2023-02-19 06:30:02 +01:00
|
|
|
const Helpers = require('../helpers');
|
2023-02-19 15:19:46 +01:00
|
|
|
const Sequelize = require('../models');
|
2023-02-20 03:43:53 +01:00
|
|
|
const html_escape = require('html-escaper');
|
|
|
|
|
|
|
|
|
|
const send_error = async (req, res, error, data) => {
|
|
|
|
|
res.send(await Helpers.ViewLoader.load('guestbook.pug', {
|
|
|
|
|
current_route: req.originalUrl,
|
|
|
|
|
ip: req.ip,
|
|
|
|
|
errors: error,
|
|
|
|
|
data
|
|
|
|
|
}));
|
|
|
|
|
};
|
2023-02-19 06:30:02 +01:00
|
|
|
|
2023-02-19 08:07:44 +01:00
|
|
|
async function handler(req, res, next) {
|
|
|
|
|
try {
|
2023-02-19 16:12:09 +01:00
|
|
|
|
2023-02-20 03:43:53 +01:00
|
|
|
const errors = req.query.error;
|
|
|
|
|
|
2023-02-19 16:12:09 +01:00
|
|
|
let data = {};
|
|
|
|
|
let sqldata = await Sequelize.Guestbook.findAll({
|
|
|
|
|
where: {
|
|
|
|
|
hidden: false
|
|
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
if (!sqldata) throw new Error('Failed to get guestbook entries');
|
|
|
|
|
|
|
|
|
|
for (let i = 0; i != sqldata.length; i++) {
|
|
|
|
|
data[sqldata[i].id] = sqldata[i];
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-19 08:07:44 +01:00
|
|
|
res.send(await Helpers.ViewLoader.load('guestbook.pug', {
|
|
|
|
|
current_route: req.originalUrl,
|
|
|
|
|
ip: req.ip,
|
2023-02-20 03:43:53 +01:00
|
|
|
data,
|
|
|
|
|
errors
|
2023-02-19 08:07:44 +01:00
|
|
|
}));
|
|
|
|
|
return;
|
|
|
|
|
} catch (err) {
|
|
|
|
|
next(err);
|
|
|
|
|
}
|
2023-02-19 06:30:02 +01:00
|
|
|
}
|
|
|
|
|
|
2023-02-19 16:12:09 +01:00
|
|
|
async function submit(req, res, next) {
|
2023-02-19 08:07:44 +01:00
|
|
|
const { name, email, message } = req.body;
|
|
|
|
|
const hidemail = req.body.hidemail ? (req.body.hidemail == 'on' ? true : false) : false;
|
|
|
|
|
|
2023-02-19 16:12:09 +01:00
|
|
|
let data = await Sequelize.Guestbook.create({
|
|
|
|
|
name,
|
|
|
|
|
email,
|
|
|
|
|
text: message,
|
|
|
|
|
hidemail,
|
|
|
|
|
ip: req.ip,
|
|
|
|
|
hidden: false,
|
|
|
|
|
time: Math.floor(Date.now() / 1000)
|
|
|
|
|
});
|
2023-02-20 03:43:53 +01:00
|
|
|
if (!data) {
|
|
|
|
|
res.send(await Helpers.ViewLoader.load('guestbook.pug', {
|
|
|
|
|
current_route: req.originalUrl,
|
|
|
|
|
ip: req.ip,
|
|
|
|
|
errors: 'Could not create a new record'
|
|
|
|
|
}));
|
|
|
|
|
}
|
2023-02-19 16:12:09 +01:00
|
|
|
|
|
|
|
|
res.redirect('/guestbook#gb_entry_' + data.id);
|
2023-02-19 15:19:46 +01:00
|
|
|
|
2023-02-19 07:05:36 +01:00
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-20 03:43:53 +01:00
|
|
|
async function del(req, res, next) {
|
|
|
|
|
try
|
|
|
|
|
{
|
|
|
|
|
let record = await Sequelize.Guestbook.findAndCountAll({
|
|
|
|
|
where: {id: req.params.id}
|
|
|
|
|
});
|
|
|
|
|
if (record.count == 0) {
|
|
|
|
|
res.redirect('/guestbook');
|
|
|
|
|
}
|
|
|
|
|
const data = record.rows[0];
|
|
|
|
|
if (
|
|
|
|
|
data.ip == req.ip &&
|
|
|
|
|
Math.floor(Date.now() / 1000) - data.time <= (60 * 60 * 24)
|
|
|
|
|
) {
|
|
|
|
|
await Sequelize.Guestbook.update({hidden: true}, {where: {id: req.params.id}})
|
|
|
|
|
res.redirect('/guestbook');
|
|
|
|
|
} else {
|
|
|
|
|
res.redirect('/guestbook?error=' + encodeURIComponent('You don\'t have permission to delete this record.'))
|
|
|
|
|
return
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
catch (err) { next(err); }
|
|
|
|
|
}
|
|
|
|
|
|
2023-02-19 06:30:02 +01:00
|
|
|
module.exports = (router) => {
|
|
|
|
|
router.get('/guestbook', handler);
|
2023-02-19 07:05:36 +01:00
|
|
|
router.post('/guestbook/submit', submit);
|
2023-02-20 03:43:53 +01:00
|
|
|
router.get('/guestbook/del/:id', del);
|
2023-02-19 06:30:02 +01:00
|
|
|
}
|
