add report admin panel

src/routes/admin/reports/+server.ts

@@ -0,0 +1,106 @@
+import type { RequestHandler } from '@sveltejs/kit';
+import { getSession } from '$lib/server/session';
+import { Permissions } from '$lib/permissions';
+import { Admin, Report, User } from '$lib/server/database';
+import type { Attributes } from 'sequelize';
+import { Op } from 'sequelize';
+import { env } from '$env/dynamic/private';
+
+export const POST = (async ({ request, cookies }) => {
+	if (getSession(cookies, { permissions: [Permissions.ReportRead] }) == null) {
+		return new Response(null, {
+			status: 401
+		});
+	}
+
+	const data: {
+		limit: number | null;
+		from: number | null;
+
+		draft: boolean | null;
+		status: 'none' | 'review' | 'reviewed' | null;
+		reporter: string | null;
+		reported: string | null;
+	} = await request.json();
+
+	const reportFindOptions: Attributes<Report> = {};
+	if (data.draft != null) reportFindOptions.draft = data.draft;
+	reportFindOptions.status = data.status == null ? ['none', 'review'] : data.status;
+	if (data.reporter != null) {
+		const reporter_ids = await User.findAll({
+			attributes: ['id'],
+			where: { username: { [Op.like]: `%${data.reporter}%` } }
+		});
+		reportFindOptions.reporter_id = reporter_ids.map((u) => u.id);
+	}
+	if (data.reported != null) {
+		const reported_ids = await User.findAll({
+			attributes: ['id'],
+			where: { username: { [Op.like]: `%${data.reported}%` } }
+		});
+		reportFindOptions.reported_id = reported_ids.map((u) => u.id);
+	}
+	let reports = await Report.findAll({
+		where: reportFindOptions,
+		include: [
+			{ model: User, as: 'reporter' },
+			{ model: User, as: 'reported' },
+			{ model: Admin, as: 'auditor' }
+		],
+		order: ['created_at'],
+		offset: data.from || 0,
+		limit: data.limit || 100
+	});
+	reports = reports.map((r) => {
+		if (r.auditor_id === null && r.status != 'none') {
+			// if the report was edited by the admin account set by the env variable, it has no relation to the admin
+			// table in the database, so it gets manually created here. we just assume that the auditor_id is never null
+			// when not edited by the env admin account
+			r.auditor_id = -1;
+			r.dataValues.auditor = {
+				id: -1,
+				username: env.ADMIN_USER,
+				permissions: new Permissions(Permissions.allPermissions()),
+				createdAt: 0,
+				updatedAt: 0
+			};
+		} else if (r.auditor) {
+			delete r.dataValues.auditor.password;
+		}
+		return r;
+	});
+
+	return new Response(JSON.stringify(reports));
+}) satisfies RequestHandler;
+
+export const PATCH = (async ({ request, cookies }) => {
+	if (getSession(cookies, { permissions: [Permissions.ReportWrite] }) == null) {
+		return new Response(null, {
+			status: 401
+		});
+	}
+
+	const data: {
+		id: number;
+		auditor: number;
+		notice: string | null;
+		statement: string | null;
+		status: 'none' | 'review' | 'reviewed' | null;
+	} = await request.json();
+
+	if (data.id === null || data.auditor === null) return new Response(null, { status: 400 });
+
+	const report = await Report.findOne({ where: { id: data.id } });
+	const admin = await Admin.findOne({ where: { id: data.auditor } });
+	if (report === null || (admin === null && data.auditor != -1))
+		return new Response(null, { status: 400 });
+
+	if (data.notice != null) report.notice = data.notice;
+	if (data.statement != null) report.statement = data.statement;
+	if (data.status != null) report.status = data.status;
+	if (admin != null) report.auditor_id = admin.id;
+
+	await report.save();
+
+	return new Response();
+}) satisfies RequestHandler;