diff options
| -rw-r--r-- | lib/bucky.js | 32 | ||||
| -rw-r--r-- | lib/router.js | 55 | ||||
| -rw-r--r-- | lib/util.js | 1 | ||||
| -rw-r--r-- | public/assets/js/lib/router.js | 3 | ||||
| -rw-r--r-- | public/assets/js/lib/views/mail/mailbox.js | 1 | ||||
| -rw-r--r-- | views/partials/header.ejs | 2 | ||||
| -rw-r--r-- | views/partials/scripts.ejs | 1 |
7 files changed, 87 insertions, 8 deletions
diff --git a/lib/bucky.js b/lib/bucky.js index 997d680..742f74d 100644 --- a/lib/bucky.js +++ b/lib/bucky.js @@ -70,6 +70,9 @@ var bucky = module.exports = { ensureThread: function (req, res, next){ var id = req.params.id.replace(/\D/g, "") + if (! id) { + return res.sendStatus(404) + } db.getThread(id).then(function(thread){ if (thread) { res.thread = thread @@ -106,7 +109,7 @@ var bucky = module.exports = { ensureKeyword: function (req, res, next){ var keyword = req.params.keyword if (! keyword) { - res.sendStatus(404) + return res.sendStatus(404) } db.getKeyword(keyword).then(function(k){ if (! k) { @@ -128,5 +131,32 @@ var bucky = module.exports = { next() }) }, + + /* MAIL */ + ensureMailbox: function (req, res, next){ + var box = req.params.box + if (! box) { + res.sendStatus(404) + } + db.getMailbox(req.user.username, box).then(function(box){ + if (! box) { + return res.sendStatus(404) + } + next() + }) + }, + ensureMailboxCounts: function (req, res, next){ + db.getMailboxes(req.user.username).then(function(boxes){ + res.boxes = boxes + next() + }) + }, + ensureMessages: function (req, res, next){ + // todo: define offset + db.getMessages(req.user.username, req.params.box, 50, 0).then(function(messages){ + res.messages = messages + next() + }) + }, }
\ No newline at end of file diff --git a/lib/router.js b/lib/router.js index 92c0054..e2ba442 100644 --- a/lib/router.js +++ b/lib/router.js @@ -28,6 +28,7 @@ module.exports = function(app){ app.post("/api/login", auth.loggedInLocal) app.get("/api/index", + middleware.ensureAuthenticated, bucky.ensureLatestThreads, bucky.ensureCommentCountsForThreads, bucky.ensureFileCountsForThreads, @@ -43,6 +44,7 @@ module.exports = function(app){ } ) app.get("/api/thread/:id", + middleware.ensureAuthenticated, bucky.ensureThread, bucky.ensureKeywordForThread, bucky.ensureCommentsForThread, @@ -56,14 +58,21 @@ module.exports = function(app){ }) } ) - app.post("/api/thread/:id", function(req, res){ + app.post("/api/thread/:id", + middleware.ensureAuthenticated, + function(req, res){ }) - app.post("/api/thread/:id/comment", function(req, res){ + app.post("/api/thread/:id/comment", + middleware.ensureAuthenticated, + function(req, res){ }) - app.delete("/api/thread/:id", function(req, res){ + app.delete("/api/thread/:id", + middleware.ensureAuthenticated, + function(req, res){ }) app.get("/api/keyword/:keyword", + middleware.ensureAuthenticated, bucky.ensureKeyword, bucky.ensureThreadsForKeyword, bucky.ensureCommentCountsForThreads, @@ -77,9 +86,45 @@ module.exports = function(app){ } ) - app.put("/api/comment/:id", function(req, res){ + app.put("/api/comment/:id", + middleware.ensureAuthenticated, + function(req, res){ }) - app.delete("/api/comment/:id", function(req, res){ + app.delete("/api/comment/:id", + middleware.ensureAuthenticated, + function(req, res){ }) + app.get("/mail/", + middleware.ensureAuthenticated, + function(req, res){ + res.render("pages/mailbox", {title: "inbox" }) + } + ) + app.get("/mail/:box", + middleware.ensureAuthenticated, + function(req, res){ + res.render("pages/mailbox", { title: util.sanitize(req.params.box) }) + } + ) + app.get("/mail/read/:id", + middleware.ensureAuthenticated, + function(req, res){ + res.render("pages/message", { title: util.sanitize(req.params.box) }) + } + ) + + app.get("/api/mailbox/:box", + middleware.ensureAuthenticated, + bucky.ensureMailbox, + bucky.ensureMailboxCounts, + bucky.ensureMessages, + function(req, res){ + res.json({ + messages: res.messages, + boxes: res.boxes, + }) + } + ) + } diff --git a/lib/util.js b/lib/util.js index 11c0cac..e67488b 100644 --- a/lib/util.js +++ b/lib/util.js @@ -1,3 +1,4 @@ var util = module.exports = {} util.sanitizeName = function (s){ return (s || "").replace(new RegExp("[^-_a-zA-Z0-9]", 'g'), "") } +util.sanitize = function (s){ return (s || "").replace(/<>&/g, "") } diff --git a/public/assets/js/lib/router.js b/public/assets/js/lib/router.js index 64b8719..0482c0e 100644 --- a/public/assets/js/lib/router.js +++ b/public/assets/js/lib/router.js @@ -9,6 +9,7 @@ var SiteRouter = Router.extend({ "/index": 'index', "/login": 'login', "/details/:id": 'details', + "/mail": 'mailbox', "/mail/:mailbox": 'mailbox', "/mail/read/:id": 'message', "/mail/compose": 'compose', @@ -32,7 +33,7 @@ var SiteRouter = Router.extend({ }, mailbox: function(box){ - app.view = new Mailbox () + app.view = new MailboxView () app.view.load(box) }, diff --git a/public/assets/js/lib/views/mail/mailbox.js b/public/assets/js/lib/views/mail/mailbox.js index fb85252..315a713 100644 --- a/public/assets/js/lib/views/mail/mailbox.js +++ b/public/assets/js/lib/views/mail/mailbox.js @@ -13,6 +13,7 @@ var MailboxView = View.extend({ }, load: function(name){ + name = sanitize(name) || "inbox" $("h1").html(name) $.get(this.action + name, this.populate.bind(this)) }, diff --git a/views/partials/header.ejs b/views/partials/header.ejs index 799040f..6cd7b2e 100644 --- a/views/partials/header.ejs +++ b/views/partials/header.ejs @@ -23,7 +23,7 @@ <a href="/index">home</a> | <a href="/search">search</a> | <a href="/post">post</a> | - <a href="/inbox">inbox</a> | + <a href="/mail">inbox</a> | <a href="/message">message</a> | <a href="/profile">profile</a> | <a href="/logout">logout</a> diff --git a/views/partials/scripts.ejs b/views/partials/scripts.ejs index da76d88..d0f5908 100644 --- a/views/partials/scripts.ejs +++ b/views/partials/scripts.ejs @@ -27,5 +27,6 @@ <script src="/assets/js/lib/views/mail/mailbox.js"></script> <script src="/assets/js/lib/views/mail/message.js"></script> +<script src="/assets/js/lib/views/mail/compose.js"></script> <script src="/assets/js/index.js"></script> |