blocks

2023-01-06 17:58:34 +03:00 · 2023-01-06 17:58:34 +03:00 · cffea4521d
parent c1fc797eae
commit cffea4521d
7 changed files with 86 additions and 7 deletions
--- a/db/migrations/17_blocks.sql
+++ b/db/migrations/17_blocks.sql
@ -0,0 +1,11 @@
+-- +migrate up
+
+CREATE TABLE block_links (
+  from_account_id  INTEGER  NOT NULL  references accounts(id),
+  to_account_id    INTEGER  NOT NULL  references accounts(id),
+
+  created_at  TEXT  NOT NULL  DEFAULT (STRFTIME('%Y-%m-%d %H:%M:%f', 'now'))
+);
+
+-- +migrate down
+DROP TABLE block_links;
--- a/src/endpoints/social/blockUser.cr
+++ b/src/endpoints/social/blockUser.cr
@ -0,0 +1,29 @@
+require "uri"
+
+include CrystalGauntlet
+
+CrystalGauntlet.endpoints["/blockGJUser20.php"] = ->(context : HTTP::Server::Context): String {
+  params = URI::Params.parse(context.request.body.not_nil!.gets_to_end)
+  LOG.debug { params.inspect }
+
+  user_id, account_id = Accounts.auth(params)
+  if !(user_id && account_id)
+    return "-1"
+  end
+
+  target_account_id = params["targetAccountID"].to_i
+
+  if DATABASE.scalar("select count(*) from accounts where id = ?", target_account_id).as(Int64) == 0
+    return "-1"
+  end
+  if DATABASE.scalar("select count(*) from block_links where from_account_id = ? and to_account_id = ?", account_id, target_account_id).as(Int64) > 0
+    return "-1"
+  end
+
+  DATABASE.exec("insert into block_links (from_account_id, to_account_id) values (?, ?)", account_id, target_account_id)
+  DATABASE.exec("delete from messages where from_account_id = ? and to_account_id = ?", target_account_id, account_id)
+  DATABASE.exec("delete from friend_requests where from_account_id = ? and to_account_id = ?", target_account_id, account_id)
+  DATABASE.exec("delete from friend_links where (account_id_1 = ? and account_id_2 = ?) or (account_id_2 = ? and account_id_1 = ?)", target_account_id, account_id, target_account_id, account_id)
+
+  return "1"
+}
--- a/src/endpoints/social/getUserList.cr
+++ b/src/endpoints/social/getUserList.cr
@ -13,8 +13,11 @@ CrystalGauntlet.endpoints["/getGJUserList20.php"] = ->(context : HTTP::Server::C

  users = [] of String

-  # todo: implement blocked users
-  DATABASE.query_all("select account_id_1, account_id_2, read_at_1, read_at_2 from friend_links where account_id_1 = ? or account_id_2 = ? order by created_at desc", account_id, account_id, as: {Int32, Int32, String?, String?}).each() do |account_id_1, account_id_2, read_at_1, read_at_2|
+  accounts = params["type"]? == "1" ?
+    DATABASE.query_all("select from_account_id, to_account_id, '', '' from block_links where from_account_id = ? order by created_at desc", account_id, as: {Int32, Int32, String?, String?}) :
+    DATABASE.query_all("select account_id_1, account_id_2, read_at_1, read_at_2 from friend_links where account_id_1 = ? or account_id_2 = ? order by created_at desc", account_id, account_id, as: {Int32, Int32, String?, String?})
+
+  accounts.each() do |account_id_1, account_id_2, read_at_1, read_at_2|
    read_at = account_id_1 == account_id ? read_at_1 : read_at_2
    other_account_id = account_id_1 == account_id ? account_id_2 : account_id_1

@ -38,8 +41,10 @@ CrystalGauntlet.endpoints["/getGJUserList20.php"] = ->(context : HTTP::Server::C
    })
  end

-  DATABASE.exec("update friend_links set read_at_1 = ? where account_id_1 = ? and read_at_1 is null", Time.utc.to_s(Format::TIME_FORMAT), account_id)
-  DATABASE.exec("update friend_links set read_at_2 = ? where account_id_2 = ? and read_at_2 is null", Time.utc.to_s(Format::TIME_FORMAT), account_id)
+  if params["type"]? != "1"
+    DATABASE.exec("update friend_links set read_at_1 = ? where account_id_1 = ? and read_at_1 is null", Time.utc.to_s(Format::TIME_FORMAT), account_id)
+    DATABASE.exec("update friend_links set read_at_2 = ? where account_id_2 = ? and read_at_2 is null", Time.utc.to_s(Format::TIME_FORMAT), account_id)
+  end

  return users.join("|")
 }
--- a/src/endpoints/social/sendFriendRequest.cr
+++ b/src/endpoints/social/sendFriendRequest.cr
@ -13,7 +13,6 @@ CrystalGauntlet.endpoints["/uploadFriendRequest20.php"] = ->(context : HTTP::Ser

  target_account_id = params["toAccountID"].to_i

-  # todo: check for blocks
  if DATABASE.scalar("select count(*) from accounts where id = ?", target_account_id).as(Int64) == 0
    return "-1"
  end
@ -28,6 +27,10 @@ CrystalGauntlet.endpoints["/uploadFriendRequest20.php"] = ->(context : HTTP::Ser
    return "-1"
  end

+  if Accounts.is_blocked_by(account_id, params["toAccountID"].to_i)
+    return "-1"
+  end
+
  next_fr_id = IDs.get_next_id("friend_requests")
  DATABASE.exec("insert into friend_requests (id, from_account_id, to_account_id, body) values (?, ?, ?, ?)", next_fr_id, account_id, params["toAccountID"].to_i, Base64.decode_string(params["comment"])[..140-1])

--- a/src/endpoints/social/sendMessage.cr
+++ b/src/endpoints/social/sendMessage.cr
@ -11,7 +11,6 @@ CrystalGauntlet.endpoints["/uploadGJMessage20.php"] = ->(context : HTTP::Server:
    return "-1"
  end

-  # todo: check for blocks
  if DATABASE.scalar("select count(*) from accounts where id = ?", params["toAccountID"].to_i).as(Int64) == 0
    return "-1"
  end
@ -25,7 +24,9 @@ CrystalGauntlet.endpoints["/uploadGJMessage20.php"] = ->(context : HTTP::Server:
      return "-1"
    end
  when 2
-    # go ahead
+    if Accounts.is_blocked_by(account_id, params["toAccountID"].to_i)
+      return "-1"
+    end
  end

  next_message_id = IDs.get_next_id("messages")
--- a/src/endpoints/social/unblockUser.cr
+++ b/src/endpoints/social/unblockUser.cr
@ -0,0 +1,26 @@
+require "uri"
+
+include CrystalGauntlet
+
+CrystalGauntlet.endpoints["/unblockGJUser20.php"] = ->(context : HTTP::Server::Context): String {
+  params = URI::Params.parse(context.request.body.not_nil!.gets_to_end)
+  LOG.debug { params.inspect }
+
+  user_id, account_id = Accounts.auth(params)
+  if !(user_id && account_id)
+    return "-1"
+  end
+
+  target_account_id = params["targetAccountID"].to_i
+
+  if DATABASE.scalar("select count(*) from accounts where id = ?", target_account_id).as(Int64) == 0
+    return "-1"
+  end
+  if DATABASE.scalar("select count(*) from block_links where from_account_id = ? and to_account_id = ?", account_id, target_account_id).as(Int64) == 0
+    return "-1"
+  end
+
+  DATABASE.exec("delete from block_links where from_account_id = ? and to_account_id = ?", account_id, target_account_id)
+
+  return "1"
+}
--- a/src/lib/accounts.cr
+++ b/src/lib/accounts.cr
@ -71,6 +71,10 @@ module CrystalGauntlet::Accounts
    bcrypt.verify(GJP.decrypt(gjp))
  end

+  def is_blocked_by(account_id : Int32, by : Int32)
+    DATABASE.scalar("select count(*) from block_links where (from_account_id = ? and to_account_id = ?)", by, account_id).as(Int64) > 0
+  end
+
  def are_friends(account_id_1 : Int32, account_id_2 : Int32)
    DATABASE.scalar("select count(*) from friend_links where (account_id_1 = ? and account_id_2 = ?) or (account_id_2 = ? and account_id_1 = ?)", account_id_1, account_id_2, account_id_1, account_id_2).as(Int64) > 0
  end