4 files changed, 80 insertions, 6 deletions
diff --git a/COMMANDS.md b/COMMANDS.md
index a1bd13b..ffd6c26 100644
--- a/COMMANDS.md
+++ b/COMMANDS.md
@@ -45,6 +45,13 @@ Get the inbox.
 *Authentication required.*
 *No required fields.*
 
+## `get_post`
+Get a post by ID.
+*Authentication required.*
+
+### Required fields
+- string `id`: 8-127 characters
+
 ## `post`
 Create a post.
 *Authentication required.*
diff --git a/README.md b/README.md
index 016a434..89cc82c 100644
--- a/README.md
+++ b/README.md
@@ -23,7 +23,7 @@ soktdeer rewrite
 - [x] bans
 - [x] invite codes
 - [x] kicking
-- [ ] post to inbox
+- [x] post to inbox
 - [ ] support codes
 - [ ] lockdown
 ### new in helium
diff --git a/db.py b/db.py
index 6750e47..bcbf9e2 100644
--- a/db.py
+++ b/db.py
@@ -119,12 +119,29 @@ class posts:
                 i["replies"][incr]["author"] = data
         return posts
     
-    def get_by_id(post_id):
+    def get_by_id(post_id, supply_author=False):
         post = postsd.find_one({"_id": post_id})
         if not post:
             return "notExists"
-        else:
-            return post
+        if supply_author:
+            data = acc.get(post["author"])
+            if type(data) != dict:
+                data = {}
+            else:
+                del data["secure"]
+                del data["profile"]
+            post["author"] = data
+            incr = -1
+            for j in post["replies"]:
+                incr += 1
+                data = acc.get(j["author"])
+                if type(data) != dict:
+                    data = {}
+                else:
+                    del data["secure"]
+                    del data["profile"]
+                post["replies"][incr]["author"] = data
+        return post
 
     def add(data):
         try:
@@ -136,4 +153,11 @@ class posts:
 class inbox:
     def get_recent(amount=75):
         posts = list(inboxd.find().sort("created", -1).limit(amount))
-        return posts
\ No newline at end of file
+        return posts
+    
+    def add(data):
+        try:
+            inboxd.insert_one(data)
+        except Exception as e:
+            return "fail"
+        return True
\ No newline at end of file
diff --git a/main.py b/main.py
index 31035c5..9dd1db4 100644
--- a/main.py
+++ b/main.py
@@ -12,7 +12,7 @@ import secrets
 import time
 from urllib.parse import urlparse
 
-version = "Helium-0.0.0a"
+version = "Helium-1.0.0a"
 attachment_whitelist = ["u.cubeupload.com", "files.catbox.moe", "litter.catbox.moe", "i.ibb.co", "cubeupload.com", "media.tenor.com", "tenor.com", "c.tenor.com", "meower.fraudulent.loan", "fraudulent.loan", "deer.fraudulent.loan"]
 
 addr = "localhost"
@@ -276,6 +276,20 @@ async def handler(websocket):
                 del data["secure"]
                 await websocket.send(json.dumps({"error": False, "user": data, "listener": listener}))
                 continue
+            elif r["command"] == "get_post":
+                fc = util.field_check({"id": range(8,128)}, r)
+                if fc != True:
+                    await websocket.send(util.error(fc, listener))
+                    continue
+                if str(websocket.id) not in client_data:
+                    await websocket.send(util.error("unauthorized", listener))
+                    continue
+                data = db.posts.get_by_id(r["id"], True)
+                if type(data) != dict:
+                    await websocket.send(util.error(data, listener))
+                    continue
+                await websocket.send(json.dumps({"error": False, "post": data, "listener": listener}))
+                continue
             elif r["command"] == "set_property":
                 fc = util.field_check({"property": range(1,64), "value": range(0,2048)}, r)
                 if fc != True:
@@ -388,6 +402,33 @@ async def handler(websocket):
                     continue
                 data = db.inbox.get_recent()
                 await websocket.send(json.dumps({"error": False, "inbox": data, "listener": listener}))
+            elif r["command"] == "post_inbox":
+                fc = util.field_check({"content": range(0,3001), "attachments": range(0,4)}, r)
+                if fc != True:
+                    await websocket.send(util.error(fc, listener))
+                    continue
+                if str(websocket.id) not in client_data:
+                    await websocket.send(util.error("unauthorized", listener))
+                    continue
+                attachments = []
+                for i in r["attachments"]:
+                    if urlparse(i).hostname in attachment_whitelist:
+                        attachments.append(i)
+                if len(r["content"]) == 0 and len(r["attachments"]) == 0:
+                    await websocket.send(util.error("lengthInvalid", listener))
+                    continue
+                data = {
+                    "_id": str(uuid.uuid4()),
+                    "created": round(time.time()),
+                    "content": r["content"],
+                    "attachments": attachments
+                }
+                posted = db.inbox.add(data)
+                if posted != True:
+                    await websocket.send(util.error(fc, listener))
+                    continue
+                await websocket.send(json.dumps({"error": False, "listener": listener}))
+                continue
             elif r["command"] == "post":
                 fc = util.field_check({"content": range(0,3001), "replies": range(0,4), "attachments": range(0,4)}, r)
                 if fc != True:
@@ -427,6 +468,8 @@ async def handler(websocket):
                     "command": "new_post",
                     "data": data
                 }))
+                await websocket.send(json.dumps({"error": False, "listener": listener}))
+                continue
             elif r["command"] == "ping":
                 pass
             elif r["command"] in deprecated: