profile comments
This commit is contained in:
parent
15ab48298d
commit
09eee68e51
13
db/migrations/8_account_comments.sql
Normal file
13
db/migrations/8_account_comments.sql
Normal file
|
@ -0,0 +1,13 @@
|
|||
-- +migrate up
|
||||
CREATE TABLE account_comments (
|
||||
id SERIAL PRIMARY KEY,
|
||||
|
||||
account_id INTEGER NOT NULL references users(id),
|
||||
comment TEXT NOT NULL,
|
||||
|
||||
created_at TEXT NOT NULL DEFAULT (STRFTIME('%Y-%m-%d %H:%M:%f', 'now')),
|
||||
likes INTEGER NOT NULL DEFAULT 0
|
||||
);
|
||||
|
||||
-- +migrate down
|
||||
DROP TABLE account_comments;
|
|
@ -18,16 +18,19 @@ CrystalGauntlet.endpoints["/likeGJItem211.php"] = ->(body : String): String {
|
|||
table = ""
|
||||
column = ""
|
||||
case type
|
||||
when 1
|
||||
when 1 # level like
|
||||
table = "levels"
|
||||
column = "id"
|
||||
else # type 2 = comment, type 3 = account comments
|
||||
when 2 # level comment like
|
||||
table = "account_comments"
|
||||
column = "id"
|
||||
when 3 # account comments
|
||||
return "-1"
|
||||
end
|
||||
|
||||
is_like = (params["isLike"]? || "1").to_i
|
||||
sign = is_like == 1 ? '+' : '-'
|
||||
|
||||
|
||||
# note: formatting them like this is not a security vulnerability as the only possibilities for table, sign
|
||||
# and column are already known and not controlled directly by user input
|
||||
DATABASE.exec "update #{table} set likes = likes #{sign} 1 where #{column} = ?", item_id
|
||||
|
|
25
src/endpoints/users/addProfileComment.cr
Normal file
25
src/endpoints/users/addProfileComment.cr
Normal file
|
@ -0,0 +1,25 @@
|
|||
require "uri"
|
||||
|
||||
include CrystalGauntlet
|
||||
|
||||
CrystalGauntlet.endpoints["/uploadGJAccComment20.php"] = ->(body : String): String {
|
||||
params = URI::Params.parse(body)
|
||||
puts params.inspect
|
||||
|
||||
user_id, account_id = Accounts.auth(params)
|
||||
if !(user_id && account_id)
|
||||
return "-1"
|
||||
end
|
||||
|
||||
comment = params["comment"]?
|
||||
|
||||
if comment && comment != ""
|
||||
# todo: cap comment size
|
||||
comment_value = Base64.decode_string comment # usual b64, surprisingly
|
||||
next_id = (DATABASE.scalar("select max(id) from account_comments").as(Int64 | Nil) || 0) + 1
|
||||
DATABASE.exec("insert into account_comments (id, account_id, comment) values (?, ?, ?)", next_id, account_id, comment_value)
|
||||
return "1"
|
||||
else
|
||||
return "-1"
|
||||
end
|
||||
}
|
26
src/endpoints/users/deleteProfileComment.cr
Normal file
26
src/endpoints/users/deleteProfileComment.cr
Normal file
|
@ -0,0 +1,26 @@
|
|||
require "uri"
|
||||
|
||||
include CrystalGauntlet
|
||||
|
||||
CrystalGauntlet.endpoints["/deleteGJAccComment20.php"] = ->(body : String): String {
|
||||
params = URI::Params.parse(body)
|
||||
puts params.inspect
|
||||
|
||||
user_id, account_id = Accounts.auth(params)
|
||||
if !(user_id && account_id)
|
||||
return "-1"
|
||||
end
|
||||
|
||||
comment_id = params["commentID"].to_i
|
||||
|
||||
# kind of a dumb hack, but it works
|
||||
target_account_id = DATABASE.scalar("select max(account_id) from account_comments where id = ?", comment_id).as(Int64 | Nil)
|
||||
|
||||
# todo: let mods delete any comment
|
||||
if target_account_id && account_id == target_account_id
|
||||
DATABASE.exec("delete from account_comments where id = ?", comment_id)
|
||||
return "1"
|
||||
else
|
||||
return "-1"
|
||||
end
|
||||
}
|
41
src/endpoints/users/getProfileComments.cr
Normal file
41
src/endpoints/users/getProfileComments.cr
Normal file
|
@ -0,0 +1,41 @@
|
|||
require "uri"
|
||||
|
||||
include CrystalGauntlet
|
||||
|
||||
comments_per_page = 10
|
||||
|
||||
CrystalGauntlet.endpoints["/getGJAccountComments20.php"] = ->(body : String): String {
|
||||
params = URI::Params.parse(body)
|
||||
puts params.inspect
|
||||
|
||||
account_id = params["accountID"].to_i
|
||||
|
||||
comment_offset = (params["page"]? || "0").to_i * comments_per_page
|
||||
|
||||
amount = DATABASE.scalar("select count(*) from account_comments where account_id = ?", account_id)
|
||||
|
||||
users_str = [] of String
|
||||
|
||||
DATABASE.query("select id, comment, created_at, likes from account_comments where account_id = ? order by created_at desc limit #{comments_per_page} offset #{comment_offset}", account_id) do |rs|
|
||||
rs.each do
|
||||
id = rs.read(Int32)
|
||||
comment = rs.read(String)
|
||||
created_at = rs.read(String)
|
||||
likes = rs.read(Int32)
|
||||
|
||||
users_str << Format.fmt_comment({
|
||||
2 => Base64.encode(comment).strip("\n"),
|
||||
3 => account_id,
|
||||
4 => likes,
|
||||
5 => 0,
|
||||
7 => likes < -3, # todo: config?
|
||||
#9 => Format.fmt_timespan(Time.utc - Time.parse(created_at, Format::TIME_FORMAT, Time::Location::UTC)),
|
||||
6 => id
|
||||
})
|
||||
end
|
||||
end
|
||||
|
||||
search_meta = "#{amount}:#{comment_offset}:#{comments_per_page}"
|
||||
|
||||
[users_str.join("|"), search_meta].join("#")
|
||||
}
|
|
@ -46,6 +46,10 @@ module CrystalGauntlet::Format
|
|||
def fmt_song(hash) : String
|
||||
hash.map_with_index{ |(i, v)| "#{i}~|~#{fmt_value(v)}" }.join("~|~")
|
||||
end
|
||||
|
||||
def fmt_comment(hash) : String
|
||||
hash.map_with_index{ |(i, v)| "#{i}~#{fmt_value(v)}" }.join("~")
|
||||
end
|
||||
end
|
||||
|
||||
module CrystalGauntlet::GDBase64
|
||||
|
|
Loading…
Reference in a new issue