i`
			`LEFT JOIN users u ON i.author_id = u.id`
			`WHERE i.locale = ${global.config.locale}`
			`AND i.approved >= ${req.isGranted('terms') ? 0 : 1}`
			`AND i.deleted = 0`
			`), 'term'),
			`);`
[bug] fix cache - don't use for admins 2021-07-12 16:09:13 -07:00			`}, !req.isGranted('terms')));`
#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`}));`
#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00
#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`router.get('/terms/search/:term', handleErrorAsync(async (req, res) => {`
#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00			`const term = '%' + req.params.term + '%';`
#236 [pl][terms] add a key 2021-07-30 03:51:12 -07:00			`return res.json(`
			`await linkOtherVersions(`
			`req,`
			sortClearedLinkedText(await req.db.all(SQL`
			`SELECT i.*, u.username AS author FROM terms i`
			`LEFT JOIN users u ON i.author_id = u.id`
			`WHERE i.locale = ${global.config.locale}`
			`AND i.approved >= ${req.isGranted('terms') ? 0 : 1}`
			`AND i.deleted = 0`
			`AND (i.term like ${term} OR i.original like ${term})`
			`), 'term'),
			`)`
			`);`
#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`}));`
#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00
#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`router.post('/terms/submit', handleErrorAsync(async (req, res) => {`
[security] #286 prevent banned users from submitting content 2021-12-02 10:11:04 -08:00			`if (!req.user \|\| !await req.isUserAllowedToPost()) {`
			`return res.status(401).json({error: 'Unauthorised'});`
#225 require account to propose entries 2021-07-25 00:50:02 -07:00			`}`

#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00			`if (!(req.user && req.user.admin) && isTroll(JSON.stringify(req.body))) {`
			`return res.json('ok');`
			`}`

			`const id = ulid();`
			await req.db.get(SQL`
#236 [pl][terms] add a key 2021-07-30 03:51:12 -07:00			`INSERT INTO terms (id, term, original, key, definition, approved, base_id, locale, author_id, category, flags, images)`
#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00			`VALUES (`
			`${id},`
[sec] remove apostrophes from keys 2021-08-11 14:12:55 -07:00			`${req.body.term.join('\|')}, ${req.body.original.join('\|')}, ${clearKey(req.body.key)}, ${req.body.definition},`
[optim] reduce unnecessary operations before each backend request 2021-06-17 16:10:59 -07:00			`0, ${req.body.base}, ${global.config.locale}, ${req.user ? req.user.id : null},`
#230 [pl][terms] multiple categories for terms glossary 2021-07-29 14:40:55 -07:00			`${req.body.categories.join(',')}, ${JSON.stringify(req.body.flags)}, ${req.body.images}`
#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00			`)`
			`);

#132 fine-grained permissions 2020-12-30 15:03:30 -08:00			`if (req.isGranted('terms')) {`
#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00			`await approve(req.db, id);`
			`}`

			`return res.json('ok');`
#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`}));`
#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00
#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`router.post('/terms/hide/:id', handleErrorAsync(async (req, res) => {`
#132 fine-grained permissions 2020-12-30 15:03:30 -08:00			`if (!req.isGranted('terms')) {`
[security] #286 prevent banned users from submitting content 2021-12-02 10:11:04 -08:00			`return res.status(401).json({error: 'Unauthorised'});`
#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00			`}`

			await req.db.get(SQL`
			`UPDATE terms`
			`SET approved = 0`
			`WHERE id = ${req.params.id}`
			`);

fix cache invalidation 2021-07-02 16:15:44 -07:00			`await caches.terms.invalidate();`

#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00			`return res.json('ok');`
#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`}));`
#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00
#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`router.post('/terms/approve/:id', handleErrorAsync(async (req, res) => {`
#132 fine-grained permissions 2020-12-30 15:03:30 -08:00			`if (!req.isGranted('terms')) {`
[security] #286 prevent banned users from submitting content 2021-12-02 10:11:04 -08:00			`return res.status(401).json({error: 'Unauthorised'});`
#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00			`}`

			`await approve(req.db, req.params.id);`

			`return res.json('ok');`
#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`}));`
#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00
#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`router.post('/terms/remove/:id', handleErrorAsync(async (req, res) => {`
#132 fine-grained permissions 2020-12-30 15:03:30 -08:00			`if (!req.isGranted('terms')) {`
[security] #286 prevent banned users from submitting content 2021-12-02 10:11:04 -08:00			`return res.status(401).json({error: 'Unauthorised'});`
#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00			`}`

			await req.db.get(SQL`
			`UPDATE terms`
			`SET deleted=1`
			`WHERE id = ${req.params.id}`
			`);

fix cache invalidation 2021-07-02 16:15:44 -07:00			`await caches.terms.invalidate();`

#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00			`return res.json('ok');`
#215 better server error handling - server 2021-06-09 05:47:08 -07:00			`}));`
#139 [terms] dictionary of queer terms 2020-12-18 08:32:18 -08:00
			`export default router;`