1 files changed, 27 insertions, 1 deletions

diff --git a/src/site.clj b/src/site.clj
index f76531d..9ecff8d 100755
--- a/src/site.clj
+++ b/src/site.clj
@@ -220,6 +220,15 @@
                        LIMIT ? OFFSET ?")]
        (do-select [query nick *dumps-per-page* offset]))))
 
+(defn fetch-public-message-by-id [id]
+  (let [query (str "SELECT m.content, m.created_on, m.user_id, u.nick, u.avatar
+                    FROM messages m, users u, rooms r
+                    WHERE m.user_id = u.user_id
+                    AND r.room_id = m.room_id
+                    AND r.admin_only = false
+                    AND m.message_id = ?")]
+    (first (do-select [query (maybe-parse-int id -1)]))))
+
 (defn build-room-map-from-db [room-db]
   {:admin_only (room-db :admin_only)
    :room_id (room-db :room_id)
@@ -451,7 +460,23 @@
     (if (zero? (count @*directory-listing*))
       (.setAttribute st "notloaded" true))
     (.toString st)))
-  
+
+;; Single posts
+
+(defn single-message [session nick-from-url id-from-url]
+  (if-let [user-info (fetch-nick nick-from-url)]
+    (if-let [message (fetch-public-message-by-id id-from-url)]
+      ; error if nick in url doesn't match the nick who posted the message from the id in url 
+      ; this prevents people from scraping all the content by incrementing the id in the url
+      (if (= (user-info :user_id) (message :user_id))
+        (let [st (fetch-template "single_message" session)]
+          (.setAttribute st "message" (process-message-for-output message))
+          (.toString st))
+        (resp-error "NO_MESSAGE"))
+      (resp-error "NO_MESSAGE"))
+    (resp-error "NO_USER")))
+
+
 ;; Topics
 
 (defn valid-topic? [topic]
@@ -772,6 +797,7 @@
   (GET "/u/:nick/:offset" (profile session
                                    (params :nick)
                                    (params :offset)))
+  (GET "/p/:nick/:postid" (single-message session (params :nick) (params :postid)))
   (GET "/login" (login session params cookies))
   (GET "/logout" (logout session))
   (GET "/register" (serve-static "static" "register.html"))