Zaimki/server/nouns.js

const dbConnection = require('./db');
const SQL = require('sql-template-strings');
import { ulid } from 'ulid'
import authenticate from './authenticate';

const parseQuery = (queryString) => {
    const query = {};
    const pairs = (queryString[0] === '?' ? queryString.substr(1) : queryString).split('&');
    for (let i = 0; i < pairs.length; i++) {
        let pair = pairs[i].split('=');
        query[decodeURIComponent(pair[0])] = decodeURIComponent(pair[1] || '');
    }
    return query;
}

const getId = url => url.match(/\/([^/]+)$/)[1];

const approve = async (db, id) => {
    const {base_id} = await db.get(SQL`SELECT base_id FROM nouns WHERE id=${id}`);
    if (base_id) {
        await db.get(SQL`
            DELETE FROM nouns
            WHERE id = ${base_id}
        `);
    }
    await db.get(SQL`
        UPDATE nouns
        SET approved = 1, base_id = NULL
        WHERE id = ${id}
    `);
}

const hide = async (db, id) => {
    await db.get(SQL`
        UPDATE nouns
        SET approved = 0
        WHERE id = ${id}
    `);
}

const remove = async (db, id) => {
    await db.get(SQL`
        DELETE FROM nouns
        WHERE id = ${id}
    `);
}

const trollWords = [
    'cipeusz',
    'feminazi',
    'bruksela',
    'zboczeń',
];

const isTroll = (body) => {
    const jsonBody = JSON.stringify(body);
    for (let trollWord of trollWords) {
        if (jsonBody.indexOf(trollWord) > -1) {
            return true;
        }
    }

    return false;
}

export default async function (req, res, next) {
    const db = await dbConnection();
    const user = authenticate(req);
    const isAdmin = user && user.authenticated && user.roles === 'admin';

    let result = {error: 'Not found'}
    if (req.method === 'GET' && req.url === '/all') {
        result = await db.all(`
            SELECT * FROM nouns
            ${isAdmin ? '' : 'WHERE approved = 1'}
            ORDER BY approved, masc
        `);
    } else if (req.method === 'POST' && req.url === '/submit') {
        if (isAdmin || !isTroll(req.body.data)) {
            const id = ulid()
            await db.get(SQL`
                INSERT INTO nouns (id, masc, fem, neutr, mascPl, femPl, neutrPl, approved, base_id)
                VALUES (
                    ${id},
                    ${req.body.data.masc.join('|')}, ${req.body.data.fem.join('|')}, ${req.body.data.neutr.join('|')},
                    ${req.body.data.mascPl.join('|')}, ${req.body.data.femPl.join('|')}, ${req.body.data.neutrPl.join('|')},
                    0, ${req.body.data.base}
                )
            `);
            if (isAdmin) {
                await approve(db, id);
            }
        }
        result = 'ok';
    } else if (req.method === 'POST' && req.url.startsWith('/approve/') && isAdmin) {
        await approve(db, getId(req.url));
        result = 'ok';
    } else if (req.method === 'POST' && req.url.startsWith('/hide/') && isAdmin) {
        await hide(db, getId(req.url));
        result = 'ok';
    } else if (req.method === 'POST' && req.url.startsWith('/remove/') && isAdmin) {
        await remove(db, getId(req.url));
        result = 'ok';
    }

    res.setHeader('content-type', 'application/json');
    res.write(JSON.stringify(result));
    res.end()
}
#68 proper db migrations 2020-10-12 02:46:26 -07:00			`const dbConnection = require('./db');`
#31 neutratywy 2020-08-04 07:15:41 -07:00			`const SQL = require('sql-template-strings');`
			`import { ulid } from 'ulid'`
#54 user accounts - admin panel 2020-10-15 11:55:24 -07:00			`import authenticate from './authenticate';`
#31 neutratywy 2020-08-04 07:15:41 -07:00
			`const parseQuery = (queryString) => {`
			`const query = {};`
			`const pairs = (queryString[0] === '?' ? queryString.substr(1) : queryString).split('&');`
			`for (let i = 0; i < pairs.length; i++) {`
			`let pair = pairs[i].split('=');`
			`query[decodeURIComponent(pair[0])] = decodeURIComponent(pair[1] \|\| '');`
			`}`
			`return query;`
			`}`

			`const getId = url => url.match(/\/([^/]+)$/)[1];`

			`const approve = async (db, id) => {`
			const {base_id} = await db.get(SQL`SELECT base_id FROM nouns WHERE id=${id}`);
			`if (base_id) {`
			await db.get(SQL`
			`DELETE FROM nouns`
			`WHERE id = ${base_id}`
			`);
			`}`
			await db.get(SQL`
			`UPDATE nouns`
			`SET approved = 1, base_id = NULL`
			`WHERE id = ${id}`
			`);
			`}`

			`const hide = async (db, id) => {`
			await db.get(SQL`
			`UPDATE nouns`
			`SET approved = 0`
			`WHERE id = ${id}`
			`);
			`}`

			`const remove = async (db, id) => {`
			await db.get(SQL`
			`DELETE FROM nouns`
			`WHERE id = ${id}`
			`);
			`}`

[neutratywy] anti-troll measures 2020-08-06 06:59:08 -07:00			`const trollWords = [`
			`'cipeusz',`
			`'feminazi',`
			`'bruksela',`
			`'zboczeń',`
			`];`

			`const isTroll = (body) => {`
			`const jsonBody = JSON.stringify(body);`
			`for (let trollWord of trollWords) {`
			`if (jsonBody.indexOf(trollWord) > -1) {`
			`return true;`
			`}`
			`}`

			`return false;`
			`}`

#31 neutratywy 2020-08-04 07:15:41 -07:00			`export default async function (req, res, next) {`
#68 proper db migrations 2020-10-12 02:46:26 -07:00			`const db = await dbConnection();`
#54 user accounts - admin panel 2020-10-15 11:55:24 -07:00			`const user = authenticate(req);`
			`const isAdmin = user && user.authenticated && user.roles === 'admin';`
#31 neutratywy 2020-08-04 07:15:41 -07:00
			`let result = {error: 'Not found'}`
#54 user accounts - admin panel 2020-10-15 11:55:24 -07:00			`if (req.method === 'GET' && req.url === '/all') {`
#31 neutratywy 2020-08-04 07:15:41 -07:00			result = await db.all(`
			`SELECT * FROM nouns`
			`${isAdmin ? '' : 'WHERE approved = 1'}`
			`ORDER BY approved, masc`
			`);
#54 user accounts - admin panel 2020-10-15 11:55:24 -07:00			`} else if (req.method === 'POST' && req.url === '/submit') {`
[neutratywy] anti-troll measures 2020-08-06 06:59:08 -07:00			`if (isAdmin \|\| !isTroll(req.body.data)) {`
			`const id = ulid()`
			await db.get(SQL`
			`INSERT INTO nouns (id, masc, fem, neutr, mascPl, femPl, neutrPl, approved, base_id)`
			`VALUES (`
			`${id},`
			`${req.body.data.masc.join('\|')}, ${req.body.data.fem.join('\|')}, ${req.body.data.neutr.join('\|')},`
			`${req.body.data.mascPl.join('\|')}, ${req.body.data.femPl.join('\|')}, ${req.body.data.neutrPl.join('\|')},`
			`0, ${req.body.data.base}`
			`)`
			`);
			`if (isAdmin) {`
			`await approve(db, id);`
			`}`
#31 neutratywy 2020-08-04 07:15:41 -07:00			`}`
			`result = 'ok';`
#54 user accounts - admin panel 2020-10-15 11:55:24 -07:00			`} else if (req.method === 'POST' && req.url.startsWith('/approve/') && isAdmin) {`
			`await approve(db, getId(req.url));`
#31 neutratywy 2020-08-04 07:15:41 -07:00			`result = 'ok';`
#54 user accounts - admin panel 2020-10-15 11:55:24 -07:00			`} else if (req.method === 'POST' && req.url.startsWith('/hide/') && isAdmin) {`
			`await hide(db, getId(req.url));`
#31 neutratywy 2020-08-04 07:15:41 -07:00			`result = 'ok';`
#54 user accounts - admin panel 2020-10-15 11:55:24 -07:00			`} else if (req.method === 'POST' && req.url.startsWith('/remove/') && isAdmin) {`
			`await remove(db, getId(req.url));`
#31 neutratywy 2020-08-04 07:15:41 -07:00			`result = 'ok';`
			`}`

			`res.setHeader('content-type', 'application/json');`
			`res.write(JSON.stringify(result));`
			`res.end()`
			`}`