From d61797a7485c26489747cc6cb17b333344b5aeb7 Mon Sep 17 00:00:00 2001
From: leca <leca@foxarmy.org>
Date: Fri, 17 Nov 2023 01:17:39 +0300
Subject: [PATCH] rework of the DB structure, rewrite of the API

---
 src/index.js | 81 ++++++++++++++++++++++++++++++++++++++--------------
 1 file changed, 59 insertions(+), 22 deletions(-)

diff --git a/src/index.js b/src/index.js
index c7acc27..1efa569 100644
--- a/src/index.js
+++ b/src/index.js
@@ -67,51 +67,84 @@ app.post('/api/uploadMedia', async (req, res) => {
 
 });
 
+app.get('/api/getPosts/:boardId/:threadId', async (req, res) => {
+    posts = [];
+    (await db.query('SELECT post_id FROM posts WHERE board_id = $1 AND thread_id = $2', [req.params.boardId, req.params.threadId])).rows
+        .forEach((post) => posts.push(post.post_id))
+    
+    res.setHeader('Content-Type', 'application/json');
+    res.end(JSON.stringify(posts));
+});
+
 app.post('/api/post', async (req, res) => {
-    const { content,  } = req.body;
+    let login = req.session.login, 
+        token = req.session.token, 
+        isAdmin = false;
+    const {options, content, threadId, boardId} = req.body;
+
+    if (!threadId || !boardId) return res.status(400).send("Не указано ID треда или доски");
+
+    if (login && token) {
+        if (authorize(login, token)) isAdmin = true;
+        else res.status(403).send("Невалидный токен");
+    }
+
+    let postId = Number((await db.query('SELECT post_id FROM posts WHERE board_id = $1 ORDER BY post_id DESC LIMIT 1', [boardId])).rows[0].post_id) + 1
+    await db.query('INSERT INTO posts(board_id, thread_id, post_id, options, content, media_ids, is_root, timestamp, user_ip) VALUES ($1, $2, $3, $4, $5, \'{}\', false, NOW(), $6)', [boardId, threadId, postId, options, content, req.socket.remoteAddress]);
+    await db.query('UPDATE threads SET posts_ids = ARRAY_APPEND(posts_ids, $1) WHERE thread_id = $2 AND board_id = $3', [postId, threadId, boardId]);
+ 
+    res.status(200).send("Пост отправлен"); 
 });
 
 app.post('/api/createThread', async (req, res) => {
-    let login, token, isLocked, isPinned
+    let login = req.session.login,
+        token = req.session.token,
+        isLocked,
+        isPinned,
+        isAdmin = false;
     const { boardId, threadTitle, content, options} = req.body;
 
-    isLocked = isLocked? isLocked : false;
+    if (!boardId) return res.status(400).send("Не указано имя доски");
+
+    isLocked = isLocked? isLocked : false; // if undefined then false
     isPinned = isPinned? isPinned : false;
 
     console.log(`Board id: ${boardId}\nThread name: ${threadTitle}\nIs locked: ${isLocked}\nIs pinned: ${isPinned}\nContent: ${content}\nOptions: ${options}`);
     
-    try {
-        let currentSession = req.session;
-        token = currentSession.token;
-        login = currentSession.login;
-    } catch (err) {
-        console.log(err);
+    if (login && token) {
+        if (authorize(login, token)) isAdmin = true;
+        else res.status(403).send("Невалидный токен");
     }
 
+    const boardOptions = (await db.query('SELECT options FROM boards WHERE board_id = $1', [boardId])).rows[0].options;
 
-    if (login && token && token != tokens[login]) return res.status(403).send("Невалидный токен");
-    let isAdmin = token? true : false;
-
-    const boardOptions = (await db.query('SELECT * FROM boards WHERE board_id = $1', [boardId])).rows[0].options
-    let postId = (await db.query('SELECT nextval(pg_get_serial_sequence(\'posts\', \'post_id\'))')).rows[0].nextval;
-    let threadId = (await db.query('SELECT nextval(pg_get_serial_sequence(\'threads\', \'thread_id\'))')).rows[0].nextval;
+    let threadId = (await db.query('SELECT EXISTS(SELECT FROM threads WHERE board_id = $1)', [boardId])).rows[0].exists?
+        Number((await db.query('SELECT thread_id FROM threads WHERE board_id = $1 ORDER BY thread_id DESC LIMIT 1', [boardId])).rows[0].thread_id) + 1
+        : 0
+    let postId = (await db.query('SELECT EXISTS(SELECT FROM posts WHERE board_id = $1)', [boardId])).rows[0].exists?
+        Number((await db.query('SELECT post_id FROM posts WHERE board_id = $1 ORDER BY post_id DESC LIMIT 1', [boardId])).rows[0].post_id) + 1
+        : 0
+    console.log(`ThreadId: ${threadId} postId: ${postId}`);
 
     let validateResults = validateThread(threadTitle, isLocked, 
                          isPinned, content, options, 
                          boardOptions, isAdmin);
     if (validateResults != "ok") return res.status(400).send(validateResults);
 
-    await db.query('INSERT INTO posts (post_id, content, is_root, timestamp, user_ip) VALUES($1, $2, $3, NOW(), $4)', [postId, content, true, req.socket.remoteAddress]);
-    await db.query('INSERT INTO threads (thread_id, thread_name, posts_ids, is_locked, is_pinned, options) VALUES ($1, $2, $3, $4, $5, $6)', [threadId, threadTitle, [postId], isLocked, isPinned, options]);
-    await db.query('UPDATE boards SET threads_ids = ARRAY_APPEND(threads_ids, $1) WHERE board_id = $2', [threadId, boardId]);
+    await db.query('INSERT INTO posts (board_id, thread_id, post_id, content, is_root, timestamp, user_ip) VALUES($1, $2, $3, $4, $5, NOW(), $6)', [boardId, threadId, postId, content, true, req.socket.remoteAddress]);
+    await db.query('INSERT INTO threads (board_id, thread_id, thread_name, posts_ids, is_locked, is_pinned, options) VALUES ($1, $2, $3, $4, $5, $6, $7)', [boardId, threadId, threadTitle, [postId], isLocked, isPinned, options]);
+    // await db.query('UPDATE boards SET threads_ids = ARRAY_APPEND(threads_ids, $1) WHERE board_id = $2', [threadId, boardId]);
     res.redirect(`/${boardId}/${postId}`);    
 });
 
 app.get('/api/getThreads/:boardId', async (req, res) => {
-    let queryRes = (await db.query('SELECT * FROM boards WHERE board_id = $1', [req.params.boardId])).rows[0];
-
+    // let queryRes = (await db.query('SELECT * FROM boards WHERE board_id = $1', [req.params.boardId])).rows[0];
+    threads = [];
+    (await db.query('SELECT thread_id FROM threads WHERE board_id = $1', [req.params.boardId])).rows
+        .forEach((thread) => threads.push(thread.thread_id))
+    
     res.setHeader('Content-Type', 'application/json');
-    res.end(JSON.stringify(queryRes.threads_ids));
+    res.end(JSON.stringify(threads));
 });
 
 app.get('/api/getBoards', async (req, res) => {
@@ -182,4 +215,8 @@ const validateThread = (threadName, isLocked, isPinned, content, options, boardO
 
     //TODO: check if image is required
     return 'ok'
-}
+};
+
+const authorize = (login, token) => {
+    return tokens[login] == token? true : false;
+};
\ No newline at end of file