diff options
| -rw-r--r-- | COMMANDS.md | 19 | ||||
| -rw-r--r-- | README.md | 4 | ||||
| -rw-r--r-- | db.py | 31 | ||||
| -rw-r--r-- | main.py | 55 |
4 files changed, 105 insertions, 4 deletions
diff --git a/COMMANDS.md b/COMMANDS.md index ffd6c26..fd9d783 100644 --- a/COMMANDS.md +++ b/COMMANDS.md @@ -7,7 +7,7 @@ Register an account. ### Required fields -- string `username`: 1-20 characters, a-z0-9-_ +- string `username`: 1-20 characters, a-z0-9-_. - string `password`: 1-255 characters - string `invite_code`: 16 characters @@ -59,4 +59,19 @@ Create a post. ### Required fields - string `content`: 0-3000 characters - list `replies`: 0-3 items -- list `attachments`: 0-3 items \ No newline at end of file +- list `attachments`: 0-3 items + +## `delete_post` +Delete a post by ID. +*Authentication required.* + +### Required fields +- string `id`: 8-127 characters + +## `edit_post` +Edit a post by ID. +*Authentication required.* + +### Required fields +- string `id`: 8-127 characters +- string `content`: 0-3000 characters \ No newline at end of file diff --git a/README.md b/README.md index 89cc82c..e6620bf 100644 --- a/README.md +++ b/README.md @@ -28,8 +28,8 @@ soktdeer rewrite - [ ] lockdown ### new in helium - [x] database changes -- [ ] message deletion -- [ ] message editing +- [x] message deletion +- [x] message editing - [ ] chat history (v2) - [ ] profiles (v2) - [ ] banners diff --git a/db.py b/db.py index 28f3ba8..01718be 100644 --- a/db.py +++ b/db.py @@ -159,6 +159,37 @@ class posts: return "fail" return True + def remove(post_id): + post = postsd.find_one({"_id": post_id}) + if not post: + return "notExists" + try: + postsd.delete_one({"_id": post_id}) + postsd.update_many( + {"replies": {"$elemMatch": {"_id": post_id}}}, + {"$set": {"replies.$.content": "post deleted"}} + ) + except: + return "fail" + return True + + def edit(post_id, content): + post = postsd.find_one({"_id": post_id}) + if not post: + return "notExists" + try: + postsd.update_one( + {"_id": post_id}, + {"$set": {"content": content}} + ) + postsd.update_many( + {"replies": {"$elemMatch": {"_id": post_id}}}, + {"$set": {"replies.$.content": content}} + ) + except: + return "fail" + return True + class inbox: def get_recent(amount=75): posts = list(inboxd.find().sort("created", -1).limit(amount)) diff --git a/main.py b/main.py index 4998c16..b00ea39 100644 --- a/main.py +++ b/main.py @@ -488,6 +488,61 @@ async def handler(websocket): })) await websocket.send(json.dumps({"error": False, "listener": listener})) continue + elif r["command"] == "delete_post": + fc = util.field_check({"id": range(8,128)}, r) + if fc != True: + await websocket.send(util.error(fc, listener)) + continue + if str(websocket.id) not in client_data: + await websocket.send(util.error("unauthorized", listener)) + continue + data = db.posts.get_by_id(r["id"]) + if type(data) != dict: + await websocket.send(util.error(data, listener)) + continue + username = client_data[str(websocket.id)]["username"] + if data["author"] != username: + if "DELETE" not in db.acc.get_perms(username): + await websocket.send(util.error("unauthorized", listener)) + continue + deleted = db.posts.remove(r["id"]) + if deleted != True: + await websocket.send(util.error(data, listener)) + continue + broadcast(clients, json.dumps({ + "command": "deleted_post", + "_id": r["id"], + "deleted_by_author": data["author"] == username + })) + await websocket.send(json.dumps({"error": False, "listener": listener})) + continue + elif r["command"] == "edit_post": + fc = util.field_check({"id": range(8,128), "content": range(0,3001)}, r) + if fc != True: + await websocket.send(util.error(fc, listener)) + continue + if str(websocket.id) not in client_data: + await websocket.send(util.error("unauthorized", listener)) + continue + data = db.posts.get_by_id(r["id"]) + if type(data) != dict: + await websocket.send(util.error(data, listener)) + continue + username = client_data[str(websocket.id)]["username"] + if data["author"] != username: + await websocket.send(util.error("unauthorized", listener)) + continue + edited = db.posts.edit(r["id"], r["content"]) + if edited != True: + await websocket.send(util.error(data, listener)) + continue + broadcast(clients, json.dumps({ + "command": "edited_post", + "_id": r["id"], + "content": r["content"] + })) + await websocket.send(json.dumps({"error": False, "listener": listener})) + continue elif r["command"] == "ping": pass elif r["command"] in deprecated: |