1 files changed, 68 insertions, 1 deletions

diff --git a/bucky/app/bucky.js b/bucky/app/bucky.js
index a31d50f..5fb58bf 100644
--- a/bucky/app/bucky.js
+++ b/bucky/app/bucky.js
@@ -400,6 +400,7 @@ var bucky = module.exports = {
   },
 
   /* PRIVACY */
+  
   checkThreadPrivacy: function(req, res, next) {
     if (req.user.get('ulevel') !== 3 && req.user.get('username') !== res.thread.get('username')) {
       return res.sendStatus(500)
@@ -412,6 +413,13 @@ var bucky = module.exports = {
     }
     next()
   },
+  checkMessagePrivacy: function(req, res, next) {
+    var username = req.user.get('username')
+    if (username !== res.message.get('sender') && username !== res.message.get('recipient')) {
+      return res.sendStatus(500)
+    }
+    next()
+  },
 
   /* MAIL */
 
@@ -454,6 +462,9 @@ var bucky = module.exports = {
   },
   ensureMessage: function(req, res, next){
     db.getMessage(req.params.id).then(function(message){
+      if (! message) {
+        return res.sendStatus(404)
+      }
       var username = req.user.get('username')
       if (username !== message.get('recipient') && username !== message.get('sender')) {
         res.sendStatus(404)
@@ -462,5 +473,61 @@ var bucky = module.exports = {
       res.message = message
       next()
     })
-  }
+  },
+  markMessageUnread: function(req, res, next){
+    if (res.message.get('unread')) {
+      res.message.set('unread', false)
+      res.message.save().then(() => next())
+    } else {
+      next()
+    }
+  },
+  ensureRecipient: function(req, res, next){
+    db.getUserByUsername(util.sanitizeName(req.body.username)).then( (user) => {
+      if (! user) {
+        res.send({ error: "No such recipient" })
+        return
+      }
+      next()
+    })
+  },
+  sendMessage: function(req, res, next){
+    var recipient = util.sanitizeName(req.body.username)
+    var sender = req.user.get('username')
+    var subject = util.sanitize(req.body.subject)
+    var body = util.sanitize(req.body.body)
+    res.mail = { sender: sender, recipient: recipient }
+    var recipientMessage = {
+      mbox: recipient + ".inbox",
+      unread: true,
+      sender: sender,
+      recipient: recipient,
+      date: util.now(),
+      subject: subject,
+      body: body,
+    }
+    var senderMessage = {
+      mbox: sender + ".outbox",
+      unread: false,
+      sender: sender,
+      recipient: recipient,
+      date: util.now(),
+      subject: subject,
+      body: body,
+    }
+    Promise.all([
+      db.createMessage(recipientMessage),
+      db.createMessage(senderMessage),
+    ]).then( () => next() )
+  },
+  deleteDraft: function(req, res, next){
+    if (! req.body.draft_id) return next()
+    db.getMessage(req.body.draft_id).then( (message) => {
+      if (message.get('sender') === req.user.get('username')) {
+        return message.destroy().then( () => next() )
+      }
+      // erroneous draft message??
+      next()
+    })
+  },
 }
\ No newline at end of file