autonomous.contact/public/api/rooms/:room_id/events/:event_id/index.ts

import { FSDB_COLLECTION } from '@andyburke/fsdb';
import { EVENT, get_events_collection_for_room } from '../../../../../../models/event.ts';
import { ROOM, ROOMS } from '../../../../../../models/room.ts';
import parse_body from '../../../../../../utils/bodyparser.ts';
import * as CANNED_RESPONSES from '../../../../../../utils/canned_responses.ts';
import { get_session, get_user, PRECHECK_TABLE, require_user } from '../../../../../../utils/prechecks.ts';

export const PRECHECKS: PRECHECK_TABLE = {};

// GET /api/rooms/:room_id/events/:id - Get an event
PRECHECKS.GET = [get_session, get_user, require_user, async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
	const room_id: string = meta.params?.room_id?.toLowerCase().trim() ?? '';

	// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
	const room: ROOM | null = room_id.length === 49 ? await ROOMS.get(room_id) : null;

	if (!room) {
		return CANNED_RESPONSES.not_found();
	}

	meta.room = room;
	const room_is_public = room.permissions.read.length === 0;
	const user_has_read_for_room = room_is_public || room.permissions.read.includes(meta.user.id);
	const room_has_public_events = user_has_read_for_room && (room.permissions.read_events.length === 0);
	const user_has_read_events_for_room = user_has_read_for_room &&
		(room_has_public_events || room.permissions.read_events.includes(meta.user.id));

	if (!user_has_read_events_for_room) {
		return CANNED_RESPONSES.permission_denied();
	}
}];
export async function GET(_req: Request, meta: Record<string, any>): Promise<Response> {
	const events: FSDB_COLLECTION<EVENT> = get_events_collection_for_room(meta.room.id);
	const event: EVENT | null = await events.get(meta.params.event_id);

	if (!event) {
		return CANNED_RESPONSES.not_found();
	}

	return Response.json(event, {
		status: 200
	});
}

// PUT /api/rooms/:room_id/events/:event_id - Update event
PRECHECKS.PUT = [
	get_session,
	get_user,
	require_user,
	(_req: Request, _meta: Record<string, any>): Response | undefined => {
		if (Deno.env.get('APPEND_ONLY_EVENTS')) {
			return CANNED_RESPONSES.append_only_events();
		}
	},
	async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
		const room_id: string = meta.params?.room_id?.toLowerCase().trim() ?? '';

		// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
		const room: ROOM | null = room_id.length === 49 ? await ROOMS.get(room_id) : null;

		if (!room) {
			return CANNED_RESPONSES.not_found();
		}

		meta.room = room;
		const room_is_public: boolean = meta.room.permissions.read.length === 0;
		const user_has_read_for_room = room_is_public || meta.room.permissions.read.includes(meta.user.id);
		const room_events_are_publicly_writable = meta.room.permissions.write_events.length === 0;
		const user_has_write_events_for_room = user_has_read_for_room &&
			(room_events_are_publicly_writable || meta.room.permissions.write_events.includes(meta.user.id));

		if (!user_has_write_events_for_room) {
			return CANNED_RESPONSES.permission_denied();
		}
	}
];
export async function PUT(req: Request, meta: Record<string, any>): Promise<Response> {
	const now = new Date().toISOString();

	try {
		const events: FSDB_COLLECTION<EVENT> = get_events_collection_for_room(meta.room.id);
		const event: EVENT | null = await events.get(meta.params.event_id);

		if (!event) {
			return CANNED_RESPONSES.not_found();
		}

		if (event.creator_id !== meta.user.id) {
			return CANNED_RESPONSES.permission_denied();
		}

		const body = await parse_body(req);
		const updated = {
			...event,
			...body,
			id: event.id,
			creator_id: event.creator_id,
			timestamps: {
				created: event.timestamps.created,
				updated: now
			}
		};

		await events.update(updated);
		return Response.json(updated, {
			status: 200
		});
	} catch (err) {
		return Response.json({
			error: {
				message: (err as Error)?.message ?? 'Unknown error due to invalid data.',
				cause: (err as Error)?.cause ?? 'invalid_data'
			}
		}, {
			status: 400
		});
	}
}

// DELETE /api/rooms/:room_id/events/:event_id - Delete event
PRECHECKS.DELETE = [
	get_session,
	get_user,
	require_user,
	(_req: Request, _meta: Record<string, any>): Response | undefined => {
		if (Deno.env.get('APPEND_ONLY_EVENTS')) {
			return CANNED_RESPONSES.append_only_events();
		}
	},
	async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
		const room_id: string = meta.params?.room_id?.toLowerCase().trim() ?? '';

		// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
		const room: ROOM | null = room_id.length === 49 ? await ROOMS.get(room_id) : null;

		if (!room) {
			return CANNED_RESPONSES.not_found();
		}

		meta.room = room;
		const room_is_public: boolean = meta.room.permissions.read.length === 0;
		const user_has_read_for_room = room_is_public || meta.room.permissions.read.includes(meta.user.id);
		const room_events_are_publicly_writable = meta.room.permissions.write_events.length === 0;
		const user_has_write_events_for_room = user_has_read_for_room &&
			(room_events_are_publicly_writable || meta.room.permissions.write_events.includes(meta.user.id));

		if (!user_has_write_events_for_room) {
			return CANNED_RESPONSES.permission_denied();
		}
	}
];
export async function DELETE(_req: Request, meta: Record<string, any>): Promise<Response> {
	const events: FSDB_COLLECTION<EVENT> = get_events_collection_for_room(meta.room.id);
	const event: EVENT | null = await events.get(meta.params.event_id);
	if (!event) {
		return CANNED_RESPONSES.not_found();
	}

	await events.delete(event);

	return Response.json({
		deleted: true
	}, {
		status: 200
	});
}