diff --git a/api/email_moderate.go b/api/email_moderate.go new file mode 100644 index 0000000..9c4ba13 --- /dev/null +++ b/api/email_moderate.go @@ -0,0 +1,66 @@ +package main + +import ( + "fmt" + "net/http" +) + +func emailModerateHandler(w http.ResponseWriter, r *http.Request) { + unsubscribeSecretHex := r.FormValue("unsubscribeSecretHex") + e, err := emailGetByUnsubscribeSecretHex(unsubscribeSecretHex) + if err != nil { + fmt.Fprintf(w, "error: %v", err.Error()) + return + } + + action := r.FormValue("action") + if action != "delete" && action != "approve" { + fmt.Fprintf(w, "error: invalid action") + return + } + + commentHex := r.FormValue("commentHex") + if commentHex == "" { + fmt.Fprintf(w, "error: invalid commentHex") + return + } + + statement := ` + SELECT domain + FROM comments + WHERE commentHex = $1; + ` + row := db.QueryRow(statement, commentHex) + + var domain string + if err = row.Scan(&domain); err != nil { + // TODO: is this the only error? + fmt.Fprintf(w, "error: no such comment found (perhaps it has been deleted?)") + return + } + + isModerator, err := isDomainModerator(domain, e.Email) + if err != nil { + logger.Errorf("error checking if %s is a moderator: %v", err) + fmt.Fprintf(w, "error checking if %s is a moderator: %v", err) + return + } + + if !isModerator { + fmt.Fprintf(w, "error: you're not a moderator for that domain") + return + } + + if action == "approve" { + err = commentApprove(commentHex) + } else { + err = commentDelete(commentHex) + } + + if err != nil { + fmt.Fprintf(w, "error: %v", err) + return + } + + fmt.Fprintf(w, "comment successfully %sd", action) +} diff --git a/api/router_api.go b/api/router_api.go index 629845a..3f62f1d 100644 --- a/api/router_api.go +++ b/api/router_api.go @@ -30,6 +30,7 @@ func apiRouterInit(router *mux.Router) error { router.HandleFunc("/api/email/get", emailGetHandler).Methods("POST") router.HandleFunc("/api/email/update", emailUpdateHandler).Methods("POST") + router.HandleFunc("/api/email/moderate", emailModerateHandler).Methods("GET") router.HandleFunc("/api/oauth/google/redirect", googleRedirectHandler).Methods("GET") router.HandleFunc("/api/oauth/google/callback", googleCallbackHandler).Methods("GET") diff --git a/templates/email-notification.txt b/templates/email-notification.txt index edbe18b..c0eb1ee 100644 --- a/templates/email-notification.txt +++ b/templates/email-notification.txt @@ -65,10 +65,10 @@
{{ if eq .Kind "pending-moderation" }} - Approve + Approve {{ end }} {{ if ne .Kind "reply" }} - Delete + Delete {{ end }} Context