diff options
Diffstat (limited to 'bucky')
| -rw-r--r-- | bucky/app/bucky.js | 69 | ||||
| -rw-r--r-- | bucky/app/router.js | 37 | ||||
| -rw-r--r-- | bucky/db/index.js | 10 |
3 files changed, 92 insertions, 24 deletions
diff --git a/bucky/app/bucky.js b/bucky/app/bucky.js index a31d50f..5fb58bf 100644 --- a/bucky/app/bucky.js +++ b/bucky/app/bucky.js @@ -400,6 +400,7 @@ var bucky = module.exports = { }, /* PRIVACY */ + checkThreadPrivacy: function(req, res, next) { if (req.user.get('ulevel') !== 3 && req.user.get('username') !== res.thread.get('username')) { return res.sendStatus(500) @@ -412,6 +413,13 @@ var bucky = module.exports = { } next() }, + checkMessagePrivacy: function(req, res, next) { + var username = req.user.get('username') + if (username !== res.message.get('sender') && username !== res.message.get('recipient')) { + return res.sendStatus(500) + } + next() + }, /* MAIL */ @@ -454,6 +462,9 @@ var bucky = module.exports = { }, ensureMessage: function(req, res, next){ db.getMessage(req.params.id).then(function(message){ + if (! message) { + return res.sendStatus(404) + } var username = req.user.get('username') if (username !== message.get('recipient') && username !== message.get('sender')) { res.sendStatus(404) @@ -462,5 +473,61 @@ var bucky = module.exports = { res.message = message next() }) - } + }, + markMessageUnread: function(req, res, next){ + if (res.message.get('unread')) { + res.message.set('unread', false) + res.message.save().then(() => next()) + } else { + next() + } + }, + ensureRecipient: function(req, res, next){ + db.getUserByUsername(util.sanitizeName(req.body.username)).then( (user) => { + if (! user) { + res.send({ error: "No such recipient" }) + return + } + next() + }) + }, + sendMessage: function(req, res, next){ + var recipient = util.sanitizeName(req.body.username) + var sender = req.user.get('username') + var subject = util.sanitize(req.body.subject) + var body = util.sanitize(req.body.body) + res.mail = { sender: sender, recipient: recipient } + var recipientMessage = { + mbox: recipient + ".inbox", + unread: true, + sender: sender, + recipient: recipient, + date: util.now(), + subject: subject, + body: body, + } + var senderMessage = { + mbox: sender + ".outbox", + unread: false, + sender: sender, + recipient: recipient, + date: util.now(), + subject: subject, + body: body, + } + Promise.all([ + db.createMessage(recipientMessage), + db.createMessage(senderMessage), + ]).then( () => next() ) + }, + deleteDraft: function(req, res, next){ + if (! req.body.draft_id) return next() + db.getMessage(req.body.draft_id).then( (message) => { + if (message.get('sender') === req.user.get('username')) { + return message.destroy().then( () => next() ) + } + // erroneous draft message?? + next() + }) + }, }
\ No newline at end of file diff --git a/bucky/app/router.js b/bucky/app/router.js index 4c94c19..8eb90e0 100644 --- a/bucky/app/router.js +++ b/bucky/app/router.js @@ -196,8 +196,7 @@ module.exports = function(app){ middleware.ensureAuthenticated, function(req, res){ res.render("pages/search", {title: "search" }) - } - ) + }) app.get("/api/search", middleware.ensureAuthenticated, search.search, @@ -215,8 +214,7 @@ module.exports = function(app){ res.json({ keywords: res.keywords, }) - } - ) + }) app.get("/api/keyword/:keyword", middleware.ensureAuthenticated, bucky.ensureKeyword, @@ -229,15 +227,13 @@ module.exports = function(app){ keyword: res.keyword, threads: res.threads, }) - } - ) + }) app.get("/mail/", middleware.ensureAuthenticated, function(req, res){ res.render("pages/mailbox", {title: "your inbox" }) - } - ) + }) app.get("/mail/compose", middleware.ensureAuthenticated, function(req, res){ @@ -245,14 +241,12 @@ module.exports = function(app){ title: "new message", subject: fortune("subjects"), }) - } - ) + }) app.get("/mail/:box", middleware.ensureAuthenticated, function(req, res){ res.render("pages/mailbox", { title: "your " + util.sanitize(req.params.box) }) - } - ) + }) app.get("/mail/compose/:username", middleware.ensureAuthenticated, function(req, res){ @@ -260,14 +254,12 @@ module.exports = function(app){ title: "new message", subject: fortune("subjects"), }) - } - ) + }) app.get("/mail/read/:id", middleware.ensureAuthenticated, function(req, res){ res.render("pages/message", { title: "read message" }) - } - ) + }) app.get("/api/mailbox/:box", middleware.ensureAuthenticated, bucky.ensureMailboxes, @@ -279,20 +271,23 @@ module.exports = function(app){ messages: res.messages, boxes: res.boxes, }) - } - ) + }) app.get("/api/message/:id", middleware.ensureAuthenticated, bucky.ensureMessage, + bucky.markMessageUnread, function(req, res){ res.json({ message: res.message, }) - }) - app.post("/mail/", + }) + app.post("/api/mail/send", middleware.ensureAuthenticated, + bucky.ensureRecipient, + bucky.sendMessage, + bucky.deleteDraft, function(req, res){ - // send new mail + res.sendStatus(200) } ) diff --git a/bucky/db/index.js b/bucky/db/index.js index c2cf947..8715125 100644 --- a/bucky/db/index.js +++ b/bucky/db/index.js @@ -51,8 +51,7 @@ db.getUser = function(id) { return model.fetch() } db.getUserByUsername = function(username) { - var model = new User({'username': username}) - return model.fetch() + return new User({'username': username}).fetch() } db.getLastlog = function(limit){ return knex.column('username').column('lastseen').select().from('users').orderBy('lastseen', 'desc').limit(limit || 10) @@ -188,12 +187,18 @@ db.destroyKeyword = function(id){ db.getMailboxes = function(username){ return Mailbox.query("where", "owner", "=", username).fetchAll() } +db.getMailbox = function(mbox){ + return new Mailbox({mbox: mbox}).fetch() +} db.getMailboxCounts = function(boxes){ return knex.column('mbox').count('* as count').select().from('messages').where('mbox', 'in', boxes).groupBy('mbox') } db.createMailbox = function(data){ return new db.Mailbox(data).save() } +db.bumpMailboxCount = function(mbox){ + new db.Mailbox({ mbox: mbox }).fetch() +} /* MESSAGES */ @@ -212,6 +217,7 @@ db.getMessages = function(username, box, limit, offset){ db.getMessage = function (id){ var model = new Message({'id': id}) return model.fetch().then(function(message){ + if (! message) return null message.set("body", message.get("body").toString() ) return message }) |