mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-14 13:17:24 +01:00
38b39b600c
* create Admin Panel page with initial content from Hall's admin section * reorganise Admin Panel form and add more accordians * add lastCron to fields returned by api.getHeroes * improve timestamps and authentication section * add party and quest info to Admin Panel, add party to heroAdminFields * move Admin Panel menu item to top of menu, make invisible to non-admins * remove code used for displaying all Heroes * add avatar appearance and drops section in Admin Panel * allow logged-in user to be the default hero loaded * add time zones to timestamp/authentication section * rename Items to Update Items This will allow a new Items section to be added. * add read-only Items display with button to copy data to Update Items section * remove never-used allItemsPaths code that had been copied from Hall * update tests for the attributes added to heroAdminFields * supply names for items and also set information for gear/equipment * remove code that loads subsections of content We use enough of the content that it's easier to load it all and access it through the content object, especially when we're looping through different item types. * add gear names and set details to Avatar Costume/Battle Gear section * make the wiki URLs clickable and make minor item format improvements * add gear sets for Check-In Incentives and animal ears and tails * add gear set for Gold-Purchasable Quest Lines Also merges the existing Mystery of the Masterclassers quest set into it. * fix error with Kickstarter gear set and include wiki link * improve description of check-in incentive gear set * fix description of Items section * fix lint warnings * update another test for the attributes added to heroAdminFields * allow "@" to be included when specifying Username to load * create GetHeroParty API v3 route to fetch a given user's party data Only some data from the party will be loaded (e.g., not private data such as name, description). Includes tests for the route. See the next commit for front-end changes that use this. * display data from a given user's party in admin panel Only some data from the party will be loaded (e.g., not private data such as name, description). Also adds support for finding and displaying errors from the user's data. * use new error handling method for other sections - Time zone differences - Cron bugs - Privilege removal (mute/block) - not a bug but needs to be highlighted * redirect non-admin users away from admin-only page (WIP) This needs more work. Currently, admin users are also redirected if they access the page by direct URL or after reload. * clarify source of items from Check-In Incentives and Lunar Battle quests * replace non-standard form fields with HTML forms * add user's language, remove unused export blocks * convert functions to filters: formatDate, formatTimeZone * improve display of minutes portion of time zone in Admin Panel * move basic details about user to a new component * move Timestamp/Cron/Auth/etc details to a new component - WIP, has errors The automatic expand and error warnings don't reset themselves when you fetch data for a new user. * replace non-standard form fields with HTML forms Most of this was done in26fdcbbee5* move Timestamp/Cron/Auth/etc details to a new component (fixed) * move Avatar and Drops section to a new component * move Party and Quest section to a new component * move Contributor Details to new component, add checkbox for admin, add preview This adds a markdown-enabled preview of the Contributions textarea. It also removes the code that automatically set contributor.admin to true when the Tier was above 7. That feature wasn't secure because the Tier can be accidentally changed if you scroll while the cursor is over the Tier form field (we accidentally demoted a Socialite once by doing that and if we'd scrolled in the other direction we would have given her admin privileges). Instead there's now a checkbox for giving moderator-level privileges. We'll want that anyway when we move to a system of selected privileges for each admin instead of all admin privileges being given to all mods/staff. There's also a commented-out checkbox for giving Bailey CMS privileges, for when we're ready to use that. The User model doesn't yet have support for it. * move Privileges and Gems section to a new component * rename formatItems to getItemDescription; make other minor fixes * remove an outdated test description This "pended" explanation probably wasn't needed after "x" was removed from "describe" in2ab76db27c* add newsPoster Bailey CMS permission to User model and Admin Panel * move formatDate from mixins to filters * make lint fixes * remove development comments from hall.js I'll be handling the TODO comment and I've left in my "XXX" marker to remind me * fix bug in Hall's castItemVal: mounts are null not false * move Items section to a new component and delete Update Items section The Update Items section is no longer needed because the new Items component has in-place editing. * remove unused imports * add "secret" field to "Privileges, Gem Balance" section. Also move the markdownPreview style from contributorDetails.vue to index.vue since it's used in two components now. * show non-Standard never-owned Pets and Mounts in Items section * redirect non-admin users away from admin-only page This completes the work started in commita4f9c754adIt now allows admins to access the page when coming from another page on the site or from a direct link, including if the admin user isn't logged in yet. * display memberCount for party * add secret.text field to Contributor Details This is in addition to showing it in the Privileges section because the secret text could be about either troublesome behaviour or contributions. * allow user to be loaded into Admin Panel via a URL This includes: - router config has a child route for the admin panel with a Username/ID as a parameter - loadHero code moved from top-level index page into a new "user support" index page - links in the Hall changed to point to admin panel route - admin panel link added to admin section of user profile modal * keep list of known titles on their own lines * sort heroFields alphabetically No actual changes. * return all flags for use in Admin Panel and fix Hall tests for flags Future Admin Panel changes will display more flags. NB 'flags' wasn't in the tests before, even though two optional flags were being fetched. The tests weren't failing because the test users hadn't been given data for those optional flags. The primary reason for this change now is to fix the tests. * show part of the API Token in the Admin Panel * send full hero object into cronAndAuth.vue This is a prelude to allowing this component to change the hero. * split heroAdminFields string into two: one for fetching data and one for showing it This is because apiToken must be fetched but not shown, while apiTokenObscured is calculated (not fetched) and shown. * let admin change a user's API Token * restore sanity * remove code to show obscured version of API Token It will return with tighter permissions for viewing it. * add Custom Day Start time (CDS) to Timestamps, Time Zone... section * commit lint's automatic fixes - one for admin-panel changes in hall.js The other fixes aren't related to this PR but I figured they may as well go live. * apply fixes from paglias's comments, excluding style/CSS changesd The comments that this PR fixes start at https://github.com/HabitRPG/habitica/pull/12035#pullrequestreview-500422316 Style fixes will be in a future commit. * fix styles/CSS * allow profile modal to close when using admin panel link Also removes an empty components block. * prevent Admin Panel being used without new userSupport privilege Also adds initial support for other contributor.priv privileges and changes Debug Menu to add userSupport privilege * don't do this: this.hero = { ...hero }; * enhance quest error messages * redirect to admin-panel home page when using "Save and Clear Data" The user's ID / name is still in the form for easy refetching. * create ensurePriv function, use in api.getHeroParty * fix lint problems and integration tests * add page title to top-level Admin Panel Also add more details to a router comment (consistent with a similar comment) in case it helps anyone. * fix tests * display Moderation Notes above Contributions * lint fix * remove placeholder code for new privileges I had planned to have each of these implemented in stages, but paglias wanted it all done at once. I'm afraid that's too big a project for me to take on in a single PR so I'm cancelling the plans for adjusting the privileges. * Improve permission handling * Don't report timezone error on first day * fix lint error * . * Fix lint error * fix failing tests * Fix more tests * . * .. * ... * fix(admin): always include permissions when querying user also remove unnecessary failing test case * permission improvements * show transactions in admin panel * fix lint errors * fix permission check * fix(panel): missing mixin, handle empty perms object Co-authored-by: Alys <alice.harris@oldgods.net> Co-authored-by: SabreCat <sabe@habitica.com>
575 lines
20 KiB
JavaScript
575 lines
20 KiB
JavaScript
import nconf from 'nconf';
|
|
import { authWithHeaders } from '../../middlewares/auth';
|
|
import { model as Group } from '../../models/group';
|
|
import { model as User } from '../../models/user';
|
|
import {
|
|
chatModel as Chat,
|
|
sanitizeText as sanitizeMessageText,
|
|
} from '../../models/message';
|
|
import common from '../../../common';
|
|
import {
|
|
BadRequest,
|
|
NotFound,
|
|
NotAuthorized,
|
|
} from '../../libs/errors';
|
|
import { removeFromArray } from '../../libs/collectionManipulators';
|
|
import { getUserInfo, getGroupUrl, sendTxn } from '../../libs/email';
|
|
import * as slack from '../../libs/slack';
|
|
import { chatReporterFactory } from '../../libs/chatReporting/chatReporterFactory';
|
|
import { getAuthorEmailFromMessage } from '../../libs/chat';
|
|
import bannedWords from '../../libs/bannedWords';
|
|
import { getMatchesByWordArray } from '../../libs/stringUtils';
|
|
import bannedSlurs from '../../libs/bannedSlurs';
|
|
import apiError from '../../libs/apiError';
|
|
import highlightMentions from '../../libs/highlightMentions';
|
|
|
|
const FLAG_REPORT_EMAILS = nconf.get('FLAG_REPORT_EMAIL').split(',').map(email => ({ email, canSend: true }));
|
|
|
|
/**
|
|
* @apiDefine MessageNotFound
|
|
* @apiError (404) {NotFound} MessageNotFound The specified message could not be found.
|
|
*/
|
|
|
|
/**
|
|
* @apiDefine GroupIdRequired
|
|
* @apiError (400) {badRequest} groupIdRequired A group ID is required
|
|
*/
|
|
|
|
/**
|
|
* @apiDefine ChatIdRequired
|
|
* @apiError (400) {badRequest} chatIdRequired A chat ID is required
|
|
*/
|
|
|
|
/**
|
|
* @apiDefine MessageIdRequired
|
|
* @apiError (400) {badRequest} messageIdRequired A message ID is required
|
|
*/
|
|
|
|
const api = {};
|
|
|
|
function textContainsBannedSlur (message) {
|
|
const bannedSlursMatched = getMatchesByWordArray(message, bannedSlurs);
|
|
return bannedSlursMatched.length > 0;
|
|
}
|
|
|
|
/**
|
|
* @api {get} /api/v3/groups/:groupId/chat Get chat messages from a group
|
|
* @apiName GetChat
|
|
* @apiGroup Chat
|
|
* @apiDescription Fetches an array of messages from a group
|
|
*
|
|
* @apiParam (Path) {String} groupId The group _id ('party' for the user party and
|
|
* 'habitrpg' for tavern are accepted).
|
|
*
|
|
* @apiSuccess {Array} data An array of <a href='https://github.com/HabitRPG/habitica/blob/develop/website/server/models/group.js#L51' target='_blank'>chat messages</a>
|
|
*
|
|
* @apiUse GroupNotFound
|
|
* @apiUse GroupIdRequired
|
|
*/
|
|
api.getChat = {
|
|
method: 'GET',
|
|
url: '/groups/:groupId/chat',
|
|
middlewares: [authWithHeaders()],
|
|
async handler (req, res) {
|
|
const { user } = res.locals;
|
|
|
|
req.checkParams('groupId', apiError('groupIdRequired')).notEmpty();
|
|
|
|
const validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
const { groupId } = req.params;
|
|
const group = await Group.getGroup({ user, groupId, fields: 'chat' });
|
|
if (!group) throw new NotFound(res.t('groupNotFound'));
|
|
|
|
const groupChat = await Group.toJSONCleanChat(group, user);
|
|
res.respond(200, groupChat.chat);
|
|
},
|
|
};
|
|
|
|
function getBannedWordsFromText (message) {
|
|
return getMatchesByWordArray(message, bannedWords);
|
|
}
|
|
|
|
/**
|
|
* @api {post} /api/v3/groups/:groupId/chat Post chat message to a group
|
|
* @apiName PostChat
|
|
* @apiGroup Chat
|
|
* @apiDescription Posts a chat message to a group
|
|
*
|
|
* @apiParam (Path) {UUID} groupId The group _id ('party' for the user party and 'habitrpg'
|
|
* for tavern are accepted)
|
|
* @apiParam (Body) {String} message Message The message to post
|
|
* @apiParam (Query) {UUID} previousMsg The previous chat message's UUID which will
|
|
* force a return of the full group chat.
|
|
*
|
|
* @apiUse GroupNotFound
|
|
* @apiUse GroupIdRequired
|
|
* @apiError (400) {NotAuthorized} chatPriviledgesRevoked You cannot do that because
|
|
* your chat privileges have been revoked.
|
|
*/
|
|
api.postChat = {
|
|
method: 'POST',
|
|
url: '/groups/:groupId/chat',
|
|
middlewares: [authWithHeaders()],
|
|
async handler (req, res) {
|
|
const { user } = res.locals;
|
|
const { groupId } = req.params;
|
|
|
|
req.checkParams('groupId', apiError('groupIdRequired')).notEmpty();
|
|
req.sanitize('message').trim();
|
|
req.checkBody('message', res.t('messageGroupChatBlankMessage')).notEmpty();
|
|
|
|
const validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
const group = await Group.getGroup({ user, groupId });
|
|
|
|
// Check message for banned slurs
|
|
if (textContainsBannedSlur(req.body.message)) {
|
|
const { message } = req.body;
|
|
user.flags.chatRevoked = true;
|
|
await user.save();
|
|
|
|
// Email the mods
|
|
const authorEmail = getUserInfo(user, ['email']).email;
|
|
const groupUrl = getGroupUrl(group);
|
|
|
|
const report = [
|
|
{ name: 'MESSAGE_TIME', content: (new Date()).toString() },
|
|
{ name: 'MESSAGE_TEXT', content: message },
|
|
|
|
{ name: 'AUTHOR_USERNAME', content: user.profile.name },
|
|
{ name: 'AUTHOR_UUID', content: user._id },
|
|
{ name: 'AUTHOR_EMAIL', content: authorEmail },
|
|
{ name: 'AUTHOR_MODAL_URL', content: `/profile/${user._id}` },
|
|
|
|
{ name: 'GROUP_NAME', content: group.name },
|
|
{ name: 'GROUP_TYPE', content: group.type },
|
|
{ name: 'GROUP_ID', content: group._id },
|
|
{ name: 'GROUP_URL', content: groupUrl },
|
|
];
|
|
|
|
sendTxn(FLAG_REPORT_EMAILS, 'slur-report-to-mods', report);
|
|
|
|
// Slack the mods
|
|
slack.sendSlurNotification({
|
|
authorEmail,
|
|
author: user,
|
|
group,
|
|
message,
|
|
});
|
|
|
|
throw new BadRequest(res.t('bannedSlurUsed'));
|
|
}
|
|
|
|
if (!group) throw new NotFound(res.t('groupNotFound'));
|
|
|
|
if (group.privacy === 'public' && user.flags.chatRevoked) {
|
|
throw new NotAuthorized(res.t('chatPrivilegesRevoked'));
|
|
}
|
|
|
|
// prevent banned words being posted, except in private guilds/parties
|
|
// and in certain public guilds with specific topics
|
|
if (group.privacy === 'public' && !group.bannedWordsAllowed) {
|
|
const matchedBadWords = getBannedWordsFromText(req.body.message);
|
|
if (matchedBadWords.length > 0) {
|
|
throw new BadRequest(res.t('bannedWordUsed', { swearWordsUsed: matchedBadWords.join(', ') }));
|
|
}
|
|
}
|
|
|
|
const chatRes = await Group.toJSONCleanChat(group, user);
|
|
const lastClientMsg = req.query.previousMsg;
|
|
const chatUpdated = !!(
|
|
lastClientMsg && group.chat && group.chat[0] && group.chat[0].id !== lastClientMsg
|
|
);
|
|
|
|
if (group.checkChatSpam(user)) {
|
|
throw new NotAuthorized(res.t('messageGroupChatSpam'));
|
|
}
|
|
|
|
const sanitizedMessageText = sanitizeMessageText(req.body.message);
|
|
const [message, mentions, mentionedMembers] = await highlightMentions(sanitizedMessageText);
|
|
let client = req.headers['x-client'] || '3rd Party';
|
|
if (client) {
|
|
client = client.replace('habitica-', '');
|
|
}
|
|
|
|
let flagCount = 0;
|
|
if (group.privacy === 'public' && user.flags.chatShadowMuted) {
|
|
flagCount = common.constants.CHAT_FLAG_FROM_SHADOW_MUTE;
|
|
|
|
// Email the mods
|
|
const authorEmail = getUserInfo(user, ['email']).email;
|
|
const groupUrl = getGroupUrl(group);
|
|
|
|
const report = [
|
|
{ name: 'MESSAGE_TIME', content: (new Date()).toString() },
|
|
{ name: 'MESSAGE_TEXT', content: message },
|
|
|
|
{ name: 'AUTHOR_USERNAME', content: user.profile.name },
|
|
{ name: 'AUTHOR_UUID', content: user._id },
|
|
{ name: 'AUTHOR_EMAIL', content: authorEmail },
|
|
{ name: 'AUTHOR_MODAL_URL', content: `/profile/${user._id}` },
|
|
|
|
{ name: 'GROUP_NAME', content: group.name },
|
|
{ name: 'GROUP_TYPE', content: group.type },
|
|
{ name: 'GROUP_ID', content: group._id },
|
|
{ name: 'GROUP_URL', content: groupUrl },
|
|
];
|
|
|
|
sendTxn(FLAG_REPORT_EMAILS, 'shadow-muted-post-report-to-mods', report);
|
|
|
|
// Slack the mods
|
|
slack.sendShadowMutedPostNotification({
|
|
authorEmail,
|
|
author: user,
|
|
group,
|
|
message,
|
|
});
|
|
}
|
|
|
|
const newChatMessage = group.sendChat({
|
|
message,
|
|
user,
|
|
flagCount,
|
|
metaData: null,
|
|
client,
|
|
translate: res.t,
|
|
mentions,
|
|
mentionedMembers,
|
|
});
|
|
const toSave = [newChatMessage.save()];
|
|
|
|
if (group.type === 'party') {
|
|
user.party.lastMessageSeen = newChatMessage.id;
|
|
toSave.push(user.save());
|
|
}
|
|
|
|
await Promise.all(toSave);
|
|
|
|
const analyticsObject = {
|
|
uuid: user._id,
|
|
hitType: 'event',
|
|
category: 'behavior',
|
|
groupType: group.type,
|
|
privacy: group.privacy,
|
|
headers: req.headers,
|
|
};
|
|
|
|
if (mentions) {
|
|
analyticsObject.mentionsCount = mentions.length;
|
|
} else {
|
|
analyticsObject.mentionsCount = 0;
|
|
}
|
|
if (group.privacy === 'public') {
|
|
analyticsObject.groupName = group.name;
|
|
}
|
|
|
|
if (chatUpdated) {
|
|
res.respond(200, { chat: chatRes.chat });
|
|
} else {
|
|
res.respond(200, { message: newChatMessage });
|
|
}
|
|
},
|
|
};
|
|
|
|
/**
|
|
* @api {post} /api/v3/groups/:groupId/chat/:chatId/like Like a group chat message
|
|
* @apiName LikeChat
|
|
* @apiGroup Chat
|
|
* @apiDescription Likes a chat message from a group
|
|
*
|
|
* @apiParam (Path) {UUID} groupId The group _id ('party' for the user party and 'habitrpg'
|
|
* for tavern are accepted).
|
|
* @apiParam (Path) {UUID} chatId The chat message _id
|
|
*
|
|
* @apiSuccess {Object} data The liked <a href='https://github.com/HabitRPG/habitica/blob/develop/website/server/models/group.js#L51' target='_blank'>chat message</a>
|
|
*
|
|
* @apiUse GroupNotFound
|
|
* @apiUse MessageNotFound
|
|
* @apiUse GroupIdRequired
|
|
* @apiUse ChatIdRequired
|
|
* @apiError (400) {NotFound} messageGroupChatLikeOwnMessage A user can't like their own message
|
|
*/
|
|
api.likeChat = {
|
|
method: 'POST',
|
|
url: '/groups/:groupId/chat/:chatId/like',
|
|
middlewares: [authWithHeaders()],
|
|
async handler (req, res) {
|
|
const { user } = res.locals;
|
|
const { groupId } = req.params;
|
|
|
|
req.checkParams('groupId', apiError('groupIdRequired')).notEmpty();
|
|
req.checkParams('chatId', apiError('chatIdRequired')).notEmpty();
|
|
|
|
const validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
const group = await Group.getGroup({ user, groupId });
|
|
if (!group) throw new NotFound(res.t('groupNotFound'));
|
|
|
|
const message = await Chat.findOne({ _id: req.params.chatId }).exec();
|
|
if (!message) throw new NotFound(res.t('messageGroupChatNotFound'));
|
|
// @TODO correct this error type
|
|
if (message.uuid === user._id) throw new NotFound(res.t('messageGroupChatLikeOwnMessage'));
|
|
|
|
if (!message.likes) message.likes = {};
|
|
message.likes[user._id] = !message.likes[user._id];
|
|
message.markModified('likes');
|
|
await message.save();
|
|
|
|
res.respond(200, message); // TODO what if the message is flagged and shouldn't be returned?
|
|
},
|
|
};
|
|
|
|
/**
|
|
* @api {post} /api/v3/groups/:groupId/chat/:chatId/flag Flag a group chat message
|
|
* @apiDescription A message will be hidden from chat if two or more users flag a message.
|
|
* It will be hidden immediately if a moderator flags the message.
|
|
* An email is sent to the moderators about every flagged message.
|
|
* @apiName FlagChat
|
|
* @apiGroup Chat
|
|
*
|
|
* @apiParam (Path) {UUID} groupId The group id ('party' for the user party and 'habitrpg'
|
|
* for tavern are accepted)
|
|
* @apiParam (Path) {UUID} chatId The chat message id
|
|
* @apiParam (Body) {String} [comment] explain why the message was flagged
|
|
*
|
|
* @apiSuccess {Object} data The flagged chat message
|
|
* @apiSuccess {UUID} data.id The id of the message
|
|
* @apiSuccess {String} data.text The text of the message
|
|
* @apiSuccess {Number} data.timestamp The timestamp of the message in milliseconds
|
|
* @apiSuccess {Object} data.likes The likes of the message
|
|
* @apiSuccess {Object} data.flags The flags of the message
|
|
* @apiSuccess {Number} data.flagCount The number of flags the message has
|
|
* @apiSuccess {UUID} data.uuid The User ID of the author of the message
|
|
* @apiSuccess {String} data.user The username of the author of the message
|
|
*
|
|
* @apiUse GroupNotFound
|
|
* @apiUse MessageNotFound
|
|
* @apiUse GroupIdRequired
|
|
* @apiUse ChatIdRequired
|
|
* @apiError (404) {NotFound} AlreadyFlagged Chat messages cannot be flagged
|
|
more than once by a user
|
|
* @apiError (404) {NotFound} messageGroupChatFlagAlreadyReported The message
|
|
has already been flagged.
|
|
*/
|
|
api.flagChat = {
|
|
method: 'POST',
|
|
url: '/groups/:groupId/chat/:chatId/flag',
|
|
middlewares: [authWithHeaders()],
|
|
async handler (req, res) {
|
|
const chatReporter = chatReporterFactory('Group', req, res);
|
|
const message = await chatReporter.flag();
|
|
res.respond(200, message);
|
|
},
|
|
};
|
|
|
|
/**
|
|
* @api {post} /api/v3/groups/:groupId/chat/:chatId/clearflags Clear flags
|
|
* @apiDescription Resets the flag count on a chat message.
|
|
* Retains the id of the user's that have flagged the message. (Only visible to moderators)
|
|
* @apiPermission Admin
|
|
* @apiName ClearFlags
|
|
* @apiGroup Chat
|
|
*
|
|
* @apiParam (Path) {UUID} groupId The group id ('party' for the user party and 'habitrpg'
|
|
* for tavern are accepted)
|
|
* @apiParam (Path) {UUID} chatId The chat message id
|
|
*
|
|
* @apiSuccess {Object} data An empty object
|
|
*
|
|
* @apiUse GroupNotFound
|
|
* @apiUse MessageNotFound
|
|
* @apiUse GroupIdRequired
|
|
* @apiUse ChatIdRequired
|
|
* @apiError (404) {NotAuthorized} MustBeAdmin Must be a moderator to use this route
|
|
*/
|
|
api.clearChatFlags = {
|
|
method: 'Post',
|
|
url: '/groups/:groupId/chat/:chatId/clearflags',
|
|
middlewares: [authWithHeaders()],
|
|
async handler (req, res) {
|
|
const { user } = res.locals;
|
|
const { groupId } = req.params;
|
|
const { chatId } = req.params;
|
|
|
|
req.checkParams('groupId', apiError('groupIdRequired')).notEmpty();
|
|
req.checkParams('chatId', apiError('chatIdRequired')).notEmpty();
|
|
|
|
const validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
if (!user.hasPermission('moderator')) {
|
|
throw new NotAuthorized(res.t('messageGroupChatAdminClearFlagCount'));
|
|
}
|
|
|
|
const group = await Group.getGroup({
|
|
user,
|
|
groupId,
|
|
optionalMembership: user.hasPermission('moderator'),
|
|
});
|
|
if (!group) throw new NotFound(res.t('groupNotFound'));
|
|
|
|
const message = await Chat.findOne({ _id: chatId }).exec();
|
|
if (!message) throw new NotFound(res.t('messageGroupChatNotFound'));
|
|
|
|
message.flagCount = 0;
|
|
await message.save();
|
|
|
|
const adminEmailContent = getUserInfo(user, ['email']).email;
|
|
const authorEmail = getAuthorEmailFromMessage(message);
|
|
const groupUrl = getGroupUrl(group);
|
|
|
|
sendTxn(FLAG_REPORT_EMAILS, 'unflag-report-to-mods', [
|
|
{ name: 'MESSAGE_TIME', content: (new Date(message.timestamp)).toString() },
|
|
{ name: 'MESSAGE_TEXT', content: message.text },
|
|
|
|
{ name: 'ADMIN_USERNAME', content: user.profile.name },
|
|
{ name: 'ADMIN_UUID', content: user._id },
|
|
{ name: 'ADMIN_EMAIL', content: adminEmailContent },
|
|
{ name: 'ADMIN_MODAL_URL', content: `/profile/${user._id}` },
|
|
|
|
{ name: 'AUTHOR_USERNAME', content: message.user },
|
|
{ name: 'AUTHOR_UUID', content: message.uuid },
|
|
{ name: 'AUTHOR_EMAIL', content: authorEmail },
|
|
{ name: 'AUTHOR_MODAL_URL', content: `/profile/${message.uuid}` },
|
|
|
|
{ name: 'GROUP_NAME', content: group.name },
|
|
{ name: 'GROUP_TYPE', content: group.type },
|
|
{ name: 'GROUP_ID', content: group._id },
|
|
{ name: 'GROUP_URL', content: groupUrl },
|
|
]);
|
|
|
|
res.respond(200, {});
|
|
},
|
|
};
|
|
|
|
/**
|
|
* @api {post} /api/v3/groups/:groupId/chat/seen Mark all messages as read for a group
|
|
* @apiName SeenChat
|
|
* @apiGroup Chat
|
|
*
|
|
* @apiParam (Path) {UUID} groupId The group _id ('party' for the user party and 'habitrpg'
|
|
* for tavern are accepted)
|
|
*
|
|
* @apiSuccess {Object} data An empty object
|
|
* @apiUse GroupIdRequired
|
|
*/
|
|
api.seenChat = {
|
|
method: 'POST',
|
|
url: '/groups/:groupId/chat/seen',
|
|
middlewares: [authWithHeaders()],
|
|
async handler (req, res) {
|
|
const { user } = res.locals;
|
|
const { groupId } = req.params;
|
|
|
|
req.checkParams('groupId', apiError('groupIdRequired')).notEmpty();
|
|
|
|
const validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
// Do not validate group existence,
|
|
// it doesn't really matter and make it works if the group gets deleted
|
|
// let group = await Group.getGroup({user, groupId});
|
|
// if (!group) throw new NotFound(res.t('groupNotFound'));
|
|
|
|
const update = {
|
|
$unset: {},
|
|
$pull: {},
|
|
};
|
|
update.$unset[`newMessages.${groupId}`] = true;
|
|
|
|
update.$pull.notifications = {
|
|
type: 'NEW_CHAT_MESSAGE',
|
|
'data.group.id': groupId,
|
|
};
|
|
|
|
// Remove from response
|
|
user.notifications = user.notifications.filter(n => {
|
|
if (n && n.type === 'NEW_CHAT_MESSAGE' && n.data && n.data.group && n.data.group.id === groupId) {
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
});
|
|
|
|
// Update the user version field manually,
|
|
// it cannot be updated in the pre update hook
|
|
// See https://github.com/HabitRPG/habitica/pull/9321#issuecomment-354187666 for more info
|
|
user._v += 1;
|
|
|
|
await User.update({ _id: user._id }, update).exec();
|
|
res.respond(200, {});
|
|
},
|
|
};
|
|
|
|
/**
|
|
* @api {delete} /api/v3/groups/:groupId/chat/:chatId Delete chat message from a group
|
|
* @apiName DeleteChat
|
|
* @apiGroup Chat
|
|
* @apiDescription Delete's a chat message from a group
|
|
*
|
|
* @apiParam (Query) {UUID} previousMsg The last message's ID fetched by the
|
|
* client so that the whole chat will be returned only
|
|
* if new messages have been posted in the meantime.
|
|
* @apiParam (Path) {UUID} groupId The group _id ('party' for the user party and 'habitrpg'
|
|
* for tavern are accepted).
|
|
* @apiParam (Path) {UUID} chatId The chat message id
|
|
*
|
|
* @apiSuccess data The updated chat array or an empty object if no message was posted
|
|
* after previousMsg.
|
|
* @apiSuccess {Object} data An empty object when the previous message was deleted
|
|
*
|
|
* @apiUse GroupNotFound
|
|
* @apiUse MessageNotFound
|
|
* @apiUse GroupIdRequired
|
|
* @apiUse ChatIdRequired
|
|
* @apiError (400) onlyCreatorOrAdminCanDeleteChat Only the creator of the message and admins
|
|
can delete a chat message.
|
|
*/
|
|
api.deleteChat = {
|
|
method: 'DELETE',
|
|
url: '/groups/:groupId/chat/:chatId',
|
|
middlewares: [authWithHeaders()],
|
|
async handler (req, res) {
|
|
const { user } = res.locals;
|
|
const { groupId } = req.params;
|
|
const { chatId } = req.params;
|
|
|
|
req.checkParams('groupId', apiError('groupIdRequired')).notEmpty();
|
|
req.checkParams('chatId', apiError('chatIdRequired')).notEmpty();
|
|
|
|
const validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
const group = await Group.getGroup({ user, groupId, fields: 'chat' });
|
|
if (!group) throw new NotFound(res.t('groupNotFound'));
|
|
|
|
const message = await Chat.findOne({ _id: chatId }).exec();
|
|
if (!message) throw new NotFound(res.t('messageGroupChatNotFound'));
|
|
|
|
if (user._id !== message.uuid && !user.hasPermission('moderator')) {
|
|
throw new NotAuthorized(res.t('onlyCreatorOrAdminCanDeleteChat'));
|
|
}
|
|
|
|
const chatRes = await Group.toJSONCleanChat(group, user);
|
|
const lastClientMsg = req.query.previousMsg;
|
|
const chatUpdated = !!(
|
|
lastClientMsg && group.chat && group.chat[0] && group.chat[0].id !== lastClientMsg
|
|
);
|
|
|
|
await Chat.remove({ _id: message._id }).exec();
|
|
|
|
if (chatUpdated) {
|
|
removeFromArray(chatRes.chat, { id: chatId });
|
|
res.respond(200, chatRes.chat);
|
|
} else {
|
|
res.respond(200, {});
|
|
}
|
|
},
|
|
};
|
|
|
|
export default api;
|