api: add email moderation

api/email_moderate.go

@@ -0,0 +1,66 @@
+package main
+
+import (
+	"fmt"
+	"net/http"
+)
+
+func emailModerateHandler(w http.ResponseWriter, r *http.Request) {
+	unsubscribeSecretHex := r.FormValue("unsubscribeSecretHex")
+	e, err := emailGetByUnsubscribeSecretHex(unsubscribeSecretHex)
+	if err != nil {
+		fmt.Fprintf(w, "error: %v", err.Error())
+		return
+	}
+
+	action := r.FormValue("action")
+	if action != "delete" && action != "approve" {
+		fmt.Fprintf(w, "error: invalid action")
+		return
+	}
+
+	commentHex := r.FormValue("commentHex")
+	if commentHex == "" {
+		fmt.Fprintf(w, "error: invalid commentHex")
+		return
+	}
+
+	statement := `
+		SELECT domain
+		FROM comments
+		WHERE commentHex = $1;
+	`
+	row := db.QueryRow(statement, commentHex)
+
+	var domain string
+	if err = row.Scan(&domain); err != nil {
+		// TODO: is this the only error?
+		fmt.Fprintf(w, "error: no such comment found (perhaps it has been deleted?)")
+		return
+	}
+
+	isModerator, err := isDomainModerator(domain, e.Email)
+	if err != nil {
+		logger.Errorf("error checking if %s is a moderator: %v", err)
+		fmt.Fprintf(w, "error checking if %s is a moderator: %v", err)
+		return
+	}
+
+	if !isModerator {
+		fmt.Fprintf(w, "error: you're not a moderator for that domain")
+		return
+	}
+
+	if action == "approve" {
+		err = commentApprove(commentHex)
+	} else {
+		err = commentDelete(commentHex)
+	}
+
+	if err != nil {
+		fmt.Fprintf(w, "error: %v", err)
+		return
+	}
+
+	fmt.Fprintf(w, "comment successfully %sd", action)
+}

api/router_api.go

@@ -30,6 +30,7 @@ func apiRouterInit(router *mux.Router) error {
 
 	router.HandleFunc("/api/email/get", emailGetHandler).Methods("POST")
 	router.HandleFunc("/api/email/update", emailUpdateHandler).Methods("POST")
+	router.HandleFunc("/api/email/moderate", emailModerateHandler).Methods("GET")
 
 	router.HandleFunc("/api/oauth/google/redirect", googleRedirectHandler).Methods("GET")
 	router.HandleFunc("/api/oauth/google/callback", googleCallbackHandler).Methods("GET")

templates/email-notification.txt

@@ -65,10 +65,10 @@
         <div class="comment" style="border-radius:2px;width:calc(100% - 32px);padding:16px;margin:8px 0px 8px 0px;border-bottom:1px solid #eee;">
           <div class="options" style="float:right;">
             {{ if eq .Kind "pending-moderation" }}
-                  <a href="{{ $.Origin }}/api/moderate/email?commentHex={{ .CommentHex }}&action=approve&unsubscribeSecretHex={{ $.UnsubscribeSecretHex }}" target="_black" class="option green" style="padding-right:5px;text-transform:uppercase;font-size:12px;font-weight:bold;text-decoration:none;color:#2f9e44;">Approve</a>
+                  <a href="{{ $.Origin }}/api/email/moderate?commentHex={{ .CommentHex }}&action=approve&unsubscribeSecretHex={{ $.UnsubscribeSecretHex }}" target="_black" class="option green" style="padding-right:5px;text-transform:uppercase;font-size:12px;font-weight:bold;text-decoration:none;color:#2f9e44;">Approve</a>
             {{ end }}
                 {{ if ne .Kind "reply" }}
-                  <a href="{{ $.Origin }}/api/moderate/email?commentHex={{ .CommentHex }}&action=delete&unsubscribeSecretHex={{ $.UnsubscribeSecretHex }}" target="_black" class="option red" style="padding-right:5px;text-transform:uppercase;font-size:12px;font-weight:bold;text-decoration:none;color:#f03e3e;">Delete</a>
+                  <a href="{{ $.Origin }}/api/email/moderate?commentHex={{ .CommentHex }}&action=delete&unsubscribeSecretHex={{ $.UnsubscribeSecretHex }}" target="_black" class="option red" style="padding-right:5px;text-transform:uppercase;font-size:12px;font-weight:bold;text-decoration:none;color:#f03e3e;">Delete</a>
             {{ end }}
                 <a href="http://{{ .Domain }}{{ .Path }}#commento-{{ .CommentHex }}" class="option gray" style="padding-right:5px;text-transform:uppercase;font-size:12px;font-weight:bold;text-decoration:none;color:#495057;">Context</a>
           </div>