commento/api/comment_approve.go
Adhityaa ef0f45527a everywhere: use different session cookie names
If the user is hosting the dashboard in the same domain as
their blog (with a nginx suburi, for example), the two session
cookies clash; logging into one service logs you out of the other.
With this patch, both have separate names.

Fixes https://gitlab.com/commento/commento-ce/issues/49
2018-06-20 08:59:55 +05:30

69 lines
1.4 KiB
Go

package main
import (
"net/http"
)
func commentApprove(commentHex string) error {
if commentHex == "" {
return errorMissingField
}
statement := `
UPDATE comments
SET state = 'approved'
WHERE commentHex = $1;
`
_, err := db.Exec(statement, commentHex)
if err != nil {
logger.Errorf("cannot approve comment: %v", err)
return errorInternal
}
return nil
}
func commentApproveHandler(w http.ResponseWriter, r *http.Request) {
type request struct {
CommenterToken *string `json:"commenterToken"`
CommentHex *string `json:"commentHex"`
}
var x request
if err := unmarshalBody(r, &x); err != nil {
writeBody(w, response{"success": false, "message": err.Error()})
return
}
c, err := commenterGetByCommenterToken(*x.CommenterToken)
if err != nil {
writeBody(w, response{"success": false, "message": err.Error()})
return
}
domain, err := commentDomainGet(*x.CommentHex)
if err != nil {
writeBody(w, response{"success": false, "message": err.Error()})
return
}
isModerator, err := isDomainModerator(domain, c.Email)
if err != nil {
writeBody(w, response{"success": false, "message": err.Error()})
return
}
if !isModerator {
writeBody(w, response{"success": false, "message": errorNotModerator.Error()})
return
}
if err = commentApprove(*x.CommentHex); err != nil {
writeBody(w, response{"success": false, "message": err.Error()})
return
}
writeBody(w, response{"success": true})
}