var multer = require('multer')() var auth = require('../util/auth') var adminz = require('../util/adminz') var middleware = require('../util/middleware') var util = require('../util/util') var db = require('../db') var bucky = require('./bucky') var privacy = require('./privacy') var search = require('../search/middleware') var fortune = require('../db/fortune') module.exports = { route } function route (app){ /* users */ app.get("/api/user/:username", middleware.ensureAuthenticated, bucky.ensureUser, bucky.sanitizeUser, function(req, res) { res.json(res.user) }) app.post("/api/user/:username", middleware.ensureAuthenticated, bucky.ensureUser, privacy.checkUserPrivacy, multer.single("avatar"), bucky.updateProfile, auth.changePassword, bucky.uploadAvatar, bucky.saveUser, function(req, res){ res.json(util.sanitizeUser(res.user)) }) app.get("/api/profile/:username", middleware.ensureAuthenticated, bucky.ensureUser, bucky.sanitizeUser, bucky.ensureThreadsForUser, // bucky.ensureTopThreadsForUser, // bucky.ensureCommentsForUser, bucky.ensureFilesForUser, function(req, res) { res.json({ user: res.user, threads: res.threads, // topThreads: res.topThreads, files: res.files, // comments: res.comments, }) }) app.put("/api/checkUsernames", middleware.ensureAuthenticated, bucky.checkUsernames, function(req, res){ res.send({ usernames: res.usernames }) }) /* threads */ app.get("/api/index", bucky.ensureLastlog, middleware.ensureAuthenticated, bucky.ensureLatestThreads, privacy.filterPrivateThreads, bucky.ensureCommentCountsForThreads, bucky.ensureFileCountsForThreads, bucky.ensureKeywordsForThreads, bucky.ensureHootbox, bucky.bumpLastSeen, bucky.checkMail, function(req, res){ res.json({ threads: res.threads, hootbox: res.hootbox, lastlog: res.lastlog, mail: res.mail, }) }) app.post("/api/keyword/new", bucky.ensureLastlog, middleware.ensureAuthenticated, bucky.createKeyword, function(req, res){ res.json({ keyword: res.keyword }) }) app.get("/api/keyword/:keyword", bucky.ensureLastlog, middleware.ensureAuthenticated, bucky.ensureThreadsForKeyword, privacy.filterPrivateThreads, bucky.ensureCommentCountsForThreads, bucky.ensureFileCountsForThreads, bucky.ensureKeywordsForThreads, bucky.ensureHootbox, bucky.checkMail, function(req, res){ res.json({ keyword: res.keyword, threads: res.threads, hootbox: res.hootbox, lastlog: res.lastlog, mail: res.mail, }) }) app.get("/api/thread/:id", middleware.ensureAuthenticated, bucky.ensureThread, privacy.checkThreadPrivacy, bucky.bumpViewCount, bucky.ensureKeywordForThread, bucky.ensureCommentsForThread, bucky.ensureFilesForThread, // bucky.ensureThreadUsers, bucky.prepareThread, bucky.bumpLastSeen, function(req, res){ res.json({ thread: res.thread, comments: res.comments, files: res.files, keyword: res.keyword, }) }) app.post("/api/thread", middleware.ensureAuthenticated, multer.array("files"), bucky.verifyFilesOrComment, bucky.createThread, bucky.createOptionalFiles, bucky.createOptionalComment, function(req, res){ res.json(res.thread) }) app.put("/api/thread/:id", middleware.ensureAuthenticated, bucky.ensureThread, privacy.checkThreadPrivacy, bucky.updateThreadSettings, function(req, res){ res.json({ status: 'ok' }) }) app.delete("/api/thread/:id", middleware.ensureAuthenticated, bucky.ensureThread, privacy.checkThreadPrivacy, bucky.ensureCommentsForThread, bucky.ensureFilesForThread, bucky.destroyThread, function(req, res){ res.send({ status: 'ok' }) }) /* comments */ // one endpoint handles comments + files app.post("/api/thread/:id/comment", middleware.ensureAuthenticated, bucky.ensureThread, privacy.checkThreadPrivacy, multer.array("files"), bucky.verifyFilesOrComment, bucky.createOptionalComment, bucky.createOptionalFiles, bucky.bumpThreadRevisions, function(req, res){ res.json({ comment: res.comment, files: res.files, }) }) app.get("/api/comment/:id", middleware.ensureAuthenticated, bucky.ensureComment, function(req, res){ res.json({ comment: res.comment }) }) // edit a comment app.put("/api/comment/:id", middleware.ensureAuthenticated, bucky.ensureComment, privacy.checkCommentPrivacy, bucky.ensureCommentThread, bucky.updateComment, bucky.bumpThreadRevisions, function(req, res){ res.json({ comment: res.comment }) }) // move a file to another thread app.get("/api/file/:id/move/:thread_id", middleware.ensureAuthenticated, privacy.checkIsAdmin, bucky.ensureFile, bucky.ensureThreadById, bucky.moveFile, function(req, res){ res.json({ file: res.file }) }) // move a comment to another thread app.get("/api/comment/:id/move/:thread_id", middleware.ensureAuthenticated, privacy.checkIsAdmin, bucky.ensureComment, bucky.ensureThreadById, bucky.moveComment, function(req, res){ res.json({ comment: res.comment }) }) // delete a comment app.delete("/api/comment/:id", middleware.ensureAuthenticated, bucky.ensureComment, privacy.checkCommentPrivacy, bucky.destroyComment, function(req, res){ res.send({ status: 'ok' }) }) // delete a file app.delete("/api/file/:id", middleware.ensureAuthenticated, bucky.ensureFile, privacy.checkFilePrivacy, bucky.destroyFile, function(req, res){ res.send({ status: 'ok' }) }) /* search */ app.get("/api/search", middleware.ensureAuthenticated, search.search, search.getThreads, search.getComments, search.getFiles, search.logQuery, search.success ) app.get("/api/search/build", middleware.ensureAuthenticated, privacy.checkIsAdmin, search.rebuild ) /* keywords */ app.get("/api/keywords", middleware.ensureAuthenticated, bucky.ensureKeywords, function(req, res){ res.json({ keywords: res.keywords, }) }) app.get("/api/keywords/statistics", middleware.ensureAuthenticated, bucky.ensureKeywords, bucky.ensureThreadGroups, function(req, res){ res.json({ keywords: res.keywords, threadGroups: res.threadGroups, }) }) app.get("/api/keyword/:keyword", middleware.ensureAuthenticated, bucky.ensureKeyword, bucky.ensureThreadsForKeyword, privacy.filterPrivateThreads, bucky.ensureCommentCountsForThreads, bucky.ensureFileCountsForThreads, bucky.ensureKeywordsForThreads, function(req, res){ res.json({ keyword: res.keyword, threads: res.threads, }) }) // app.get("/api/keyword/:keyword/full", // middleware.ensureAuthenticated, // bucky.ensureKeyword, // bucky.ensureThreadsForKeyword, // privacy.filterPrivateThreads, // bucky.ensureFilesForThreads, // bucky.ensureCommentsForThreads, // function(req, res){ // res.json({ // keyword: res.keyword, // threads: res.threads, // }) // }) /* mail */ app.get("/api/mailbox/:box", middleware.ensureAuthenticated, bucky.ensureMailboxes, bucky.ensureMailboxCounts, bucky.ensureMessages, function(req, res){ res.json({ user: { id: req.user.get("id"), username: req.user.get("username") }, messages: res.messages, boxes: res.boxes, query: res.query, }) }) app.get("/api/message/:id", middleware.ensureAuthenticated, bucky.ensureMessage, bucky.markMessageUnread, function(req, res){ res.json({ message: res.message, }) }) app.post("/api/mail/send", middleware.ensureAuthenticated, bucky.ensureRecipient, bucky.sendMessage, bucky.deleteDraft, function(req, res){ res.json({ status: "ok" }) }) app.delete("/api/message/:id", middleware.ensureAuthenticated, bucky.ensureMessage, bucky.destroyMessage, function(req, res){ res.json({ status: "ok" }) }) auth.route(app) adminz.route(app) }