generated from nhcarrigan/template
feat: bunch of work done here, got comments and edit and delete
This commit is contained in:
@@ -25,6 +25,7 @@ model Game {
|
||||
coverImage String?
|
||||
createdAt DateTime @default(now())
|
||||
updatedAt DateTime @updatedAt
|
||||
comments Comment[]
|
||||
}
|
||||
|
||||
enum GameStatus {
|
||||
@@ -46,6 +47,7 @@ model Book {
|
||||
coverImage String?
|
||||
createdAt DateTime @default(now())
|
||||
updatedAt DateTime @updatedAt
|
||||
comments Comment[]
|
||||
}
|
||||
|
||||
enum BookStatus {
|
||||
@@ -67,6 +69,7 @@ model Music {
|
||||
coverArt String?
|
||||
createdAt DateTime @default(now())
|
||||
updatedAt DateTime @updatedAt
|
||||
comments Comment[]
|
||||
}
|
||||
|
||||
enum MusicType {
|
||||
@@ -90,4 +93,20 @@ model User {
|
||||
isAdmin Boolean @default(false)
|
||||
createdAt DateTime @default(now())
|
||||
updatedAt DateTime @updatedAt
|
||||
comments Comment[]
|
||||
}
|
||||
|
||||
model Comment {
|
||||
id String @id @default(auto()) @map("_id") @db.ObjectId
|
||||
content String
|
||||
userId String @db.ObjectId
|
||||
user User @relation(fields: [userId], references: [id])
|
||||
gameId String? @db.ObjectId
|
||||
game Game? @relation(fields: [gameId], references: [id])
|
||||
bookId String? @db.ObjectId
|
||||
book Book? @relation(fields: [bookId], references: [id])
|
||||
musicId String? @db.ObjectId
|
||||
music Music? @relation(fields: [musicId], references: [id])
|
||||
createdAt DateTime @default(now())
|
||||
updatedAt DateTime @updatedAt
|
||||
}
|
||||
|
||||
@@ -11,6 +11,18 @@ declare module "fastify" {
|
||||
}
|
||||
}
|
||||
|
||||
declare module "@fastify/jwt" {
|
||||
interface FastifyJWT {
|
||||
user: {
|
||||
id: string;
|
||||
username: string;
|
||||
email?: string;
|
||||
avatar?: string;
|
||||
isAdmin: boolean;
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
const authPlugin: FastifyPluginAsync = async (app) => {
|
||||
// Register JWT plugin
|
||||
app.register(fastifyJwt, {
|
||||
@@ -19,6 +31,14 @@ const authPlugin: FastifyPluginAsync = async (app) => {
|
||||
cookieName: "auth-token",
|
||||
signed: false,
|
||||
},
|
||||
formatUser: (payload: { sub: string; email?: string; username: string; isAdmin: boolean }) => {
|
||||
return {
|
||||
id: payload.sub,
|
||||
email: payload.email,
|
||||
username: payload.username,
|
||||
isAdmin: payload.isAdmin,
|
||||
};
|
||||
},
|
||||
});
|
||||
|
||||
// Register cookie plugin
|
||||
|
||||
@@ -5,12 +5,14 @@
|
||||
*/
|
||||
|
||||
import { FastifyPluginAsync } from "fastify";
|
||||
import { Book, CreateBookDto, UpdateBookDto } from "@library/shared-types";
|
||||
import { Book, CreateBookDto, UpdateBookDto, Comment, CreateCommentDto } from "@library/shared-types";
|
||||
import { BookService } from "../../services/book.service";
|
||||
import { CommentService } from "../../services/comment.service";
|
||||
import { adminGuard } from "../../middleware/admin-guard";
|
||||
|
||||
const booksRoutes: FastifyPluginAsync = async (app) => {
|
||||
const bookService = new BookService();
|
||||
const commentService = new CommentService();
|
||||
|
||||
/**
|
||||
* Get all books (public route).
|
||||
@@ -75,6 +77,47 @@ const booksRoutes: FastifyPluginAsync = async (app) => {
|
||||
return { success: true };
|
||||
}
|
||||
);
|
||||
|
||||
/**
|
||||
* Get comments for a book (public route).
|
||||
*/
|
||||
app.get<{ Params: { id: string }; Reply: Comment[] }>(
|
||||
"/:id/comments",
|
||||
async (request) => {
|
||||
const { id } = request.params;
|
||||
return commentService.getCommentsForBook(id);
|
||||
}
|
||||
);
|
||||
|
||||
/**
|
||||
* Add comment to a book (authenticated users).
|
||||
*/
|
||||
app.post<{ Params: { id: string }; Body: CreateCommentDto; Reply: Comment }>(
|
||||
"/:id/comments",
|
||||
{
|
||||
preValidation: [app.authenticate],
|
||||
},
|
||||
async (request) => {
|
||||
const { id } = request.params;
|
||||
const userId = request.user.id;
|
||||
return commentService.createCommentForBook(id, userId, request.body);
|
||||
}
|
||||
);
|
||||
|
||||
/**
|
||||
* Delete comment (admin only).
|
||||
*/
|
||||
app.delete<{ Params: { id: string; commentId: string }; Reply: { success: boolean } }>(
|
||||
"/:id/comments/:commentId",
|
||||
{
|
||||
preValidation: [app.authenticate, adminGuard],
|
||||
},
|
||||
async (request) => {
|
||||
const { commentId } = request.params;
|
||||
await commentService.deleteComment(commentId);
|
||||
return { success: true };
|
||||
}
|
||||
);
|
||||
};
|
||||
|
||||
export default booksRoutes;
|
||||
@@ -5,12 +5,14 @@
|
||||
*/
|
||||
|
||||
import { FastifyPluginAsync } from "fastify";
|
||||
import { Game, CreateGameDto, UpdateGameDto } from "@library/shared-types";
|
||||
import { Game, CreateGameDto, UpdateGameDto, Comment, CreateCommentDto } from "@library/shared-types";
|
||||
import { GameService } from "../../services/game.service";
|
||||
import { CommentService } from "../../services/comment.service";
|
||||
import { adminGuard } from "../../middleware/admin-guard";
|
||||
|
||||
const gamesRoutes: FastifyPluginAsync = async (app) => {
|
||||
const gameService = new GameService();
|
||||
const commentService = new CommentService();
|
||||
|
||||
// Get all games (public route)
|
||||
app.get<{ Reply: Game[] }>("/", async () => {
|
||||
@@ -65,6 +67,41 @@ const gamesRoutes: FastifyPluginAsync = async (app) => {
|
||||
return { success: true };
|
||||
}
|
||||
);
|
||||
|
||||
// Get comments for a game (public route)
|
||||
app.get<{ Params: { id: string }; Reply: Comment[] }>(
|
||||
"/:id/comments",
|
||||
async (request) => {
|
||||
const { id } = request.params;
|
||||
return commentService.getCommentsForGame(id);
|
||||
}
|
||||
);
|
||||
|
||||
// Add comment to a game (authenticated users)
|
||||
app.post<{ Params: { id: string }; Body: CreateCommentDto; Reply: Comment }>(
|
||||
"/:id/comments",
|
||||
{
|
||||
preValidation: [app.authenticate],
|
||||
},
|
||||
async (request) => {
|
||||
const { id } = request.params;
|
||||
const userId = request.user.id;
|
||||
return commentService.createCommentForGame(id, userId, request.body);
|
||||
}
|
||||
);
|
||||
|
||||
// Delete comment (admin only)
|
||||
app.delete<{ Params: { id: string; commentId: string }; Reply: { success: boolean } }>(
|
||||
"/:id/comments/:commentId",
|
||||
{
|
||||
preValidation: [app.authenticate, adminGuard],
|
||||
},
|
||||
async (request) => {
|
||||
const { commentId } = request.params;
|
||||
await commentService.deleteComment(commentId);
|
||||
return { success: true };
|
||||
}
|
||||
);
|
||||
};
|
||||
|
||||
export default gamesRoutes;
|
||||
@@ -5,12 +5,14 @@
|
||||
*/
|
||||
|
||||
import { FastifyPluginAsync } from "fastify";
|
||||
import { Music, CreateMusicDto, UpdateMusicDto } from "@library/shared-types";
|
||||
import { Music, CreateMusicDto, UpdateMusicDto, Comment, CreateCommentDto } from "@library/shared-types";
|
||||
import { MusicService } from "../../services/music.service";
|
||||
import { CommentService } from "../../services/comment.service";
|
||||
import { adminGuard } from "../../middleware/admin-guard";
|
||||
|
||||
const musicRoutes: FastifyPluginAsync = async (app) => {
|
||||
const musicService = new MusicService();
|
||||
const commentService = new CommentService();
|
||||
|
||||
/**
|
||||
* Get all music (public route).
|
||||
@@ -75,6 +77,47 @@ const musicRoutes: FastifyPluginAsync = async (app) => {
|
||||
return { success: true };
|
||||
}
|
||||
);
|
||||
|
||||
/**
|
||||
* Get comments for a music item (public route).
|
||||
*/
|
||||
app.get<{ Params: { id: string }; Reply: Comment[] }>(
|
||||
"/:id/comments",
|
||||
async (request) => {
|
||||
const { id } = request.params;
|
||||
return commentService.getCommentsForMusic(id);
|
||||
}
|
||||
);
|
||||
|
||||
/**
|
||||
* Add comment to a music item (authenticated users).
|
||||
*/
|
||||
app.post<{ Params: { id: string }; Body: CreateCommentDto; Reply: Comment }>(
|
||||
"/:id/comments",
|
||||
{
|
||||
preValidation: [app.authenticate],
|
||||
},
|
||||
async (request) => {
|
||||
const { id } = request.params;
|
||||
const userId = request.user.id;
|
||||
return commentService.createCommentForMusic(id, userId, request.body);
|
||||
}
|
||||
);
|
||||
|
||||
/**
|
||||
* Delete comment (admin only).
|
||||
*/
|
||||
app.delete<{ Params: { id: string; commentId: string }; Reply: { success: boolean } }>(
|
||||
"/:id/comments/:commentId",
|
||||
{
|
||||
preValidation: [app.authenticate, adminGuard],
|
||||
},
|
||||
async (request) => {
|
||||
const { commentId } = request.params;
|
||||
await commentService.deleteComment(commentId);
|
||||
return { success: true };
|
||||
}
|
||||
);
|
||||
};
|
||||
|
||||
export default musicRoutes;
|
||||
@@ -22,7 +22,7 @@ export class BookService {
|
||||
|
||||
return books.map((book) => ({
|
||||
...book,
|
||||
status: book.status.toLowerCase() as BookStatus,
|
||||
status: book.status as unknown as BookStatus,
|
||||
dateAdded: book.dateAdded,
|
||||
dateFinished: book.dateFinished || undefined,
|
||||
createdAt: book.createdAt,
|
||||
@@ -42,7 +42,7 @@ export class BookService {
|
||||
|
||||
return {
|
||||
...book,
|
||||
status: book.status.toLowerCase() as BookStatus,
|
||||
status: book.status as unknown as BookStatus,
|
||||
dateAdded: book.dateAdded,
|
||||
dateFinished: book.dateFinished || undefined,
|
||||
createdAt: book.createdAt,
|
||||
@@ -63,7 +63,7 @@ export class BookService {
|
||||
|
||||
return {
|
||||
...book,
|
||||
status: book.status.toLowerCase() as BookStatus,
|
||||
status: book.status as unknown as BookStatus,
|
||||
dateAdded: book.dateAdded,
|
||||
dateFinished: book.dateFinished || undefined,
|
||||
createdAt: book.createdAt,
|
||||
@@ -87,7 +87,7 @@ export class BookService {
|
||||
|
||||
return {
|
||||
...book,
|
||||
status: book.status.toLowerCase() as BookStatus,
|
||||
status: book.status as unknown as BookStatus,
|
||||
dateAdded: book.dateAdded,
|
||||
dateFinished: book.dateFinished || undefined,
|
||||
createdAt: book.createdAt,
|
||||
|
||||
@@ -0,0 +1,154 @@
|
||||
/**
|
||||
* @copyright 2026 NHCarrigan
|
||||
* @license Naomi's Public License
|
||||
* @author Naomi Carrigan
|
||||
*/
|
||||
|
||||
import { Comment, CreateCommentDto } from "@library/shared-types";
|
||||
import { prisma } from "../lib/prisma";
|
||||
import createDOMPurify from "dompurify";
|
||||
import { JSDOM } from "jsdom";
|
||||
import { marked } from "marked";
|
||||
|
||||
const window = new JSDOM("").window;
|
||||
const DOMPurify = createDOMPurify(window);
|
||||
|
||||
// Add hook to sanitise links - prevent javascript: URLs and add security attributes
|
||||
DOMPurify.addHook("afterSanitizeAttributes", (node) => {
|
||||
if (node.tagName === "A") {
|
||||
const href = node.getAttribute("href") || "";
|
||||
// Block javascript:, data:, and vbscript: URLs
|
||||
if (/^(javascript|data|vbscript):/i.test(href)) {
|
||||
node.removeAttribute("href");
|
||||
} else {
|
||||
// Add security attributes to external links
|
||||
node.setAttribute("target", "_blank");
|
||||
node.setAttribute("rel", "noopener noreferrer nofollow");
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
export class CommentService {
|
||||
private prisma = prisma;
|
||||
|
||||
constructor() {}
|
||||
|
||||
private sanitizeMarkdown(content: string): string {
|
||||
const html = marked.parse(content, { async: false }) as string;
|
||||
return DOMPurify.sanitize(html, {
|
||||
ALLOWED_TAGS: [
|
||||
"p", "br", "strong", "em", "b", "i", "u", "s", "strike",
|
||||
"h1", "h2", "h3", "h4", "h5", "h6",
|
||||
"ul", "ol", "li",
|
||||
"blockquote", "code", "pre",
|
||||
"a", "hr",
|
||||
],
|
||||
ALLOWED_ATTR: ["href", "target", "rel"],
|
||||
ALLOW_DATA_ATTR: false,
|
||||
ADD_ATTR: ["target", "rel"],
|
||||
FORCE_BODY: true,
|
||||
});
|
||||
}
|
||||
|
||||
private mapComment(comment: any): Comment {
|
||||
return {
|
||||
id: comment.id,
|
||||
content: comment.content,
|
||||
userId: comment.userId,
|
||||
user: {
|
||||
id: comment.user.id,
|
||||
username: comment.user.username,
|
||||
avatar: comment.user.avatar || undefined,
|
||||
},
|
||||
gameId: comment.gameId || undefined,
|
||||
bookId: comment.bookId || undefined,
|
||||
musicId: comment.musicId || undefined,
|
||||
createdAt: comment.createdAt,
|
||||
updatedAt: comment.updatedAt,
|
||||
};
|
||||
}
|
||||
|
||||
async getCommentsForGame(gameId: string): Promise<Comment[]> {
|
||||
const comments = await this.prisma.comment.findMany({
|
||||
where: { gameId },
|
||||
include: { user: true },
|
||||
orderBy: { createdAt: "desc" },
|
||||
});
|
||||
return comments.map((c) => this.mapComment(c));
|
||||
}
|
||||
|
||||
async getCommentsForBook(bookId: string): Promise<Comment[]> {
|
||||
const comments = await this.prisma.comment.findMany({
|
||||
where: { bookId },
|
||||
include: { user: true },
|
||||
orderBy: { createdAt: "desc" },
|
||||
});
|
||||
return comments.map((c) => this.mapComment(c));
|
||||
}
|
||||
|
||||
async getCommentsForMusic(musicId: string): Promise<Comment[]> {
|
||||
const comments = await this.prisma.comment.findMany({
|
||||
where: { musicId },
|
||||
include: { user: true },
|
||||
orderBy: { createdAt: "desc" },
|
||||
});
|
||||
return comments.map((c) => this.mapComment(c));
|
||||
}
|
||||
|
||||
async createCommentForGame(
|
||||
gameId: string,
|
||||
userId: string,
|
||||
data: CreateCommentDto
|
||||
): Promise<Comment> {
|
||||
const sanitizedContent = this.sanitizeMarkdown(data.content);
|
||||
const comment = await this.prisma.comment.create({
|
||||
data: {
|
||||
content: sanitizedContent,
|
||||
userId,
|
||||
gameId,
|
||||
},
|
||||
include: { user: true },
|
||||
});
|
||||
return this.mapComment(comment);
|
||||
}
|
||||
|
||||
async createCommentForBook(
|
||||
bookId: string,
|
||||
userId: string,
|
||||
data: CreateCommentDto
|
||||
): Promise<Comment> {
|
||||
const sanitizedContent = this.sanitizeMarkdown(data.content);
|
||||
const comment = await this.prisma.comment.create({
|
||||
data: {
|
||||
content: sanitizedContent,
|
||||
userId,
|
||||
bookId,
|
||||
},
|
||||
include: { user: true },
|
||||
});
|
||||
return this.mapComment(comment);
|
||||
}
|
||||
|
||||
async createCommentForMusic(
|
||||
musicId: string,
|
||||
userId: string,
|
||||
data: CreateCommentDto
|
||||
): Promise<Comment> {
|
||||
const sanitizedContent = this.sanitizeMarkdown(data.content);
|
||||
const comment = await this.prisma.comment.create({
|
||||
data: {
|
||||
content: sanitizedContent,
|
||||
userId,
|
||||
musicId,
|
||||
},
|
||||
include: { user: true },
|
||||
});
|
||||
return this.mapComment(comment);
|
||||
}
|
||||
|
||||
async deleteComment(commentId: string): Promise<void> {
|
||||
await this.prisma.comment.delete({
|
||||
where: { id: commentId },
|
||||
});
|
||||
}
|
||||
}
|
||||
@@ -22,7 +22,7 @@ export class GameService {
|
||||
|
||||
return games.map((game) => ({
|
||||
...game,
|
||||
status: game.status.toLowerCase() as GameStatus,
|
||||
status: game.status as unknown as GameStatus,
|
||||
dateAdded: game.dateAdded,
|
||||
dateCompleted: game.dateCompleted || undefined,
|
||||
createdAt: game.createdAt,
|
||||
@@ -42,7 +42,7 @@ export class GameService {
|
||||
|
||||
return {
|
||||
...game,
|
||||
status: game.status.toLowerCase() as GameStatus,
|
||||
status: game.status as unknown as GameStatus,
|
||||
dateAdded: game.dateAdded,
|
||||
dateCompleted: game.dateCompleted || undefined,
|
||||
createdAt: game.createdAt,
|
||||
@@ -63,7 +63,7 @@ export class GameService {
|
||||
|
||||
return {
|
||||
...game,
|
||||
status: game.status.toLowerCase() as GameStatus,
|
||||
status: game.status as unknown as GameStatus,
|
||||
dateAdded: game.dateAdded,
|
||||
dateCompleted: game.dateCompleted || undefined,
|
||||
createdAt: game.createdAt,
|
||||
@@ -87,7 +87,7 @@ export class GameService {
|
||||
|
||||
return {
|
||||
...game,
|
||||
status: game.status.toLowerCase() as GameStatus,
|
||||
status: game.status as unknown as GameStatus,
|
||||
dateAdded: game.dateAdded,
|
||||
dateCompleted: game.dateCompleted || undefined,
|
||||
createdAt: game.createdAt,
|
||||
|
||||
@@ -22,8 +22,8 @@ export class MusicService {
|
||||
|
||||
return musicItems.map((music) => ({
|
||||
...music,
|
||||
type: music.type.toLowerCase() as MusicType,
|
||||
status: music.status.toLowerCase() as MusicStatus,
|
||||
type: music.type as unknown as MusicType,
|
||||
status: music.status as unknown as MusicStatus,
|
||||
dateAdded: music.dateAdded,
|
||||
dateCompleted: music.dateCompleted || undefined,
|
||||
createdAt: music.createdAt,
|
||||
@@ -43,8 +43,8 @@ export class MusicService {
|
||||
|
||||
return {
|
||||
...music,
|
||||
type: music.type.toLowerCase() as MusicType,
|
||||
status: music.status.toLowerCase() as MusicStatus,
|
||||
type: music.type as unknown as MusicType,
|
||||
status: music.status as unknown as MusicStatus,
|
||||
dateAdded: music.dateAdded,
|
||||
dateCompleted: music.dateCompleted || undefined,
|
||||
createdAt: music.createdAt,
|
||||
@@ -66,8 +66,8 @@ export class MusicService {
|
||||
|
||||
return {
|
||||
...music,
|
||||
type: music.type.toLowerCase() as MusicType,
|
||||
status: music.status.toLowerCase() as MusicStatus,
|
||||
type: music.type as unknown as MusicType,
|
||||
status: music.status as unknown as MusicStatus,
|
||||
dateAdded: music.dateAdded,
|
||||
dateCompleted: music.dateCompleted || undefined,
|
||||
createdAt: music.createdAt,
|
||||
@@ -94,8 +94,8 @@ export class MusicService {
|
||||
|
||||
return {
|
||||
...music,
|
||||
type: music.type.toLowerCase() as MusicType,
|
||||
status: music.status.toLowerCase() as MusicStatus,
|
||||
type: music.type as unknown as MusicType,
|
||||
status: music.status as unknown as MusicStatus,
|
||||
dateAdded: music.dateAdded,
|
||||
dateCompleted: music.dateCompleted || undefined,
|
||||
createdAt: music.createdAt,
|
||||
|
||||
Reference in New Issue
Block a user