26 lines
967 B
Crystal
26 lines
967 B
Crystal
require "uri"
|
|
|
|
include CrystalGauntlet
|
|
|
|
CrystalGauntlet.endpoints["/deleteGJMessages20.php"] = ->(context : HTTP::Server::Context): String {
|
|
params = URI::Params.parse(context.request.body.not_nil!.gets_to_end)
|
|
LOG.debug { params.inspect }
|
|
|
|
user_id, account_id = Accounts.auth(params)
|
|
if !(user_id && account_id)
|
|
return "-1"
|
|
end
|
|
|
|
message_id = params["messageID"].to_i
|
|
|
|
id, from_account_id, to_account_id, subject, body, created_at, read_at, to_user_id, username = DATABASE.query_one("select messages.id, from_account_id, to_account_id, subject, body, messages.created_at, read_at, users.id, users.username from messages join users on users.account_id = to_account_id where messages.id = ?", message_id, as: {Int32, Int32, Int32, String, String, String, String?, Int32, String})
|
|
|
|
if from_account_id != account_id && to_account_id != account_id
|
|
return "-1"
|
|
end
|
|
|
|
DATABASE.exec("delete from messages where id = ?", message_id)
|
|
|
|
return "1"
|
|
}
|