diff --git a/dbTools/post.js b/dbTools/post.js index 7d82ceb..e54546d 100644 --- a/dbTools/post.js +++ b/dbTools/post.js @@ -11,6 +11,14 @@ postDB = (DB)=>{ }); } + DB.removePost = (postid) => { + const _id = DB.ObjectID(postid); + return DB.postCols.deleteOne({_id}).catch((err)=>{ + console.log(err); + return false; + }); + } + DB.newReaction = (postid, profileid, reaction) => { const id = DB.ObjectID(postid); let update = { @@ -147,6 +155,7 @@ postDB = (DB)=>{ DB.getFeed = async (profileId) => { const profile = await DB.getProfile(profileId); + if(!profile) return []; let ids = profile.following.map((id)=>DB.ObjectID(id)); ids.push(DB.ObjectID(profileId)) query = { diff --git a/dbTools/profile.js b/dbTools/profile.js index 87eb716..58e7e3c 100644 --- a/dbTools/profile.js +++ b/dbTools/profile.js @@ -12,6 +12,15 @@ userDB = (DB) => { }); } + DB.removeProfile = (profileid) => { + const _id = DB.ObjectID(profileid); + if (userProfileCache[profileid]) delete userProfileCache[profileid]; + return DB.profileCols.deleteOne({_id}).catch((err)=>{ + console.log(err); + return false; + }); + } + DB.updateProfile = async (profileid, profileObj) => { let tempProfile = profileObj.toObj(); const query = {_id: profileid}; diff --git a/index.js b/index.js index 66fdaa0..6927a1e 100644 --- a/index.js +++ b/index.js @@ -48,10 +48,15 @@ DB.getDB.then((DB)=>{ const sessionChecker = async (req, res, next) => { const session_id = getSessionId(req); const user_sid = getUserId(req); - const profile_id = getProfileId(req); + let profile_id = getProfileId(req); if (session_id && user_sid) { const userInfo = await DB.checkSessionOnDB(session_id, user_sid); req.userInfo = userInfo; + if(!await DB.getProfileCache(profile_id)){ + const latestProfile = await DB.latestProfile(user_sid); + res.cookie('profile_id', latestProfile._id, cookiesOptions); + profile_id = latestProfile._id; + } req.profileInfo = {_id: profile_id} if(!userInfo) return res.redirect('/login'); next(); diff --git a/routes/post.js b/routes/post.js index b43b706..05d73b6 100644 --- a/routes/post.js +++ b/routes/post.js @@ -9,7 +9,12 @@ DB.getDB.then((DB) => { const getProfileId = (req) => { return DB.ObjectID(req.cookies.profile_id || req.query.profile_id || req.body.profile_id); - } + }; + + const postBelongToProfile = (post, profileid) => { + if(!post) return false; + return post.profileid === profileid; + }; router.get("/", async (req, res) => { const profileid = getProfileId(req); @@ -144,6 +149,20 @@ DB.getDB.then((DB) => { }); }); + router.delete("/:id", async (req, res) => { + const profileid = getProfileId(req); + const postId = req.params.id; + const post = await DB.getPost(postId); + if(!postBelongToProfile(post, profileid)) + return res.json({ + status: "This post is not yours." + }); + await DB.removePost(postId); + return res.json({ + status: "ok" + }); + }); + }); module.exports = router \ No newline at end of file diff --git a/routes/profile.js b/routes/profile.js index ac3f15e..9d5e486 100644 --- a/routes/profile.js +++ b/routes/profile.js @@ -16,6 +16,12 @@ DB.getDB.then((DB)=>{ return DB.ObjectID(req.cookies.profile_id || req.query.profile_id || req.body.profile_id); } + const profileBelongsToUser = async (profileid, userid) => { + const profile = await DB.getProfileCache(profileid); + if(!profile) return false; + return profile.userid == (userid + ''); + } + router.get("/mine", async (req, res) => { let userid = req.cookies.user_sid; let profiles = await DB.getUserProfiles(userid); @@ -239,6 +245,19 @@ DB.getDB.then((DB)=>{ }); }); + router.delete("/:id", async (req, res) => { + const profileId = req.params.id; + const userid = getUserId(req); + if(!await profileBelongsToUser(profileId, userid)) + return res.json({ + status: "This profile is not yours." + }); + await DB.removeProfile(profileId); + return res.json({ + status: "ok" + }); + }); + router.get("/:id/follow", async (req, res) => { let followProfileId = req.params.id; const profileid = getProfileId(req);