commento/api/email_moderate.go

89 lines
2.1 KiB
Go
Raw Normal View History

2019-02-19 05:43:18 +08:00
package main
import (
"fmt"
"net/http"
)
func emailModerateHandler(w http.ResponseWriter, r *http.Request) {
unsubscribeSecretHex := r.FormValue("unsubscribeSecretHex")
action := r.FormValue("action")
commentHex := r.FormValue("commentHex")
if commentHex == "" {
fmt.Fprintf(w, "error: invalid commentHex")
return
}
statement := `
SELECT domain, deleted
2019-02-19 05:43:18 +08:00
FROM comments
WHERE commentHex = $1;
`
row := db.QueryRow(statement, commentHex)
var domain string
var deleted bool
if err := row.Scan(&domain, &deleted); err != nil {
2019-02-19 05:43:18 +08:00
// TODO: is this the only error?
fmt.Fprintf(w, "error: no such comment found (perhaps it has been deleted?)")
return
}
if deleted {
fmt.Fprintf(w, "error: that comment has already been deleted")
return
}
e, err := emailGetByUnsubscribeSecretHex(unsubscribeSecretHex)
if err != nil {
fmt.Fprintf(w, "error: %v", err.Error())
return
}
2019-02-19 05:43:18 +08:00
isModerator, err := isDomainModerator(domain, e.Email)
if err != nil {
logger.Errorf("error checking if %s is a moderator: %v", e.Email, err)
fmt.Fprintf(w, "error: %v", errorInternal)
2019-02-19 05:43:18 +08:00
return
}
if !isModerator {
fmt.Fprintf(w, "error: you're not a moderator for that domain")
return
}
// Do not use commenterGetByEmail here because we don't know which provider
// should be used. This was poor design on multiple fronts on my part, but
// let's deal with that later. For now, it suffices to match the
// deleter/approver with any account owned by the same email.
statement = `
SELECT commenterHex
FROM commenters
WHERE email = $1;
`
row = db.QueryRow(statement, e.Email)
var commenterHex string
if err = row.Scan(&commenterHex); err != nil {
logger.Errorf("cannot retrieve commenterHex by email %q: %v", e.Email, err)
fmt.Fprintf(w, "error: %v", errorInternal)
return
}
switch action {
case "approve":
2019-02-19 05:43:18 +08:00
err = commentApprove(commentHex)
case "delete":
err = commentDelete(commentHex, commenterHex)
default:
err = errorInvalidAction
2019-02-19 05:43:18 +08:00
}
if err != nil {
fmt.Fprintf(w, "error: %v", err)
return
}
fmt.Fprintf(w, "comment successfully %sd", action)
}