import express from "express"; import { body, param, validationResult } from "express-validator"; import { authenticateRoute } from "../../../auth"; import { query } from "../../../database"; import { errors } from "../../../errors"; const router = express.Router(); router.post( "/", authenticateRoute(), body("name").isLength({ min: 1, max: 40 }).isAlphanumeric("en-US", { ignore: " _-" }), async (req, res) => { const validationErrors = validationResult(req); if (!validationErrors.isEmpty()) { return res.status(400).json({ ...errors.INVALID_DATA, errors: validationErrors.array() }); } const { name } = req.body; const result = await query("INSERT INTO channels(name, owner_id) VALUES ($1, $2) RETURNING id, name, owner_id", [name, req.user.id]); if (result.rowCount < 1) { return res.status(500).json({ ...errors.GOT_NO_DATABASE_DATA }); } res.status(201).send(result.rows[0]); } ); router.put( "/:id", authenticateRoute(), body("name").isLength({ min: 1, max: 40 }).isAlphanumeric("en-US", { ignore: " _-" }), param("id").isNumeric(), async (req, res) => { const validationErrors = validationResult(req); if (!validationErrors.isEmpty()) { return res.status(400).json({ ...errors.INVALID_DATA, errors: validationErrors.array() }); } const { name } = req.body; const { id } = req.params; const permissionCheckResult = await query("SELECT owner_id FROM channels WHERE id = $1", [id]); if (permissionCheckResult.rowCount < 1) { return res.status(404).json({ ...errors.NOT_FOUND }); } if (permissionCheckResult.rows[0].owner_id !== req.user.id) { return res.status(403).json({ ...errors.FORBIDDEN_DUE_TO_MISSING_PERMISSIONS }); } const result = await query("UPDATE channels SET name = $1 WHERE id = $2", [name, id]); if (result.rowCount < 1) { return res.status(500).json({ ...errors.GOT_NO_DATABASE_DATA }); } return res.status(200).send({ id: parseInt(id), // TODO: ?? name, owner_id: permissionCheckResult.rows[0].owner_id }); } ); router.delete( "/:id", authenticateRoute(), param("id").isNumeric(), async (req, res) => { const validationErrors = validationResult(req); if (!validationErrors.isEmpty()) { return res.status(400).json({ ...errors.INVALID_DATA, errors: validationErrors.array() }); } const { id } = req.params; const permissionCheckResult = await query("SELECT owner_id FROM channels WHERE id = $1", [id]); if (permissionCheckResult.rowCount < 1) { return res.status(404).json({ ...errors.NOT_FOUND }); } if (permissionCheckResult.rows[0].owner_id !== req.user.id) { return res.status(403).json({ ...errors.FORBIDDEN_DUE_TO_MISSING_PERMISSIONS }); } const result = await query("DELETE FROM channels WHERE id = $1", [id]); if (result.rowCount < 1) { return res.status(500).json({ ...errors.GOT_NO_DATABASE_DATA }); } return res.status(204).send(""); } ); router.get( "/:id", authenticateRoute(), param("id").isNumeric(), async (req, res) => { const { id } = req.params; const result = await query("SELECT id, name, owner_id FROM channels WHERE id = $1", [id]); if (result.rowCount < 1) { return res.status(404).json({ ...errors.NOT_FOUND }); } return res.status(200).send(result.rows[0]); } ); export default router;