From cffea4521d1765d08d2dfaa5a06b243731a37762 Mon Sep 17 00:00:00 2001 From: "Jill \"oatmealine\" Monoids" Date: Fri, 6 Jan 2023 17:58:34 +0300 Subject: [PATCH] blocks --- db/migrations/17_blocks.sql | 11 +++++++++ src/endpoints/social/blockUser.cr | 29 +++++++++++++++++++++++ src/endpoints/social/getUserList.cr | 13 ++++++---- src/endpoints/social/sendFriendRequest.cr | 5 +++- src/endpoints/social/sendMessage.cr | 5 ++-- src/endpoints/social/unblockUser.cr | 26 ++++++++++++++++++++ src/lib/accounts.cr | 4 ++++ 7 files changed, 86 insertions(+), 7 deletions(-) create mode 100644 db/migrations/17_blocks.sql create mode 100644 src/endpoints/social/blockUser.cr create mode 100644 src/endpoints/social/unblockUser.cr diff --git a/db/migrations/17_blocks.sql b/db/migrations/17_blocks.sql new file mode 100644 index 0000000..4c621d1 --- /dev/null +++ b/db/migrations/17_blocks.sql @@ -0,0 +1,11 @@ +-- +migrate up + +CREATE TABLE block_links ( + from_account_id INTEGER NOT NULL references accounts(id), + to_account_id INTEGER NOT NULL references accounts(id), + + created_at TEXT NOT NULL DEFAULT (STRFTIME('%Y-%m-%d %H:%M:%f', 'now')) +); + +-- +migrate down +DROP TABLE block_links; \ No newline at end of file diff --git a/src/endpoints/social/blockUser.cr b/src/endpoints/social/blockUser.cr new file mode 100644 index 0000000..03a5989 --- /dev/null +++ b/src/endpoints/social/blockUser.cr @@ -0,0 +1,29 @@ +require "uri" + +include CrystalGauntlet + +CrystalGauntlet.endpoints["/blockGJUser20.php"] = ->(context : HTTP::Server::Context): String { + params = URI::Params.parse(context.request.body.not_nil!.gets_to_end) + LOG.debug { params.inspect } + + user_id, account_id = Accounts.auth(params) + if !(user_id && account_id) + return "-1" + end + + target_account_id = params["targetAccountID"].to_i + + if DATABASE.scalar("select count(*) from accounts where id = ?", target_account_id).as(Int64) == 0 + return "-1" + end + if DATABASE.scalar("select count(*) from block_links where from_account_id = ? and to_account_id = ?", account_id, target_account_id).as(Int64) > 0 + return "-1" + end + + DATABASE.exec("insert into block_links (from_account_id, to_account_id) values (?, ?)", account_id, target_account_id) + DATABASE.exec("delete from messages where from_account_id = ? and to_account_id = ?", target_account_id, account_id) + DATABASE.exec("delete from friend_requests where from_account_id = ? and to_account_id = ?", target_account_id, account_id) + DATABASE.exec("delete from friend_links where (account_id_1 = ? and account_id_2 = ?) or (account_id_2 = ? and account_id_1 = ?)", target_account_id, account_id, target_account_id, account_id) + + return "1" +} diff --git a/src/endpoints/social/getUserList.cr b/src/endpoints/social/getUserList.cr index 1b08b17..b76d1f7 100644 --- a/src/endpoints/social/getUserList.cr +++ b/src/endpoints/social/getUserList.cr @@ -13,8 +13,11 @@ CrystalGauntlet.endpoints["/getGJUserList20.php"] = ->(context : HTTP::Server::C users = [] of String - # todo: implement blocked users - DATABASE.query_all("select account_id_1, account_id_2, read_at_1, read_at_2 from friend_links where account_id_1 = ? or account_id_2 = ? order by created_at desc", account_id, account_id, as: {Int32, Int32, String?, String?}).each() do |account_id_1, account_id_2, read_at_1, read_at_2| + accounts = params["type"]? == "1" ? + DATABASE.query_all("select from_account_id, to_account_id, '', '' from block_links where from_account_id = ? order by created_at desc", account_id, as: {Int32, Int32, String?, String?}) : + DATABASE.query_all("select account_id_1, account_id_2, read_at_1, read_at_2 from friend_links where account_id_1 = ? or account_id_2 = ? order by created_at desc", account_id, account_id, as: {Int32, Int32, String?, String?}) + + accounts.each() do |account_id_1, account_id_2, read_at_1, read_at_2| read_at = account_id_1 == account_id ? read_at_1 : read_at_2 other_account_id = account_id_1 == account_id ? account_id_2 : account_id_1 @@ -38,8 +41,10 @@ CrystalGauntlet.endpoints["/getGJUserList20.php"] = ->(context : HTTP::Server::C }) end - DATABASE.exec("update friend_links set read_at_1 = ? where account_id_1 = ? and read_at_1 is null", Time.utc.to_s(Format::TIME_FORMAT), account_id) - DATABASE.exec("update friend_links set read_at_2 = ? where account_id_2 = ? and read_at_2 is null", Time.utc.to_s(Format::TIME_FORMAT), account_id) + if params["type"]? != "1" + DATABASE.exec("update friend_links set read_at_1 = ? where account_id_1 = ? and read_at_1 is null", Time.utc.to_s(Format::TIME_FORMAT), account_id) + DATABASE.exec("update friend_links set read_at_2 = ? where account_id_2 = ? and read_at_2 is null", Time.utc.to_s(Format::TIME_FORMAT), account_id) + end return users.join("|") } diff --git a/src/endpoints/social/sendFriendRequest.cr b/src/endpoints/social/sendFriendRequest.cr index 80730d2..21fef7a 100644 --- a/src/endpoints/social/sendFriendRequest.cr +++ b/src/endpoints/social/sendFriendRequest.cr @@ -13,7 +13,6 @@ CrystalGauntlet.endpoints["/uploadFriendRequest20.php"] = ->(context : HTTP::Ser target_account_id = params["toAccountID"].to_i - # todo: check for blocks if DATABASE.scalar("select count(*) from accounts where id = ?", target_account_id).as(Int64) == 0 return "-1" end @@ -28,6 +27,10 @@ CrystalGauntlet.endpoints["/uploadFriendRequest20.php"] = ->(context : HTTP::Ser return "-1" end + if Accounts.is_blocked_by(account_id, params["toAccountID"].to_i) + return "-1" + end + next_fr_id = IDs.get_next_id("friend_requests") DATABASE.exec("insert into friend_requests (id, from_account_id, to_account_id, body) values (?, ?, ?, ?)", next_fr_id, account_id, params["toAccountID"].to_i, Base64.decode_string(params["comment"])[..140-1]) diff --git a/src/endpoints/social/sendMessage.cr b/src/endpoints/social/sendMessage.cr index e0b7cd9..a6e132c 100644 --- a/src/endpoints/social/sendMessage.cr +++ b/src/endpoints/social/sendMessage.cr @@ -11,7 +11,6 @@ CrystalGauntlet.endpoints["/uploadGJMessage20.php"] = ->(context : HTTP::Server: return "-1" end - # todo: check for blocks if DATABASE.scalar("select count(*) from accounts where id = ?", params["toAccountID"].to_i).as(Int64) == 0 return "-1" end @@ -25,7 +24,9 @@ CrystalGauntlet.endpoints["/uploadGJMessage20.php"] = ->(context : HTTP::Server: return "-1" end when 2 - # go ahead + if Accounts.is_blocked_by(account_id, params["toAccountID"].to_i) + return "-1" + end end next_message_id = IDs.get_next_id("messages") diff --git a/src/endpoints/social/unblockUser.cr b/src/endpoints/social/unblockUser.cr new file mode 100644 index 0000000..98c832e --- /dev/null +++ b/src/endpoints/social/unblockUser.cr @@ -0,0 +1,26 @@ +require "uri" + +include CrystalGauntlet + +CrystalGauntlet.endpoints["/unblockGJUser20.php"] = ->(context : HTTP::Server::Context): String { + params = URI::Params.parse(context.request.body.not_nil!.gets_to_end) + LOG.debug { params.inspect } + + user_id, account_id = Accounts.auth(params) + if !(user_id && account_id) + return "-1" + end + + target_account_id = params["targetAccountID"].to_i + + if DATABASE.scalar("select count(*) from accounts where id = ?", target_account_id).as(Int64) == 0 + return "-1" + end + if DATABASE.scalar("select count(*) from block_links where from_account_id = ? and to_account_id = ?", account_id, target_account_id).as(Int64) == 0 + return "-1" + end + + DATABASE.exec("delete from block_links where from_account_id = ? and to_account_id = ?", account_id, target_account_id) + + return "1" +} diff --git a/src/lib/accounts.cr b/src/lib/accounts.cr index 7a7e9ce..56bdc55 100644 --- a/src/lib/accounts.cr +++ b/src/lib/accounts.cr @@ -71,6 +71,10 @@ module CrystalGauntlet::Accounts bcrypt.verify(GJP.decrypt(gjp)) end + def is_blocked_by(account_id : Int32, by : Int32) + DATABASE.scalar("select count(*) from block_links where (from_account_id = ? and to_account_id = ?)", by, account_id).as(Int64) > 0 + end + def are_friends(account_id_1 : Int32, account_id_2 : Int32) DATABASE.scalar("select count(*) from friend_links where (account_id_1 = ? and account_id_2 = ?) or (account_id_2 = ? and account_id_1 = ?)", account_id_1, account_id_2, account_id_1, account_id_2).as(Int64) > 0 end