Dateien nach "backend/src/tools/nachrichten" hochladen
This commit is contained in:
@@ -37,10 +37,10 @@ router.get('/users', authenticate, (req, res) => {
|
||||
const users = db.prepare(`
|
||||
SELECT u.id, u.username, uk.public_key,
|
||||
(SELECT COUNT(*) FROM messages
|
||||
WHERE sender_id = u.id AND recipient_id = ? AND read_by_recipient = 0 AND deleted_by_recipient = 0) AS unread,
|
||||
WHERE sender_id = u.id AND recipient_id = ? AND read_by_recipient = 0) AS unread,
|
||||
(SELECT MAX(created_at) FROM messages
|
||||
WHERE ((sender_id = u.id AND recipient_id = ? AND deleted_by_recipient = 0)
|
||||
OR (sender_id = ? AND recipient_id = u.id AND deleted_by_sender = 0))) AS last_message_at
|
||||
WHERE (sender_id = u.id AND recipient_id = ?)
|
||||
OR (sender_id = ? AND recipient_id = u.id)) AS last_message_at
|
||||
FROM users u
|
||||
LEFT JOIN user_keys uk ON uk.user_id = u.id
|
||||
WHERE u.id != ?
|
||||
@@ -52,7 +52,7 @@ router.get('/users', authenticate, (req, res) => {
|
||||
// ── Unread Count ──────────────────────────────────────────────────────────────
|
||||
router.get('/unread', authenticate, (req, res) => {
|
||||
const row = db.prepare(
|
||||
'SELECT COUNT(*) AS count FROM messages WHERE recipient_id = ? AND read_by_recipient = 0 AND deleted_by_recipient = 0'
|
||||
'SELECT COUNT(*) AS count FROM messages WHERE recipient_id = ? AND read_by_recipient = 0'
|
||||
).get(req.user.id);
|
||||
res.json({ count: row.count });
|
||||
});
|
||||
@@ -62,19 +62,18 @@ router.get('/messages/:userId', authenticate, (req, res) => {
|
||||
const me = req.user.id;
|
||||
const other = parseInt(req.params.userId);
|
||||
|
||||
// Mark incoming as read
|
||||
db.prepare(`
|
||||
UPDATE messages SET read_by_recipient = 1
|
||||
WHERE recipient_id = ? AND sender_id = ? AND read_by_recipient = 0
|
||||
`).run(me, other);
|
||||
|
||||
const msgs = db.prepare(`
|
||||
SELECT m.id, m.sender_id, m.encrypted_content, m.iv, m.created_at,
|
||||
(m.sender_id = ?) AS is_mine
|
||||
FROM messages m
|
||||
WHERE (m.sender_id = ? AND m.recipient_id = ? AND m.deleted_by_sender = 0)
|
||||
OR (m.recipient_id = ? AND m.sender_id = ? AND m.deleted_by_recipient = 0)
|
||||
ORDER BY m.created_at ASC
|
||||
SELECT id, sender_id, encrypted_content, iv, created_at,
|
||||
(sender_id = ?) AS is_mine
|
||||
FROM messages
|
||||
WHERE (sender_id = ? AND recipient_id = ?)
|
||||
OR (recipient_id = ? AND sender_id = ?)
|
||||
ORDER BY created_at ASC
|
||||
`).all(me, me, other, me, other);
|
||||
|
||||
res.json(msgs);
|
||||
@@ -89,12 +88,10 @@ router.post('/messages/:userId', authenticate, async (req, res) => {
|
||||
const recipient = db.prepare('SELECT id FROM users WHERE id = ?').get(recipId);
|
||||
if (!recipient) return res.status(404).json({ error: 'Benutzer nicht gefunden' });
|
||||
|
||||
const result = db.prepare(`
|
||||
INSERT INTO messages (sender_id, recipient_id, encrypted_content, iv)
|
||||
VALUES (?, ?, ?, ?)
|
||||
`).run(me, recipId, encrypted_content, iv);
|
||||
const result = db.prepare(
|
||||
'INSERT INTO messages (sender_id, recipient_id, encrypted_content, iv) VALUES (?, ?, ?, ?)'
|
||||
).run(me, recipId, encrypted_content, iv);
|
||||
|
||||
// Pushover notification
|
||||
const senderName = db.prepare('SELECT username FROM users WHERE id = ?').get(me)?.username || 'Jemand';
|
||||
const pushover = db.prepare('SELECT * FROM pushover_settings WHERE user_id = ?').get(recipId);
|
||||
if (pushover) {
|
||||
@@ -104,41 +101,34 @@ router.post('/messages/:userId', authenticate, async (req, res) => {
|
||||
res.json({ id: result.lastInsertRowid });
|
||||
});
|
||||
|
||||
// DELETE single message (own side only)
|
||||
// DELETE einzelne Nachricht – hard delete, beide Seiten dürfen löschen
|
||||
router.delete('/messages/:messageId', authenticate, (req, res) => {
|
||||
const me = req.user.id;
|
||||
const mid = parseInt(req.params.messageId);
|
||||
const msg = db.prepare('SELECT * FROM messages WHERE id = ?').get(mid);
|
||||
if (!msg) return res.status(404).json({ error: 'Nicht gefunden' });
|
||||
if (msg.sender_id !== me && msg.recipient_id !== me)
|
||||
return res.status(403).json({ error: 'Kein Zugriff' });
|
||||
|
||||
if (msg.sender_id === me) {
|
||||
db.prepare('UPDATE messages SET deleted_by_sender = 1 WHERE id = ?').run(mid);
|
||||
} else {
|
||||
db.prepare('UPDATE messages SET deleted_by_recipient = 1 WHERE id = ?').run(mid);
|
||||
}
|
||||
// Physical delete when both sides have deleted
|
||||
db.prepare('DELETE FROM messages WHERE id = ? AND deleted_by_sender = 1 AND deleted_by_recipient = 1').run(mid);
|
||||
db.prepare(
|
||||
'DELETE FROM messages WHERE id = ? AND (sender_id = ? OR recipient_id = ?)'
|
||||
).run(mid, me, me);
|
||||
res.json({ ok: true });
|
||||
});
|
||||
|
||||
// DELETE entire conversation (own side)
|
||||
// DELETE gesamte Konversation – hard delete
|
||||
router.delete('/conversation/:userId', authenticate, (req, res) => {
|
||||
const me = req.user.id;
|
||||
const other = parseInt(req.params.userId);
|
||||
|
||||
db.prepare('UPDATE messages SET deleted_by_sender = 1 WHERE sender_id = ? AND recipient_id = ?').run(me, other);
|
||||
db.prepare('UPDATE messages SET deleted_by_recipient = 1 WHERE recipient_id = ? AND sender_id = ?').run(me, other);
|
||||
// Physical cleanup where both deleted
|
||||
db.prepare(`
|
||||
DELETE FROM messages
|
||||
WHERE deleted_by_sender = 1 AND deleted_by_recipient = 1
|
||||
AND ((sender_id = ? AND recipient_id = ?) OR (sender_id = ? AND recipient_id = ?))
|
||||
WHERE (sender_id = ? AND recipient_id = ?) OR (sender_id = ? AND recipient_id = ?)
|
||||
`).run(me, other, other, me);
|
||||
res.json({ ok: true });
|
||||
});
|
||||
|
||||
// DELETE alle eigenen Nachrichten (für Schlüssel-Reset)
|
||||
router.delete('/my-messages', authenticate, (req, res) => {
|
||||
db.prepare('DELETE FROM messages WHERE sender_id = ? OR recipient_id = ?')
|
||||
.run(req.user.id, req.user.id);
|
||||
res.json({ ok: true });
|
||||
});
|
||||
|
||||
// ── Pushover Settings ─────────────────────────────────────────────────────────
|
||||
router.get('/pushover', authenticate, (req, res) => {
|
||||
const row = db.prepare('SELECT user_key, app_token FROM pushover_settings WHERE user_id = ?').get(req.user.id);
|
||||
|
||||
Reference in New Issue
Block a user