diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/bucky.js | 32 | ||||
| -rw-r--r-- | lib/router.js | 55 | ||||
| -rw-r--r-- | lib/util.js | 1 |
3 files changed, 82 insertions, 6 deletions
diff --git a/lib/bucky.js b/lib/bucky.js index 997d680..742f74d 100644 --- a/lib/bucky.js +++ b/lib/bucky.js @@ -70,6 +70,9 @@ var bucky = module.exports = { ensureThread: function (req, res, next){ var id = req.params.id.replace(/\D/g, "") + if (! id) { + return res.sendStatus(404) + } db.getThread(id).then(function(thread){ if (thread) { res.thread = thread @@ -106,7 +109,7 @@ var bucky = module.exports = { ensureKeyword: function (req, res, next){ var keyword = req.params.keyword if (! keyword) { - res.sendStatus(404) + return res.sendStatus(404) } db.getKeyword(keyword).then(function(k){ if (! k) { @@ -128,5 +131,32 @@ var bucky = module.exports = { next() }) }, + + /* MAIL */ + ensureMailbox: function (req, res, next){ + var box = req.params.box + if (! box) { + res.sendStatus(404) + } + db.getMailbox(req.user.username, box).then(function(box){ + if (! box) { + return res.sendStatus(404) + } + next() + }) + }, + ensureMailboxCounts: function (req, res, next){ + db.getMailboxes(req.user.username).then(function(boxes){ + res.boxes = boxes + next() + }) + }, + ensureMessages: function (req, res, next){ + // todo: define offset + db.getMessages(req.user.username, req.params.box, 50, 0).then(function(messages){ + res.messages = messages + next() + }) + }, }
\ No newline at end of file diff --git a/lib/router.js b/lib/router.js index 92c0054..e2ba442 100644 --- a/lib/router.js +++ b/lib/router.js @@ -28,6 +28,7 @@ module.exports = function(app){ app.post("/api/login", auth.loggedInLocal) app.get("/api/index", + middleware.ensureAuthenticated, bucky.ensureLatestThreads, bucky.ensureCommentCountsForThreads, bucky.ensureFileCountsForThreads, @@ -43,6 +44,7 @@ module.exports = function(app){ } ) app.get("/api/thread/:id", + middleware.ensureAuthenticated, bucky.ensureThread, bucky.ensureKeywordForThread, bucky.ensureCommentsForThread, @@ -56,14 +58,21 @@ module.exports = function(app){ }) } ) - app.post("/api/thread/:id", function(req, res){ + app.post("/api/thread/:id", + middleware.ensureAuthenticated, + function(req, res){ }) - app.post("/api/thread/:id/comment", function(req, res){ + app.post("/api/thread/:id/comment", + middleware.ensureAuthenticated, + function(req, res){ }) - app.delete("/api/thread/:id", function(req, res){ + app.delete("/api/thread/:id", + middleware.ensureAuthenticated, + function(req, res){ }) app.get("/api/keyword/:keyword", + middleware.ensureAuthenticated, bucky.ensureKeyword, bucky.ensureThreadsForKeyword, bucky.ensureCommentCountsForThreads, @@ -77,9 +86,45 @@ module.exports = function(app){ } ) - app.put("/api/comment/:id", function(req, res){ + app.put("/api/comment/:id", + middleware.ensureAuthenticated, + function(req, res){ }) - app.delete("/api/comment/:id", function(req, res){ + app.delete("/api/comment/:id", + middleware.ensureAuthenticated, + function(req, res){ }) + app.get("/mail/", + middleware.ensureAuthenticated, + function(req, res){ + res.render("pages/mailbox", {title: "inbox" }) + } + ) + app.get("/mail/:box", + middleware.ensureAuthenticated, + function(req, res){ + res.render("pages/mailbox", { title: util.sanitize(req.params.box) }) + } + ) + app.get("/mail/read/:id", + middleware.ensureAuthenticated, + function(req, res){ + res.render("pages/message", { title: util.sanitize(req.params.box) }) + } + ) + + app.get("/api/mailbox/:box", + middleware.ensureAuthenticated, + bucky.ensureMailbox, + bucky.ensureMailboxCounts, + bucky.ensureMessages, + function(req, res){ + res.json({ + messages: res.messages, + boxes: res.boxes, + }) + } + ) + } diff --git a/lib/util.js b/lib/util.js index 11c0cac..e67488b 100644 --- a/lib/util.js +++ b/lib/util.js @@ -1,3 +1,4 @@ var util = module.exports = {} util.sanitizeName = function (s){ return (s || "").replace(new RegExp("[^-_a-zA-Z0-9]", 'g'), "") } +util.sanitize = function (s){ return (s || "").replace(/<>&/g, "") } |