feature: rooms and events implemented on the backend

2025-06-27 17:54:04 -07:00 · 2025-06-27 17:54:04 -07:00 · 85024c6e62
commit 85024c6e62
parent df00324e24
29 changed files with 1659 additions and 115 deletions
--- a/public/api/rooms/:room_id/events/:event_id/README.md
+++ b/public/api/rooms/:room_id/events/:event_id/README.md
--- a/public/api/rooms/:room_id/events/:event_id/index.ts
+++ b/public/api/rooms/:room_id/events/:event_id/index.ts
@ -0,0 +1,162 @@
+import { EVENT, EVENTS } from '../../../../../../models/event.ts';
+import { ROOM, ROOMS } from '../../../../../../models/room.ts';
+import parse_body from '../../../../../../utils/bodyparser.ts';
+import * as CANNED_RESPONSES from '../../../../../../utils/canned_responses.ts';
+import { get_session, get_user, PRECHECK_TABLE, require_user } from '../../../../../../utils/prechecks.ts';
+
+export const PRECHECKS: PRECHECK_TABLE = {};
+
+// GET /api/rooms/:room_id/events/:id - Get an event
+PRECHECKS.GET = [get_session, get_user, require_user, async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
+	const room_id: string = meta.params?.room_id?.toLowerCase().trim() ?? '';
+
+	// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
+	const room: ROOM | null = room_id.length === 49 ? await ROOMS.get(room_id) : null;
+
+	if (!room) {
+		return CANNED_RESPONSES.not_found();
+	}
+
+	meta.room = room;
+	const room_is_public = room.permissions.read.length === 0;
+	const user_has_read_for_room = room_is_public || room.permissions.read.includes(meta.user.id);
+	const room_has_public_events = user_has_read_for_room && (room.permissions.read_events.length === 0);
+	const user_has_read_events_for_room = user_has_read_for_room &&
+		(room_has_public_events || room.permissions.read_events.includes(meta.user.id));
+
+	if (!user_has_read_events_for_room) {
+		return CANNED_RESPONSES.permission_denied();
+	}
+}];
+export async function GET(_req: Request, meta: Record<string, any>): Promise<Response> {
+	const event: EVENT | null = await EVENTS.get(meta.params.event_id);
+
+	if (!event) {
+		return CANNED_RESPONSES.not_found();
+	}
+
+	return Response.json(event, {
+		status: 200
+	});
+}
+
+// PUT /api/rooms/:room_id/events/:event_id - Update event
+PRECHECKS.PUT = [
+	get_session,
+	get_user,
+	require_user,
+	(_req: Request, _meta: Record<string, any>): Response | undefined => {
+		if (Deno.env.get('APPEND_ONLY_EVENTS')) {
+			return CANNED_RESPONSES.append_only_events();
+		}
+	},
+	async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
+		const room_id: string = meta.params?.room_id?.toLowerCase().trim() ?? '';
+
+		// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
+		const room: ROOM | null = room_id.length === 49 ? await ROOMS.get(room_id) : null;
+
+		if (!room) {
+			return CANNED_RESPONSES.not_found();
+		}
+
+		meta.room = room;
+		const room_is_public: boolean = meta.room.permissions.read.length === 0;
+		const user_has_read_for_room = room_is_public || meta.room.permissions.read.includes(meta.user.id);
+		const room_events_are_publicly_writable = meta.room.permissions.write_events.length === 0;
+		const user_has_write_events_for_room = user_has_read_for_room &&
+			(room_events_are_publicly_writable || meta.room.permissions.write_events.includes(meta.user.id));
+
+		if (!user_has_write_events_for_room) {
+			return CANNED_RESPONSES.permission_denied();
+		}
+	}
+];
+export async function PUT(req: Request, meta: Record<string, any>): Promise<Response> {
+	const now = new Date().toISOString();
+
+	try {
+		const event: EVENT | null = await EVENTS.get(meta.params.event_id);
+
+		if (!event) {
+			return CANNED_RESPONSES.not_found();
+		}
+
+		if (event.creator_id !== meta.user.id) {
+			return CANNED_RESPONSES.permission_denied();
+		}
+
+		const body = await parse_body(req);
+		const updated = {
+			...event,
+			...body,
+			id: event.id,
+			creator_id: event.creator_id,
+			timestamps: {
+				created: event.timestamps.created,
+				updated: now
+			}
+		};
+
+		await EVENTS.update(updated);
+		return Response.json(updated, {
+			status: 200
+		});
+	} catch (err) {
+		return Response.json({
+			error: {
+				message: (err as Error)?.message ?? 'Unknown error due to invalid data.',
+				cause: (err as Error)?.cause ?? 'invalid_data'
+			}
+		}, {
+			status: 400
+		});
+	}
+}
+
+// DELETE /api/rooms/:room_id/events/:event_id - Delete event
+PRECHECKS.DELETE = [
+	get_session,
+	get_user,
+	require_user,
+	(_req: Request, _meta: Record<string, any>): Response | undefined => {
+		if (Deno.env.get('APPEND_ONLY_EVENTS')) {
+			return CANNED_RESPONSES.append_only_events();
+		}
+	},
+	async (_req: Request, meta: Record<string, any>): Promise<Response | undefined> => {
+		const room_id: string = meta.params?.room_id?.toLowerCase().trim() ?? '';
+
+		// lurid is 49 chars as we use them, eg: "also-play-flow-want-form-wide-thus-work-burn-same"
+		const room: ROOM | null = room_id.length === 49 ? await ROOMS.get(room_id) : null;
+
+		if (!room) {
+			return CANNED_RESPONSES.not_found();
+		}
+
+		meta.room = room;
+		const room_is_public: boolean = meta.room.permissions.read.length === 0;
+		const user_has_read_for_room = room_is_public || meta.room.permissions.read.includes(meta.user.id);
+		const room_events_are_publicly_writable = meta.room.permissions.write_events.length === 0;
+		const user_has_write_events_for_room = user_has_read_for_room &&
+			(room_events_are_publicly_writable || meta.room.permissions.write_events.includes(meta.user.id));
+
+		if (!user_has_write_events_for_room) {
+			return CANNED_RESPONSES.permission_denied();
+		}
+	}
+];
+export async function DELETE(_req: Request, meta: Record<string, any>): Promise<Response> {
+	const event: EVENT | null = await EVENTS.get(meta.params.event_id);
+	if (!event) {
+		return CANNED_RESPONSES.not_found();
+	}
+
+	await EVENTS.delete(event);
+
+	return Response.json({
+		deleted: true
+	}, {
+		status: 200
+	});
+}