Tony Yang
102 lines
3.2 KiB
JavaScript
102 lines
3.2 KiB
JavaScript
import { verifyJWT } from '../middleware/auth';
|
|
import { captchaPlugins } from '../middleware/captcha';
|
|
import { createErrorResponse, createSuccessResponse } from '../utils';
|
|
|
|
export async function onRequestGet(context) {
|
|
try {
|
|
const { env } = context;
|
|
|
|
// Get the messages from D1
|
|
const { results } = await env.DB.prepare("SELECT messages.id, userId, username, message, timestamp, users.avatar FROM messages LEFT JOIN users ON users.id = messages.userId").all();
|
|
|
|
return createSuccessResponse({ messages: results });
|
|
} catch (error) {
|
|
console.error("Get messages error:", error);
|
|
return createErrorResponse("Get messages failed", 500);
|
|
}
|
|
}
|
|
|
|
export const onRequestPost = [
|
|
...captchaPlugins,
|
|
async (context) => {
|
|
try {
|
|
const { request, env } = context;
|
|
let payload;
|
|
|
|
try {
|
|
const formData = await request.formData();
|
|
payload = JSON.parse(formData.get('payload'));
|
|
} catch (e) {
|
|
console.error("Payload parsing error:", e);
|
|
return createErrorResponse("Invalid payload", 400);
|
|
}
|
|
|
|
const { message } = payload;
|
|
|
|
if (!message) {
|
|
return createErrorResponse("Empty message", 400);
|
|
}
|
|
|
|
if (message.length > 200) {
|
|
return createErrorResponse("Message too long", 400);
|
|
}
|
|
|
|
// Generate a unique ID for the message
|
|
const messageId = crypto.randomUUID();
|
|
|
|
// Store the message in D1
|
|
await env.DB.prepare("INSERT INTO messages (id, userId, message) VALUES (?, ?, ?)")
|
|
.bind(messageId, context.user.userId, message)
|
|
.run();
|
|
|
|
return new Response(JSON.stringify({ id: messageId, username: context.user.username, message }), {
|
|
headers: { 'Content-Type': 'application/json' },
|
|
});
|
|
} catch (error) {
|
|
console.error("Message posting error:", error);
|
|
return createErrorResponse("Message posting failed", 500);
|
|
}
|
|
},
|
|
];
|
|
|
|
export async function onRequestDelete(context) {
|
|
try {
|
|
const { request, env } = context;
|
|
|
|
// Verify the JWT token
|
|
const authResult = await verifyJWT(context);
|
|
if (authResult) {
|
|
return authResult; // Return the error response from the middleware
|
|
}
|
|
|
|
const { messageId } = await request.json();
|
|
|
|
if (!messageId) {
|
|
return new Response(JSON.stringify({"error": "Missing messageId"}), {
|
|
status: 400,
|
|
headers: { 'Content-Type': 'application/json' },
|
|
});
|
|
}
|
|
|
|
// Check if the message exists
|
|
const { results } = await env.DB.prepare("SELECT * FROM messages WHERE id = ?").bind(messageId).all();
|
|
if (results.length === 0) {
|
|
return createErrorResponse("Message not found", 404);
|
|
}
|
|
|
|
// Check if the user is the owner of the message
|
|
const message = results[0];
|
|
if (message.userId !== context.user.userId) {
|
|
return createErrorResponse("Unauthorized", 403);
|
|
}
|
|
|
|
// Delete the message from D1
|
|
await env.DB.prepare("DELETE FROM messages WHERE id = ?").bind(messageId).run();
|
|
|
|
return createSuccessResponse({ message: "Message deleted successfully" });
|
|
} catch (error) {
|
|
console.error("Message deletion error:", error);
|
|
return createErrorResponse("Message deletion failed", 500);
|
|
}
|
|
}
|