f0bm/src/inc/routes/apiv2/index.mjs

import db from '../../sql.mjs';
import lib from '../../lib.mjs';
import search from '../../routeinc/search.mjs';

const allowedMimes = [ "audio", "image", "video", "%" ];
export default router => {
  router.group(/^\/api\/v2/, group => {
    group.get(/$/, (req, res) => {
      res.end("api lol");
    });

    group.get(/\/random(\/user\/.+|\/image|\/video|\/audio)?$/, async (req, res) => {
      const user = req.url.split[3] === "user" ? req.url.split[4] : "%";
      const mime = (allowedMimes.filter(n => req.url.split[3]?.startsWith(n))[0] ? req.url.split[3] : "") + "%";
  
      const rows = await db`
        select *
        from "items"
        where mime ilike ${mime}
        and username ilike ${user}
        order by random()
        limit 1
      `;
  
      return res.json({
        success: rows.length > 0,
        items: rows.length > 0 ? rows[0] : []
      });
    });
  
    group.get(/\/p\/([0-9]+)/, async (req, res) => { // legacy
      let eps = 100;
      let id = +req.url.split[3];
  
      const rows = await db`
        select *
        from "items"
        where id < ${+id}
        order by id desc
        limit ${+eps}
      `;
  
      const items = {
        items: rows,
        last: rows[rows.length - 1].id
      };
  
      return res.json({
        success: true,
        items
      });
    });
  
    group.get(/\/item\/[0-9]+$/, async (req, res) => {
      const id = +req.url.split[3];
  
      const item = await db`
        select *
        from "items"
        where id = ${+id}
        limit 1
      `;
      const next = await db`
        select id
        from "items"
        where id > ${+id}
        order by id
        limit 1
      `;
      const prev = await db`
        select id
        from "items"
        where id < ${+id}
        order by id desc
        limit 1
      `;
  
      if(item.length === 0) {
        return res.json({
          success: false,
          msg: 'no items found'
        });
      }
  
      const rows = {
        ...item[0],
        ...{
          next: next[0]?.id ?? null,
          prev: prev[0]?.id ?? null
        }
      };

      return res.json({
        success: true,
        rows
      });
    });
  
    group.get(/\/user\/.*(\/\d+)?$/, async (req, res) => {
      const user = req.url.split[3];
      const eps = +req.url.split[4] || 50;
  
      const rows = db`
        select id, mime, size, src, stamp, userchannel, username, usernetwork
        from "items"
        where username = ${user}
        order by stamp desc
        limit ${+eps}
      `;
        
      return res.json({
        success: rows.length > 0,
        items: rows.length > 0 ? rows : []
      });
    });

    // tags lol

    group.put(/\/admin\/tags\/(?<tagname>.*)/, lib.auth, async (req, res) => {
      if(!req.params.tagname || !req.post.newtag) {
        return res.json({
          success: false,
          msg: 'missing tagname or newtag',
          debug: {
            params: req.params.tagname,
            post: req.post
          }
        }, 400); // bad request
      }

      const tagname = decodeURIComponent(req.params.tagname);
      const newtag = req.post.newtag;

      if(['sfw', 'nsfw'].includes(tagname) || ['sfw', 'nsfw'].includes(newtag)) {
        return res.json({
          msg: 'f0ck you'
        }, 405); // method not allowed
      }

      const tmptag = (await db`
        select *
        from "tags"
        where tag = ${tagname}
        limit 1
      `)[0];
      
      if(!tmptag) {
        return res.json({
          success: false,
          msg: 'no tag found'
        }, 404); // not found
      }

      const q = (await db`
          update "tags" set ${
            db({
              tag: newtag
            }, 'tag')
          }
          where tag = ${tagname}
          returning *
      `)?.[0];

      return res.json(q, tagname === newtag ? 200 : 201); // created (modified)
    });

    group.get(/\/admin\/tags\/suggest$/, lib.auth, async (req, res) => {
      const reply = {
        success: false,
        suggestions: {}
      };

      const searchString = req.url.qs.q;

      if(searchString?.length <= 1) {
        reply.error = 'too short lol';
        return res.json(reply);
      }

      try {
        const q = await db`
          select tag, count(tags_assign.tag_id) as tagged
          from "tags"
          left join "tags_assign" on "tags_assign".tag_id = "tags".id
          where normalized like '%' || slugify(${searchString}) || '%'
          group by "tags".id
          order by tagged desc
          limit 15
        `;
        reply.success = true;
        reply.suggestions = search(q, searchString);
      } catch(err) {
        reply.error = err.msg;
      }

      return res.json(reply);
    });

    group.post(/\/admin\/deletepost$/, lib.auth, async (req, res) => {
      if(!req.post.postid) {
        return res.json({
          success: false,
          msg: 'no postid'
        });
      }
      const postid = +req.post.postid;
  
      await db`
        delete from "items"
        where id = ${+postid}
      `;

      res.json({
        success: true
      });
    });

    group.post(/\/admin\/togglefav$/, lib.auth, async (req, res) => {
      const postid = +req.post.postid;
      
      let favs = await db`
        select user_id
        from "favorites"
        where item_id = ${+postid}
      `;

      if(Object.values(favs).filter(u => u.user_id === req.session.id)[0]) {
        // del fav
        await db`
          delete from "favorites"
          where user_id = ${+req.session.id}
          and item_id = ${+postid}
        `;
      }
      else {
        // add fav
        await db`
          insert into "favorites" ${
            db({
              item_id: +postid,
              user_id: +req.session.id
            }, 'item_id', 'user_id')
          }
        `;
      }

      favs = await db`
        select "user".user, "user_options".avatar
        from "favorites"
        left join "user" on "user".id = "favorites".user_id
        left join "user_options" on "user_options".user_id = "favorites".user_id
        where "favorites".item_id = ${+postid}
      `;

      return res.json({
        success: true,
        itemid: postid,
        favs
      });
    });
  
  });

  return router;
};