diff options
Diffstat (limited to 'bucky/app')
| -rw-r--r-- | bucky/app/api.js | 18 | ||||
| -rw-r--r-- | bucky/app/bucky.js | 30 |
2 files changed, 43 insertions, 5 deletions
diff --git a/bucky/app/api.js b/bucky/app/api.js index 5635ce9..ff17626 100644 --- a/bucky/app/api.js +++ b/bucky/app/api.js @@ -121,15 +121,16 @@ function route (app){ bucky.ensureFilesForThread, bucky.destroyThread, function(req, res){ - res.sendStatus(200) + res.send({ status: 'ok' }) }) /* comments */ - + + // one endpoint handles comments + files app.post("/api/thread/:id/comment", middleware.ensureAuthenticated, bucky.ensureThread, - // ensure thread privacy + bucky.checkThreadPrivacy, multer.array("files"), bucky.verifyFilesOrComment, bucky.createOptionalFiles, @@ -164,7 +165,16 @@ function route (app){ bucky.checkCommentPrivacy, bucky.destroyComment, function(req, res){ - res.sendStatus(200) + res.send({ status: 'ok' }) + }) + // delete a file + app.delete("/api/file/:id", + middleware.ensureAuthenticated, + bucky.ensureFile, + bucky.checkFilePrivacy, + bucky.destroyFile, + function(req, res){ + res.send({ status: 'ok' }) }) /* search */ diff --git a/bucky/app/bucky.js b/bucky/app/bucky.js index 295a813..dbb980d 100644 --- a/bucky/app/bucky.js +++ b/bucky/app/bucky.js @@ -371,7 +371,23 @@ var bucky = module.exports = { }, /* FILES */ - + + ensureFile: function (req, res, next){ + var id = req.params.id.replace(/\D/g, "") + if (! id) { + return res.sendStatus(404) + } + db.getFileById(id).then(function(file){ + console.log(file) + if (file) { + res.file = file + next() + } + else { + res.sendStatus(404) + } + }) + }, createOptionalFiles: function(req, res, next){ if (! req.files || ! req.files.length) { return next() @@ -418,6 +434,11 @@ var bucky = module.exports = { console.log(err) }) }, + destroyFile: function(req,res,next){ + var filePromises = db.destroyFiles([res.file]) + Promise.all(filePromises).then( () => next() ) + .catch(err => { console.error(err); next() }) + }, /* PROFILE / USER */ @@ -499,6 +520,13 @@ var bucky = module.exports = { } next() }, + checkFilePrivacy: function(req, res, next) { + console.log(res.file) + if (req.user.get('ulevel') !== 3 && req.user.get('username') !== res.file.get('username')) { + return res.sendStatus(500) + } + next() + }, checkMessagePrivacy: function(req, res, next) { var username = req.user.get('username') if (username !== res.message.get('sender') && username !== res.message.get('recipient')) { |