107 lines
3.3 KiB
TypeScript
107 lines
3.3 KiB
TypeScript
import type { RequestHandler } from '@sveltejs/kit';
|
|
import { getSession } from '$lib/server/session';
|
|
import { Permissions } from '$lib/permissions';
|
|
import { Admin, Report, User } from '$lib/server/database';
|
|
import type { Attributes } from 'sequelize';
|
|
import { Op } from 'sequelize';
|
|
import { env } from '$env/dynamic/private';
|
|
|
|
export const POST = (async ({ request, cookies }) => {
|
|
if (getSession(cookies, { permissions: [Permissions.ReportRead] }) == null) {
|
|
return new Response(null, {
|
|
status: 401
|
|
});
|
|
}
|
|
|
|
const data: {
|
|
limit: number | null;
|
|
from: number | null;
|
|
|
|
draft: boolean | null;
|
|
status: 'none' | 'review' | 'reviewed' | null;
|
|
reporter: string | null;
|
|
reported: string | null;
|
|
} = await request.json();
|
|
|
|
const reportFindOptions: Attributes<Report> = {};
|
|
if (data.draft != null) reportFindOptions.draft = data.draft;
|
|
reportFindOptions.status = data.status == null ? ['none', 'review'] : data.status;
|
|
if (data.reporter != null) {
|
|
const reporter_ids = await User.findAll({
|
|
attributes: ['id'],
|
|
where: { username: { [Op.like]: `%${data.reporter}%` } }
|
|
});
|
|
reportFindOptions.reporter_id = reporter_ids.map((u) => u.id);
|
|
}
|
|
if (data.reported != null) {
|
|
const reported_ids = await User.findAll({
|
|
attributes: ['id'],
|
|
where: { username: { [Op.like]: `%${data.reported}%` } }
|
|
});
|
|
reportFindOptions.reported_id = reported_ids.map((u) => u.id);
|
|
}
|
|
let reports = await Report.findAll({
|
|
where: reportFindOptions,
|
|
include: [
|
|
{ model: User, as: 'reporter' },
|
|
{ model: User, as: 'reported' },
|
|
{ model: Admin, as: 'auditor' }
|
|
],
|
|
order: ['created_at'],
|
|
offset: data.from || 0,
|
|
limit: data.limit || 100
|
|
});
|
|
reports = reports.map((r) => {
|
|
if (r.auditor_id === null && r.status != 'none') {
|
|
// if the report was edited by the admin account set by the env variable, it has no relation to the admin
|
|
// table in the database, so it gets manually created here. we just assume that the auditor_id is never null
|
|
// when not edited by the env admin account
|
|
r.auditor_id = -1;
|
|
r.dataValues.auditor = {
|
|
id: -1,
|
|
username: env.ADMIN_USER,
|
|
permissions: new Permissions(Permissions.allPermissions()),
|
|
createdAt: 0,
|
|
updatedAt: 0
|
|
};
|
|
} else if (r.auditor) {
|
|
delete r.dataValues.auditor.password;
|
|
}
|
|
return r;
|
|
});
|
|
|
|
return new Response(JSON.stringify(reports));
|
|
}) satisfies RequestHandler;
|
|
|
|
export const PATCH = (async ({ request, cookies }) => {
|
|
if (getSession(cookies, { permissions: [Permissions.ReportWrite] }) == null) {
|
|
return new Response(null, {
|
|
status: 401
|
|
});
|
|
}
|
|
|
|
const data: {
|
|
id: number;
|
|
auditor: number;
|
|
notice: string | null;
|
|
statement: string | null;
|
|
status: 'none' | 'review' | 'reviewed' | null;
|
|
} = await request.json();
|
|
|
|
if (data.id === null || data.auditor === null) return new Response(null, { status: 400 });
|
|
|
|
const report = await Report.findOne({ where: { id: data.id } });
|
|
const admin = await Admin.findOne({ where: { id: data.auditor } });
|
|
if (report === null || (admin === null && data.auditor != -1))
|
|
return new Response(null, { status: 400 });
|
|
|
|
if (data.notice != null) report.notice = data.notice;
|
|
if (data.statement != null) report.statement = data.statement;
|
|
if (data.status != null) report.status = data.status;
|
|
if (admin != null) report.auditor_id = admin.id;
|
|
|
|
await report.save();
|
|
|
|
return new Response();
|
|
}) satisfies RequestHandler;
|