albert/mrfrys-node-server
1
0
Fork 0
mirror of https://gitlab.com/MrFry/mrfrys-node-server synced 2025-04-01 20:24:18 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

preventing users deleting other users comments/posts

Browse source
This commit is contained in:
mrfry 2021-03-18 18:23:03 +01:00
parent b700bfba77
commit 26d7288e91
1 changed files with 84 additions and 62 deletions
Download patch file Download diff file Expand all files Collapse all files

146
src/modules/api/api.ts
View file

@ -704,44 +704,6 @@ function GetApp(): ModuleType {
logger.Log('New feedback file', logger.GetColor('bluebg')) logger.Log('New feedback file', logger.GetColor('bluebg'))
}) })
app.post('/rmPost', (req: Request, res) => {
logger.LogReq(req)
const user: User = req.session.user
const news: any = utils.ReadJSON(newsFile)
const { newsKey } = req.body
if (news[newsKey].user === user.id) {
delete news[newsKey]
} else {
res.json({ status: 'fail', msg: 'u cant delete other users posts!' })
return
}
utils.WriteFile(JSON.stringify(news, null, 2), newsFile)
res.json({ status: 'ok', news: news })
})
app.post('/addPost', (req: Request, res) => {
logger.LogReq(req)
const user: User = req.session.user
const news: any = utils.ReadJSON(newsFile)
const admins: any = utils.FileExists(adminUsersFile)
? utils.ReadJSON(adminUsersFile)
: []
const { title, content } = req.body
news[uuidv4()] = {
date: utils.GetDateString(),
user: user.id,
title: title,
content: content,
admin: admins.includes(user.id),
}
utils.WriteFile(JSON.stringify(news, null, 2), newsFile)
res.json({ status: 'ok', news: news })
})
app.post('/postfeedback', function(req: Request, res: any) { app.post('/postfeedback', function(req: Request, res: any) {
logger.LogReq(req) logger.LogReq(req)
if (req.body.fromLogin) { if (req.body.fromLogin) {
@ -1350,28 +1312,6 @@ function GetApp(): ModuleType {
res.json({ msg: 'done' }) res.json({ msg: 'done' })
}) })
function addComment(obj, path, comment) {
if (path.length === 0) {
obj.push(comment)
} else {
const i = path.pop()
if (!obj[i].subComments) {
obj[i].subComments = []
}
addComment(obj[i].subComments, path, comment)
}
}
function deleteComment(obj, path) {
if (path.length === 1) {
// TODO: check if its actually deleteable by user (deleting other users comments)
obj.splice(path[0], 1)
} else {
const i = path.pop()
deleteComment(obj[i].subComments, path)
}
}
function addReaction(obj, path, { reaction, isDelete, uid }) { function addReaction(obj, path, { reaction, isDelete, uid }) {
if (path.length === 1) { if (path.length === 1) {
const index = path[0] const index = path[0]
@ -1458,6 +1398,37 @@ function GetApp(): ModuleType {
res.json({ status: 'ok', news: news }) res.json({ status: 'ok', news: news })
}) })
function addComment(obj, path, comment) {
if (path.length === 0) {
obj.push(comment)
} else {
const i = path.pop()
if (!obj[i].subComments) {
obj[i].subComments = []
}
addComment(obj[i].subComments, path, comment)
}
}
function deleteComment(
obj: any,
path: Array<number>,
userid: number
): boolean {
if (path.length === 1) {
if (obj[path[0]].user === userid) {
obj.splice(path[0], 1)
return true
} else {
return false
}
} else {
const i = path.pop()
deleteComment(obj[i].subComments, path, userid)
return true
}
}
app.post('/comment', (req: Request, res) => { app.post('/comment', (req: Request, res) => {
logger.LogReq(req) logger.LogReq(req)
@ -1486,10 +1457,19 @@ function GetApp(): ModuleType {
addComment(news[newsKey].comments, path, comment) addComment(news[newsKey].comments, path, comment)
} else if (type === 'delete') { } else if (type === 'delete') {
if (news[newsKey].comments) { if (news[newsKey].comments) {
deleteComment(news[newsKey].comments, path) const success = deleteComment(news[newsKey].comments, path, user.id)
if (!success) {
res.json({
status: 'fail',
msg: 'you cant delete other users comments',
news: news,
})
return
}
} }
} else { } else {
res.json({ status: 'fail', msg: 'no such type' }) res.json({ status: 'fail', msg: 'no such type', news: news })
return
} }
utils.WriteFile(JSON.stringify(news, null, 2), newsFile) utils.WriteFile(JSON.stringify(news, null, 2), newsFile)
res.json({ status: 'ok', news: news }) res.json({ status: 'ok', news: news })
@ -1553,6 +1533,48 @@ function GetApp(): ModuleType {
res.json({ msg: 'done' }) res.json({ msg: 'done' })
}) })
app.post('/rmPost', (req: Request, res) => {
logger.LogReq(req)
const user: User = req.session.user
const news: any = utils.ReadJSON(newsFile)
const { newsKey } = req.body
if (news[newsKey].user === user.id) {
delete news[newsKey]
} else {
res.json({
status: 'fail',
msg: 'u cant delete other users posts!',
news: news,
})
return
}
utils.WriteFile(JSON.stringify(news, null, 2), newsFile)
res.json({ status: 'ok', news: news })
})
app.post('/addPost', (req: Request, res) => {
logger.LogReq(req)
const user: User = req.session.user
const news: any = utils.ReadJSON(newsFile)
const admins: any = utils.FileExists(adminUsersFile)
? utils.ReadJSON(adminUsersFile)
: []
const { title, content } = req.body
news[uuidv4()] = {
date: utils.GetDateString(),
user: user.id,
title: title,
content: content,
admin: admins.includes(user.id),
}
utils.WriteFile(JSON.stringify(news, null, 2), newsFile)
res.json({ status: 'ok', news: news })
})
app.get('/possibleAnswers', (req: Request, res: any) => { app.get('/possibleAnswers', (req: Request, res: any) => {
logger.LogReq(req) logger.LogReq(req)
const files = utils.ReadDir(savedQuestionsDir) const files = utils.ReadDir(savedQuestionsDir)