|
|
@ -10,8 +10,8 @@ import { |
|
|
|
|
|
|
|
import { Server, IncomingMessage, ServerResponse } from 'http' |
|
|
|
|
|
|
|
import { unauthorizedError, serverError, notFoundError, badRequestError, badRequestFormError } from '../../lib/errors' |
|
|
|
import { getUserBlocks, getUser, getUserIdFromPhone, getUserIdFromEmail } from '../../lib/collections' |
|
|
|
import { unauthorizedError, serverError, notFoundError, badRequestError, badRequestFormError, forbiddenError } from '../../lib/errors' |
|
|
|
import { getUserBlocks, getUser, getUserIdFromPhone, getUserIdFromEmail, userIsValid } from '../../lib/collections' |
|
|
|
import { containerFor, createQuerySpec, queryItems, getItem, normalize } from '../../lib/database' |
|
|
|
import { deleteMedia, attachMedia } from '../../lib/media' |
|
|
|
|
|
|
@ -140,6 +140,7 @@ function updateRoute(server: FastifyInstance<Server, IncomingMessage, ServerResp |
|
|
|
const { resource: viewer } = await viewerItem.read<User>() |
|
|
|
|
|
|
|
if (!viewer) return serverError(reply) |
|
|
|
if (!userIsValid(viewer)) return forbiddenError(reply) |
|
|
|
|
|
|
|
const { |
|
|
|
name, |
|
|
@ -253,9 +254,9 @@ function getRoute(server: FastifyInstance<Server, IncomingMessage, ServerRespons |
|
|
|
if (request.viewer && request.viewer.id !== user.id) { |
|
|
|
const viewer = await getItem<User>({ container: userContainer, id: request.viewer.id }) |
|
|
|
if (!viewer) return serverError(reply) |
|
|
|
if (!viewer.groupId) return unauthorizedError(reply) |
|
|
|
if (!userIsValid(viewer)) return forbiddenError(reply) |
|
|
|
|
|
|
|
const blocks = await getUserBlocks(server.database.client, user.id, [viewer.id, viewer.groupId], request.log) |
|
|
|
const blocks = await getUserBlocks(server.database.client, user.id, [viewer.id, viewer.groupId!], request.log) |
|
|
|
if (blocks.length > 0) return unauthorizedError(reply) |
|
|
|
|
|
|
|
const subscription = (await queryItems<UserSubscription>({ |
|
|
@ -331,7 +332,7 @@ function subscribeRoute(server: FastifyInstance<Server, IncomingMessage, ServerR |
|
|
|
if (!server.database) return serverError(reply) |
|
|
|
if (!request.viewer) return unauthorizedError(reply) |
|
|
|
|
|
|
|
if (request.viewer.id === request.params.id) return badRequestError(reply) |
|
|
|
if (request.viewer.id === request.params.id) return badRequestError(reply, 'Cannot subscribe to self') |
|
|
|
|
|
|
|
const userContainer = containerFor(server.database.client, 'Users') |
|
|
|
const user = await getItem<User>({ container: userContainer, id: request.params.id }) |
|
|
@ -339,7 +340,7 @@ function subscribeRoute(server: FastifyInstance<Server, IncomingMessage, ServerR |
|
|
|
|
|
|
|
if (!user) return notFoundError(reply) |
|
|
|
if (!viewer) return serverError(reply) |
|
|
|
if (!viewer.groupId) return unauthorizedError(reply) |
|
|
|
if (!userIsValid(viewer)) return forbiddenError(reply) |
|
|
|
|
|
|
|
const subscriptionQuery = createQuerySpec(`SELECT u.id FROM Users u WHERE u.id = @user AND u.pk = @viewer AND u.t = @type`, { |
|
|
|
user: user.id, |
|
|
@ -370,14 +371,14 @@ function subscribeRoute(server: FastifyInstance<Server, IncomingMessage, ServerR |
|
|
|
(g.blockedId = @viewer OR g.blockedId = @viewerGroup) |
|
|
|
`, {
|
|
|
|
user: user.id, |
|
|
|
viewerGroup: viewer.groupId, |
|
|
|
viewerGroup: viewer.groupId!, |
|
|
|
type: GroupItemType.Block, |
|
|
|
}) |
|
|
|
|
|
|
|
const blocks = await queryItems<GroupBlock>({ |
|
|
|
container: containerFor(server.database.client, 'Groups'), |
|
|
|
query: blockQuery, |
|
|
|
logger: request.log |
|
|
|
logger: request.log, |
|
|
|
}) |
|
|
|
|
|
|
|
if (blocks.length > 0) return badRequestError(reply, 'Invalid operation') |
|
|
@ -563,7 +564,7 @@ function unblockRoute(server: FastifyInstance<Server, IncomingMessage, ServerRes |
|
|
|
|
|
|
|
const user = await getItem<User>({ container: userContainer, id: request.params.id }) |
|
|
|
if (!user) return notFoundError(reply) |
|
|
|
if (!user.groupId) return badRequestError(reply, 'Invalid operation') |
|
|
|
if (!user.groupId) return badRequestError(reply) |
|
|
|
|
|
|
|
const userBlockQuery = createQuerySpec(`SELECT u.id FROM Users u WHERE u.pk = @pk AND u.blockedId = @blocked AND u.t = @type`, { |
|
|
|
pk: request.viewer.id, |
|
|
@ -574,7 +575,7 @@ function unblockRoute(server: FastifyInstance<Server, IncomingMessage, ServerRes |
|
|
|
const userBlocks = await queryItems<UserBlock>({ |
|
|
|
container: userContainer, |
|
|
|
query: userBlockQuery, |
|
|
|
logger: request.log |
|
|
|
logger: request.log, |
|
|
|
}) |
|
|
|
|
|
|
|
for (const userBlock of userBlocks) { |
|
|
|