feature: rooms and events implemented on the backend

public/api/rooms/:room_id/events/:event_id/index.ts

@@ -0,0 +1,162 @@
+import { EVENT, EVENTS } from '../../../../../../models/event.ts';
+import { ROOM, ROOMS } from '../../../../../../models/room.ts';
+import parse_body from '../../../../../../utils/bodyparser.ts';
+import * as CANNED_RESPONSES from '../../../../../../utils/canned_responses.ts';
+import { get_session, get_user, PRECHECK_TABLE, require_user } from '../../../../../../utils/prechecks.ts';
+
+export const PRECHECKS: PRECHECK_TABLE = {};
+
+// GET /api/rooms/:room_id/events/:id - Get an event
+PRECHECKS.GET = [get_session, get_user, require_user, async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
+	const room_id: string = meta.params?.room_id?.toLowerCase().trim() ?? '';
+
+	// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
+	const room: ROOM | null = room_id.length === 49 ? await ROOMS.get(room_id) : null;
+
+	if (!room) {
+		return CANNED_RESPONSES.not_found();
+	}
+
+	meta.room = room;
+	const room_is_public = room.permissions.read.length === 0;
+	const user_has_read_for_room = room_is_public || room.permissions.read.includes(meta.user.id);
+	const room_has_public_events = user_has_read_for_room && (room.permissions.read_events.length === 0);
+	const user_has_read_events_for_room = user_has_read_for_room &&
+		(room_has_public_events || room.permissions.read_events.includes(meta.user.id));
+
+	if (!user_has_read_events_for_room) {
+		return CANNED_RESPONSES.permission_denied();
+	}
+}];
+export async function GET(_req: Request, meta: Record<string, any>): Promise<Response> {
+	const event: EVENT | null = await EVENTS.get(meta.params.event_id);
+
+	if (!event) {
+		return CANNED_RESPONSES.not_found();
+	}
+
+	return Response.json(event, {
+		status: 200
+	});
+}
+
+// PUT /api/rooms/:room_id/events/:event_id - Update event
+PRECHECKS.PUT = [
+	get_session,
+	get_user,
+	require_user,
+	(_req: Request, _meta: Record<string, any>): Response | undefined => {
+		if (Deno.env.get('APPEND_ONLY_EVENTS')) {
+			return CANNED_RESPONSES.append_only_events();
+		}
+	},
+	async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
+		const room_id: string = meta.params?.room_id?.toLowerCase().trim() ?? '';
+
+		// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
+		const room: ROOM | null = room_id.length === 49 ? await ROOMS.get(room_id) : null;
+
+		if (!room) {
+			return CANNED_RESPONSES.not_found();
+		}
+
+		meta.room = room;
+		const room_is_public: boolean = meta.room.permissions.read.length === 0;
+		const user_has_read_for_room = room_is_public || meta.room.permissions.read.includes(meta.user.id);
+		const room_events_are_publicly_writable = meta.room.permissions.write_events.length === 0;
+		const user_has_write_events_for_room = user_has_read_for_room &&
+			(room_events_are_publicly_writable || meta.room.permissions.write_events.includes(meta.user.id));
+
+		if (!user_has_write_events_for_room) {
+			return CANNED_RESPONSES.permission_denied();
+		}
+	}
+];
+export async function PUT(req: Request, meta: Record<string, any>): Promise<Response> {
+	const now = new Date().toISOString();
+
+	try {
+		const event: EVENT | null = await EVENTS.get(meta.params.event_id);
+
+		if (!event) {
+			return CANNED_RESPONSES.not_found();
+		}
+
+		if (event.creator_id !== meta.user.id) {
+			return CANNED_RESPONSES.permission_denied();
+		}
+
+		const body = await parse_body(req);
+		const updated = {
+			...event,
+			...body,
+			id: event.id,
+			creator_id: event.creator_id,
+			timestamps: {
+				created: event.timestamps.created,
+				updated: now
+			}
+		};
+
+		await EVENTS.update(updated);
+		return Response.json(updated, {
+			status: 200
+		});
+	} catch (err) {
+		return Response.json({
+			error: {
+				message: (err as Error)?.message ?? 'Unknown error due to invalid data.',
+				cause: (err as Error)?.cause ?? 'invalid_data'
+			}
+		}, {
+			status: 400
+		});
+	}
+}
+
+// DELETE /api/rooms/:room_id/events/:event_id - Delete event
+PRECHECKS.DELETE = [
+	get_session,
+	get_user,
+	require_user,
+	(_req: Request, _meta: Record<string, any>): Response | undefined => {
+		if (Deno.env.get('APPEND_ONLY_EVENTS')) {
+			return CANNED_RESPONSES.append_only_events();
+		}
+	},
+	async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
+		const room_id: string = meta.params?.room_id?.toLowerCase().trim() ?? '';
+
+		// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
+		const room: ROOM | null = room_id.length === 49 ? await ROOMS.get(room_id) : null;
+
+		if (!room) {
+			return CANNED_RESPONSES.not_found();
+		}
+
+		meta.room = room;
+		const room_is_public: boolean = meta.room.permissions.read.length === 0;
+		const user_has_read_for_room = room_is_public || meta.room.permissions.read.includes(meta.user.id);
+		const room_events_are_publicly_writable = meta.room.permissions.write_events.length === 0;
+		const user_has_write_events_for_room = user_has_read_for_room &&
+			(room_events_are_publicly_writable || meta.room.permissions.write_events.includes(meta.user.id));
+
+		if (!user_has_write_events_for_room) {
+			return CANNED_RESPONSES.permission_denied();
+		}
+	}
+];
+export async function DELETE(_req: Request, meta: Record<string, any>): Promise<Response> {
+	const event: EVENT | null = await EVENTS.get(meta.params.event_id);
+	if (!event) {
+		return CANNED_RESPONSES.not_found();
+	}
+
+	await EVENTS.delete(event);
+
+	return Response.json({
+		deleted: true
+	}, {
+		status: 200
+	});
+}

public/api/rooms/:room_id/events/README.md

@@ -0,0 +1,15 @@
+# /api/rooms/:room_id/events/:event_id
+
+Interact with a specific event.
+
+## GET /api/rooms/:room_id/events/:event_id
+
+Get the event specified by the tuple [ `:room_id`, `:event_id` ].
+
+## PUT /api/rooms/:room_id/events/:event_id
+
+Update an event.
+
+## DELETE /api/rooms/:room_id/events/:event_id
+
+Delete an event.

public/api/rooms/:room_id/events/index.ts

@@ -0,0 +1,111 @@
+import lurid from 'jsr:@andyburke/lurid';
+import { get_session, get_user, PRECHECK_TABLE, require_user } from '../../../../../utils/prechecks.ts';
+import { ROOM, ROOMS } from '../../../../../models/room.ts';
+import * as CANNED_RESPONSES from '../../../../../utils/canned_responses.ts';
+import { EVENT, EVENTS } from '../../../../../models/event.ts';
+import parse_body from '../../../../../utils/bodyparser.ts';
+
+export const PRECHECKS: PRECHECK_TABLE = {};
+
+// GET /api/rooms/:room_id/events - get room events
+// query parameters:
+//   partial_id: the partial id subset you would like to match (remember, lurids are lexigraphically sorted)
+PRECHECKS.GET = [get_session, get_user, require_user, async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
+	const room_id: string = meta.params?.room_id?.toLowerCase().trim() ?? '';
+
+	// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
+	const room: ROOM | null = room_id.length === 49 ? await ROOMS.get(room_id) : null;
+
+	if (!room) {
+		return CANNED_RESPONSES.not_found();
+	}
+
+	meta.room = room;
+	const room_is_public: boolean = meta.room.permissions.read.length === 0;
+	const user_has_read_for_room = room_is_public || meta.room.permissions.read.includes(meta.user.id);
+	const room_events_are_public = meta.room.permissions.read_events.length === 0;
+	const user_has_read_events_for_room = user_has_read_for_room &&
+		(room_events_are_public || meta.room.permissions.read_events.includes(meta.user.id));
+
+	if (!user_has_read_events_for_room) {
+		return CANNED_RESPONSES.permission_denied();
+	}
+}];
+export async function GET(_req: Request, meta: Record<string, any>): Promise<Response> {
+	const query: URLSearchParams = meta.query;
+	const partial_id: string | undefined = query.get('partial_id')?.toLowerCase().trim();
+
+	const has_partial_id = typeof partial_id === 'string' && partial_id.length >= 2;
+	if (!has_partial_id) {
+		return Response.json({
+			error: {
+				message: 'You must specify a `partial_id` query parameter.',
+				cause: 'missing_query_parameter'
+			}
+		}, {
+			status: 400
+		});
+	}
+
+	const limit = Math.min(parseInt(query.get('limit') ?? '10'), 100);
+	const events = await EVENTS.all({
+		id_after: partial_id,
+		limit
+	});
+
+	return Response.json(events, {
+		status: 200
+	});
+}
+
+// POST /api/rooms/:room_id/events - Create an event
+PRECHECKS.POST = [get_session, get_user, require_user, async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
+	const room_id: string = meta.params?.room_id?.toLowerCase().trim() ?? '';
+
+	// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
+	const room: ROOM | null = room_id.length === 49 ? await ROOMS.get(room_id) : null;
+
+	if (!room) {
+		return CANNED_RESPONSES.not_found();
+	}
+
+	meta.room = room;
+	const room_is_public: boolean = meta.room.permissions.read.length === 0;
+	const user_has_read_for_room = room_is_public || meta.room.permissions.read.includes(meta.user.id);
+	const room_events_are_publicly_writable = meta.room.permissions.write_events.length === 0;
+	const user_has_write_events_for_room = user_has_read_for_room &&
+		(room_events_are_publicly_writable || meta.room.permissions.write_events.includes(meta.user.id));
+
+	if (!user_has_write_events_for_room) {
+		return CANNED_RESPONSES.permission_denied();
+	}
+}];
+export async function POST(req: Request, meta: Record<string, any>): Promise<Response> {
+	try {
+		const now = new Date().toISOString();
+		const body = await parse_body(req);
+		const new_event: EVENT = {
+			type: 'unknown',
+			...body,
+			id: `${meta.params.room_id}:${lurid()}`,
+			creator_id: meta.user.id,
+			timestamps: {
+				created: now,
+				updated: now
+			}
+		};
+
+		await EVENTS.create(new_event);
+
+		return Response.json(new_event, {
+			status: 201
+		});
+	} catch (error) {
+		return Response.json({
+			error: {
+				message: (error as Error).message ?? 'Unknown Error!',
+				cause: (error as Error).cause ?? 'unknown'
+			}
+		}, { status: 500 });
+	}
+}