mirror of
https://github.com/Akif9748/akf-forum.git
synced 2024-11-20 02:50:41 +03:00
89 lines
No EOL
2.3 KiB
JavaScript
89 lines
No EOL
2.3 KiB
JavaScript
const { Router } = require("express");
|
|
const app = Router();
|
|
const rateLimit = require('express-rate-limit')
|
|
|
|
const error = require("../errors/error")
|
|
const { ThreadModel, MessageModel } = require("../models")
|
|
|
|
|
|
app.get("/", async (req, res) => {
|
|
|
|
const user = req.user;
|
|
|
|
const threads = await ThreadModel.find(user?.admin ? {} : { deleted: false }).limit(10);
|
|
|
|
return res.render("threads", { threads, user });
|
|
});
|
|
|
|
|
|
app.get("/create*", async (req, res) => {
|
|
|
|
const user = req.user
|
|
res.render("createThread", { user })
|
|
|
|
});
|
|
|
|
app.get("/:id", async (req, res) => {
|
|
|
|
const { id } = req.params;
|
|
|
|
const thread = await ThreadModel.get(id);
|
|
const user = req.user;
|
|
|
|
if (thread && (user?.admin || !thread.deleted)) {
|
|
|
|
const messages = await Promise.all(thread.messages.map(async id => {
|
|
const message = await MessageModel.get(id)
|
|
return user?.admin || !message?.deleted ? message : null;
|
|
}));
|
|
|
|
res.render("thread", { thread, messages, user })
|
|
} else
|
|
error(res, 404, "We have not got this thread.");
|
|
});
|
|
|
|
|
|
|
|
|
|
app.use(require("../middlewares/login"));
|
|
|
|
|
|
app.post("/", rateLimit({
|
|
windowMs: 10 * 60_000, max: 1, standardHeaders: true, legacyHeaders: false,
|
|
handler: (request, response, next, options) =>
|
|
!request.user.admin ?
|
|
error(response, options.statusCode, "You are begin ratelimited")
|
|
: next()
|
|
}), async (req, res) => {
|
|
|
|
const { title = null, content = null } = req.body;
|
|
|
|
if (!title || !content) return error(res, 400, "Title and/or content is missing");
|
|
const user = req.user
|
|
const thread = await new ThreadModel({ title, author: user }).takeId()
|
|
|
|
const message = await new MessageModel({ content, author: user, threadID: thread.id }).takeId()
|
|
|
|
await thread.push(message.id).save();
|
|
|
|
await message.save();
|
|
|
|
res.redirect('/threads/' + thread.id);
|
|
})
|
|
|
|
app.post("/:id/delete", async (req, res) => {
|
|
const thread = await ThreadModel.get(req.params.id);
|
|
if (!thread || thread.deleted) return error(res, 404, "We have not got any thread declared as this id.");
|
|
const user = req.user;
|
|
if (user.id != thread.authorID && !user.admin)
|
|
return error(res, 403, "You have not got permission for this.");
|
|
|
|
thread.deleted = true;
|
|
await thread.save();
|
|
|
|
|
|
res.status(200).redirect("/threads/");
|
|
|
|
})
|
|
|
|
module.exports = app; |