User comments frontend

author: LarsVomMars 2020-10-19 19:40:35 +0200
committer: LarsVomMars 2020-10-19 19:40:46 +0200
commit: e2c8fea877c156863dbf84f5593acf02894f56b5 (patch)
tree: 7e7b2da5ecd3abf984e41b5e44dc2c6a3197bf48 /profile/index.js
parent: 8d540e4d9aaa951b9031b38eb55bf181e04a8ab1 (diff)
1 files changed, 29 insertions, 13 deletions
diff --git a/profile/index.js b/profile/index.js
index e6627d6..1a46fc1 100644
--- a/profile/index.js
+++ b/profile/index.js
@@ -7,12 +7,22 @@ app.use(fileupload({}));
 
 app.use("/", express.static(__dirname + "/public/"));
 
-// Basic API
-app.get("/api/user", async (req, res) => {
-    const user = (await db.query("SELECT name, surname FROM users WHERE id = ?", [req.session.uid]))[0];
-    res.json(user);
+app.get("/api/user/:uid", async (req, res) => {
+    const uid = req.params.uid;
+    const user = await db.query("SELECT name, middlename, surname FROM users WHERE id = ?", [uid]);
+    const questions = await db.query(
+        "SELECT q.id, q.question, t.type FROM profile_questions q INNER JOIN profile_input_types t ON t.id = q.question_type",
+    );
+    const answers = await db.query("SELECT answer, question_id FROM profile_answers WHERE user_id = ?", [uid]);
+
+    for (const answer of answers) {
+        const qid = questions.findIndex((question) => question.id === answer.question_id);
+        if (qid !== undefined) questions[qid].answer = answer.answer;
+    }
+    res.json({ user: user[0], questions });
 });
 
+// Basic API
 app.get("/api/questions", async (req, res) => {
     const questions = await db.query(
         "SELECT q.id, q.question, t.type FROM profile_questions q INNER JOIN profile_input_types t ON t.id = q.question_type",
@@ -36,7 +46,7 @@ app.post("/api/add", async (req, res) => {
             await db.query("INSERT INTO profile_answers (question_id, user_id, answer) VALUES (?, ?, ?)", [
                 qid,
                 req.session.uid,
-                answer,
+                answer.replace(/</g, "&lt;").replace(/>/g, "&gt;"),
             ]);
         }
         for (let fid in req.files) {
@@ -49,7 +59,7 @@ app.post("/api/add", async (req, res) => {
             imageName = `${req.session.uid}_${new Date().getTime()}.${imageType}`;
             image.mv(__dirname + "/public/uploads/" + imageName);
             await db.query("INSERT INTO profile_answers (question_id, user_id, answer) VALUES (?, ?, ?)", [
-                qid,
+                fid,
                 req.session.uid,
                 imageName,
             ]);
@@ -97,28 +107,32 @@ app.put("/api/update", async (req, res) => {
 // Comments API
 app.get("/api/comments/:uid", async (req, res) => {
     const uid = req.params.uid;
-    const comments = await db.query("SELECT * FROM profile_comments WHERE profile_id = ?", [uid]);
+    const comments = await db.query(
+        "SELECT *, (user_id = ? OR ?) AS owner FROM profile_comments WHERE profile_id = ?",
+        [req.session.uid, req.session.isAdmin, uid],
+    );
     res.json(comments);
 });
 
 app.post("/api/comment", async (req, res) => {
     const { pid, comment } = req.body;
-    if (!pid || !comment) return res.send("error");
+    if (!pid || !comment) return res.json({ success: false });
     try {
         await db.query("INSERT INTO profile_comments (user_id, profile_id, comment) VALUES (?,?,?)", [
             req.session.uid,
             pid,
             comment,
         ]);
+        res.json({ success: true });
     } catch (e) {
         console.error(e);
-        return res.send("error");
+        return res.json({ success: false });
     }
 });
 
 app.put("/api/comment", async (req, res) => {
     const { pid, cid, comment } = req.body;
-    if (!pid || !comment || !cid) return res.send("error");
+    if (!pid || !comment || !cid) return res.json({ success: false });
     try {
         await db.query("UPDATE profile_comments SET comment = ? WHERE user_id = ? AND profile_id = ? AND id = ?", [
             comment,
@@ -126,24 +140,26 @@ app.put("/api/comment", async (req, res) => {
             pid,
             cid,
         ]);
+        res.json({ success: true });
     } catch (e) {
         console.error(e);
-        return res.send("error");
+        return res.json({ success: false });
     }
 });
 
 app.delete("/api/comment", async (req, res) => {
     const { pid, cid } = req.body;
-    if (!pid || !cid) return res.send("error");
+    if (!pid || !cid) return res.json({ success: false });
     try {
         await db.query("DELETE FROM profile_comments WHERE user_id = ? AND profile_id = ? AND id = ?", [
             req.session.uid,
             pid,
             cid,
         ]);
+        res.json({ success: true });
     } catch (e) {
         console.error(e);
-        return res.send("error");
+        return res.json({ success: false });
     }
 });
author	LarsVomMars	2020-10-19 19:40:35 +0200
committer	LarsVomMars	2020-10-19 19:40:46 +0200
commit	e2c8fea877c156863dbf84f5593acf02894f56b5 (patch)
tree	7e7b2da5ecd3abf984e41b5e44dc2c6a3197bf48 /profile/index.js
parent	8d540e4d9aaa951b9031b38eb55bf181e04a8ab1 (diff)