diff --git a/backend/src/tools/nachrichten/routes.js b/backend/src/tools/nachrichten/routes.js index e22947c..f3eaab5 100644 --- a/backend/src/tools/nachrichten/routes.js +++ b/backend/src/tools/nachrichten/routes.js @@ -37,10 +37,10 @@ router.get('/users', authenticate, (req, res) => { const users = db.prepare(` SELECT u.id, u.username, uk.public_key, (SELECT COUNT(*) FROM messages - WHERE sender_id = u.id AND recipient_id = ? AND read_by_recipient = 0 AND deleted_by_recipient = 0) AS unread, + WHERE sender_id = u.id AND recipient_id = ? AND read_by_recipient = 0) AS unread, (SELECT MAX(created_at) FROM messages - WHERE ((sender_id = u.id AND recipient_id = ? AND deleted_by_recipient = 0) - OR (sender_id = ? AND recipient_id = u.id AND deleted_by_sender = 0))) AS last_message_at + WHERE (sender_id = u.id AND recipient_id = ?) + OR (sender_id = ? AND recipient_id = u.id)) AS last_message_at FROM users u LEFT JOIN user_keys uk ON uk.user_id = u.id WHERE u.id != ? @@ -52,7 +52,7 @@ router.get('/users', authenticate, (req, res) => { // ── Unread Count ────────────────────────────────────────────────────────────── router.get('/unread', authenticate, (req, res) => { const row = db.prepare( - 'SELECT COUNT(*) AS count FROM messages WHERE recipient_id = ? AND read_by_recipient = 0 AND deleted_by_recipient = 0' + 'SELECT COUNT(*) AS count FROM messages WHERE recipient_id = ? AND read_by_recipient = 0' ).get(req.user.id); res.json({ count: row.count }); }); @@ -62,19 +62,18 @@ router.get('/messages/:userId', authenticate, (req, res) => { const me = req.user.id; const other = parseInt(req.params.userId); - // Mark incoming as read db.prepare(` UPDATE messages SET read_by_recipient = 1 WHERE recipient_id = ? AND sender_id = ? AND read_by_recipient = 0 `).run(me, other); const msgs = db.prepare(` - SELECT m.id, m.sender_id, m.encrypted_content, m.iv, m.created_at, - (m.sender_id = ?) AS is_mine - FROM messages m - WHERE (m.sender_id = ? AND m.recipient_id = ? AND m.deleted_by_sender = 0) - OR (m.recipient_id = ? AND m.sender_id = ? AND m.deleted_by_recipient = 0) - ORDER BY m.created_at ASC + SELECT id, sender_id, encrypted_content, iv, created_at, + (sender_id = ?) AS is_mine + FROM messages + WHERE (sender_id = ? AND recipient_id = ?) + OR (recipient_id = ? AND sender_id = ?) + ORDER BY created_at ASC `).all(me, me, other, me, other); res.json(msgs); @@ -89,12 +88,10 @@ router.post('/messages/:userId', authenticate, async (req, res) => { const recipient = db.prepare('SELECT id FROM users WHERE id = ?').get(recipId); if (!recipient) return res.status(404).json({ error: 'Benutzer nicht gefunden' }); - const result = db.prepare(` - INSERT INTO messages (sender_id, recipient_id, encrypted_content, iv) - VALUES (?, ?, ?, ?) - `).run(me, recipId, encrypted_content, iv); + const result = db.prepare( + 'INSERT INTO messages (sender_id, recipient_id, encrypted_content, iv) VALUES (?, ?, ?, ?)' + ).run(me, recipId, encrypted_content, iv); - // Pushover notification const senderName = db.prepare('SELECT username FROM users WHERE id = ?').get(me)?.username || 'Jemand'; const pushover = db.prepare('SELECT * FROM pushover_settings WHERE user_id = ?').get(recipId); if (pushover) { @@ -104,41 +101,34 @@ router.post('/messages/:userId', authenticate, async (req, res) => { res.json({ id: result.lastInsertRowid }); }); -// DELETE single message (own side only) +// DELETE einzelne Nachricht – hard delete, beide Seiten dürfen löschen router.delete('/messages/:messageId', authenticate, (req, res) => { const me = req.user.id; const mid = parseInt(req.params.messageId); - const msg = db.prepare('SELECT * FROM messages WHERE id = ?').get(mid); - if (!msg) return res.status(404).json({ error: 'Nicht gefunden' }); - if (msg.sender_id !== me && msg.recipient_id !== me) - return res.status(403).json({ error: 'Kein Zugriff' }); - - if (msg.sender_id === me) { - db.prepare('UPDATE messages SET deleted_by_sender = 1 WHERE id = ?').run(mid); - } else { - db.prepare('UPDATE messages SET deleted_by_recipient = 1 WHERE id = ?').run(mid); - } - // Physical delete when both sides have deleted - db.prepare('DELETE FROM messages WHERE id = ? AND deleted_by_sender = 1 AND deleted_by_recipient = 1').run(mid); + db.prepare( + 'DELETE FROM messages WHERE id = ? AND (sender_id = ? OR recipient_id = ?)' + ).run(mid, me, me); res.json({ ok: true }); }); -// DELETE entire conversation (own side) +// DELETE gesamte Konversation – hard delete router.delete('/conversation/:userId', authenticate, (req, res) => { const me = req.user.id; const other = parseInt(req.params.userId); - - db.prepare('UPDATE messages SET deleted_by_sender = 1 WHERE sender_id = ? AND recipient_id = ?').run(me, other); - db.prepare('UPDATE messages SET deleted_by_recipient = 1 WHERE recipient_id = ? AND sender_id = ?').run(me, other); - // Physical cleanup where both deleted db.prepare(` DELETE FROM messages - WHERE deleted_by_sender = 1 AND deleted_by_recipient = 1 - AND ((sender_id = ? AND recipient_id = ?) OR (sender_id = ? AND recipient_id = ?)) + WHERE (sender_id = ? AND recipient_id = ?) OR (sender_id = ? AND recipient_id = ?) `).run(me, other, other, me); res.json({ ok: true }); }); +// DELETE alle eigenen Nachrichten (für Schlüssel-Reset) +router.delete('/my-messages', authenticate, (req, res) => { + db.prepare('DELETE FROM messages WHERE sender_id = ? OR recipient_id = ?') + .run(req.user.id, req.user.id); + res.json({ ok: true }); +}); + // ── Pushover Settings ───────────────────────────────────────────────────────── router.get('/pushover', authenticate, (req, res) => { const row = db.prepare('SELECT user_key, app_token FROM pushover_settings WHERE user_id = ?').get(req.user.id);