From 9915aa18d8603e3f04071f73c3f2954a87269a51 Mon Sep 17 00:00:00 2001
From: "Jill \"oatmealine\" Monoids" <oatmealine@disroot.org>
Date: Fri, 6 Jan 2023 11:51:11 +0300
Subject: [PATCH] properly implement message/comment disabled

---
 db/migrations/3_accounts.sql              |  6 ++++--
 src/endpoints/social/sendFriendRequest.cr |  7 ++++++-
 src/endpoints/social/sendMessage.cr       | 12 ++++++++++++
 src/endpoints/users/getUser.cr            | 10 ++++------
 src/lib/accounts.cr                       |  4 ++++
 5 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/db/migrations/3_accounts.sql b/db/migrations/3_accounts.sql
index 7b47a42..b7015a4 100644
--- a/db/migrations/3_accounts.sql
+++ b/db/migrations/3_accounts.sql
@@ -10,9 +10,11 @@ CREATE TABLE accounts (
   -- todo: swap to proper rank system
   is_admin  INTEGER  NOT NULL  DEFAULT 0,
 
-  messages_enabled         INTEGER  NOT NULL  DEFAULT 1, -- messages from non-friends enabled
+  -- 0: disabled, 1: only for friends, 2: open to all
+  messages_enabled         INTEGER  NOT NULL  DEFAULT 2,
+  comments_enabled         INTEGER  NOT NULL  DEFAULT 0,
+  -- 0: disabled, 1: enabled
   friend_requests_enabled  INTEGER  NOT NULL  DEFAULT 1, -- frs enabled
-  comments_enabled         INTEGER  NOT NULL  DEFAULT 0, -- able to see user's comments
 
   youtube_url  TEXT,
   twitter_url  TEXT,
diff --git a/src/endpoints/social/sendFriendRequest.cr b/src/endpoints/social/sendFriendRequest.cr
index e76e5d1..726e3fd 100644
--- a/src/endpoints/social/sendFriendRequest.cr
+++ b/src/endpoints/social/sendFriendRequest.cr
@@ -16,11 +16,16 @@ CrystalGauntlet.endpoints["/uploadFriendRequest20.php"] = ->(context : HTTP::Ser
     return "-1"
   end
 
-  if DATABASE.scalar("select count(*) from friend_requests where from_account_id = ? or to_account_id = ?", account_id).as(Int64) > 0
+  if DATABASE.scalar("select count(*) from friend_requests where from_account_id = ? or to_account_id = ?", account_id, account_id).as(Int64) > 0
     # already fr'd
     return "-1"
   end
 
+  if DATABASE.scalar("select friend_requests_enabled from accounts where id = ?", account_id).as(Int64) == 0
+    # disabled
+    return "-1"
+  end
+
   next_fr_id = IDs.get_next_id("friend_requests")
   DATABASE.exec("insert into friend_requests (id, from_account_id, to_account_id, body) values (?, ?, ?, ?)", next_fr_id, account_id, params["toAccountID"].to_i, Base64.decode_string(params["comment"])[..140-1])
 
diff --git a/src/endpoints/social/sendMessage.cr b/src/endpoints/social/sendMessage.cr
index 7e37a1d..e0b7cd9 100644
--- a/src/endpoints/social/sendMessage.cr
+++ b/src/endpoints/social/sendMessage.cr
@@ -16,6 +16,18 @@ CrystalGauntlet.endpoints["/uploadGJMessage20.php"] = ->(context : HTTP::Server:
     return "-1"
   end
 
+  message_status = DATABASE.scalar("select messages_enabled from accounts where id = ?", account_id).as(Int64)
+  case message_status
+  when 0
+    return "-1"
+  when 1
+    if !Accounts.are_friends(account_id, params["toAccountID"].to_i)
+      return "-1"
+    end
+  when 2
+    # go ahead
+  end
+
   next_message_id = IDs.get_next_id("messages")
   DATABASE.exec("insert into messages (id, from_account_id, to_account_id, subject, body) values (?, ?, ?, ?, ?)", next_message_id, account_id, params["toAccountID"].to_i, Base64.decode_string(params["subject"])[..35-1], String.new(XorCrypt.encrypt_string(Base64.decode_string(params["body"])[..200-1], XorCrypt::MESSAGE_XOR_KEY)))
 
diff --git a/src/endpoints/users/getUser.cr b/src/endpoints/users/getUser.cr
index d0e95dd..686a37d 100644
--- a/src/endpoints/users/getUser.cr
+++ b/src/endpoints/users/getUser.cr
@@ -10,7 +10,7 @@ CrystalGauntlet.endpoints["/getGJUserInfo20.php"] = ->(context : HTTP::Server::C
 
   id, username, is_admin, messages_enabled, friend_requests_enabled, comments_enabled, youtube_url, twitter_url, twitch_url, created_at, user_id, stars, demons, coins, user_coins, diamonds, orbs, creator_points, icon_type, color1, color2, glow, cube, ship, ball, ufo, wave, robot, spider, explosion = DATABASE.query_one("select accounts.id, accounts.username, is_admin, messages_enabled, friend_requests_enabled, comments_enabled, youtube_url, twitter_url, twitch_url, accounts.created_at, users.id, stars, demons, coins, user_coins, diamonds, orbs, creator_points, icon_type, color1, color2, glow, cube, ship, ball, ufo, wave, robot, spider, explosion from accounts join users on accounts.id = users.account_id where accounts.id = ?", params["targetAccountID"], as: {Int32, String, Int32, Int32, Int32, Int32, String?, String?, String?, String, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32, Int32})
 
-  is_friend = DATABASE.scalar("select count(*) from friend_links where (account_id_1 = ? and account_id_2 = ?) or (account_id_2 = ? and account_id_1 = ?)", account_id, id, account_id, id).as(Int64) > 0
+  is_friend = Accounts.are_friends(id, account_id || -1)
   begin
     friend_request_id, friend_request_body, friend_request_created_at, from = DATABASE.query_one("select id, body, created_at, from_account_id from friend_requests where from_account_id = ? or to_account_id = ?", id, id, as: {Int32, String, String, Int32})
   rescue
@@ -27,8 +27,7 @@ CrystalGauntlet.endpoints["/getGJUserInfo20.php"] = ->(context : HTTP::Server::C
     13 => coins,
     16 => id,
     17 => user_coins,
-    # todo: messages can actually be disabled for _everyone_; this is actually an enum (0: all, 1: only friends, 2: none)
-    18 => !messages_enabled,
+    18 => 2 - messages_enabled,
     19 => !friend_requests_enabled,
     20 => youtube_url || "",
     21 => cube,
@@ -40,7 +39,7 @@ CrystalGauntlet.endpoints["/getGJUserInfo20.php"] = ->(context : HTTP::Server::C
     28 => glow,
     # registered or not; always 1 here
     29 => 1,
-    30 => 1, # rank; todo
+    30 => 1, # todo: rank
     # isnt (0) or is (1) friend or (3) incoming request or (4) outgoing request
     31 => friend_request_id ? (from == account_id ? 4 : 3) : (is_friend ? 1 : 0),
     32 => friend_request_id,
@@ -56,7 +55,6 @@ CrystalGauntlet.endpoints["/getGJUserInfo20.php"] = ->(context : HTTP::Server::C
     48 => explosion,
     # badge, todo
     49 => 0,
-    # todo: this is actually also an enum (0: all, 1: only friends, 2: none)
-    50 => !comments_enabled,
+    50 => 2 - comments_enabled
   })
 }
diff --git a/src/lib/accounts.cr b/src/lib/accounts.cr
index 83c25f6..7a7e9ce 100644
--- a/src/lib/accounts.cr
+++ b/src/lib/accounts.cr
@@ -70,4 +70,8 @@ module CrystalGauntlet::Accounts
     bcrypt = Crypto::Bcrypt::Password.new(hash)
     bcrypt.verify(GJP.decrypt(gjp))
   end
+
+  def are_friends(account_id_1 : Int32, account_id_2 : Int32)
+    DATABASE.scalar("select count(*) from friend_links where (account_id_1 = ? and account_id_2 = ?) or (account_id_2 = ? and account_id_1 = ?)", account_id_1, account_id_2, account_id_1, account_id_2).as(Int64) > 0
+  end
 end