homepage.js/routes/guestbook.js

101 lines
2.7 KiB
JavaScript
Raw Normal View History

2023-02-19 06:30:02 +01:00
const Helpers = require('../helpers');
2023-02-19 15:19:46 +01:00
const Sequelize = require('../models');
2023-02-20 03:43:53 +01:00
const html_escape = require('html-escaper');
const send_error = async (req, res, error, data) => {
res.send(await Helpers.ViewLoader.load('guestbook.pug', {
current_route: req.originalUrl,
ip: req.ip,
errors: error,
data
}));
};
2023-02-19 06:30:02 +01:00
2023-02-19 08:07:44 +01:00
async function handler(req, res, next) {
try {
2023-02-19 16:12:09 +01:00
2023-02-20 03:43:53 +01:00
const errors = req.query.error;
2023-02-20 05:07:48 +01:00
const data = await Sequelize.Guestbook.findAll({
2023-02-19 16:12:09 +01:00
where: {
hidden: false
2023-02-20 03:53:03 +01:00
},
order: [
['id', 'DESC']
]
2023-02-19 16:12:09 +01:00
});
2023-02-20 05:07:48 +01:00
if (!data) throw new Error('Failed to get guestbook entries');
2023-02-19 16:12:09 +01:00
2023-02-19 08:07:44 +01:00
res.send(await Helpers.ViewLoader.load('guestbook.pug', {
current_route: req.originalUrl,
ip: req.ip,
2023-02-20 03:43:53 +01:00
data,
errors
2023-02-19 08:07:44 +01:00
}));
return;
} catch (err) {
next(err);
}
2023-02-19 06:30:02 +01:00
}
2023-02-19 16:12:09 +01:00
async function submit(req, res, next) {
2023-02-19 08:07:44 +01:00
const { name, email, message } = req.body;
const hidemail = req.body.hidemail ? (req.body.hidemail == 'on' ? true : false) : false;
2023-02-20 06:34:26 +01:00
if (message.length >= 512) {
res.redirect('/guestbook?error=' + encodeURIComponent('Maximum length is 512 characters.'));
return;
}
2023-02-19 16:12:09 +01:00
let data = await Sequelize.Guestbook.create({
name,
email,
text: message,
hidemail,
ip: req.ip,
hidden: false,
time: Math.floor(Date.now() / 1000)
});
2023-02-20 03:43:53 +01:00
if (!data) {
res.send(await Helpers.ViewLoader.load('guestbook.pug', {
current_route: req.originalUrl,
ip: req.ip,
errors: 'Could not create a new record'
}));
}
2023-02-19 16:12:09 +01:00
res.redirect('/guestbook#gb_entry_' + data.id);
2023-02-19 15:19:46 +01:00
2023-02-19 07:05:36 +01:00
return;
}
2023-02-20 03:43:53 +01:00
async function del(req, res, next) {
try
{
let record = await Sequelize.Guestbook.findAndCountAll({
where: {id: req.params.id}
});
if (record.count == 0) {
res.redirect('/guestbook');
}
const data = record.rows[0];
if (
data.ip == req.ip &&
Math.floor(Date.now() / 1000) - data.time <= (60 * 60 * 24)
) {
await Sequelize.Guestbook.update({hidden: true}, {where: {id: req.params.id}})
res.redirect('/guestbook');
} else {
res.redirect('/guestbook?error=' + encodeURIComponent('You don\'t have permission to delete this record.'))
return
}
}
catch (err) { next(err); }
}
2023-02-19 06:30:02 +01:00
module.exports = (router) => {
router.get('/guestbook', handler);
2023-02-19 07:05:36 +01:00
router.post('/guestbook/submit', submit);
2023-02-20 03:43:53 +01:00
router.get('/guestbook/del/:id', del);
2023-02-19 06:30:02 +01:00
}