feat(api): create review endpoints for creating, editing, deletion and replying

server/api/review/[revid]/index.delete.ts

@@ -0,0 +1,36 @@
+import { messages } from "~/lib/server/constants";
+import isLoggedIn from "~/lib/server/middlewareButNotReally/isLoggedIn";
+import { Story } from "~/models/stories";
+import { Review } from "~/models/stories/review";
+
+export default eventHandler(async (ev) => {
+	isLoggedIn(ev);
+	const revid = parseInt(getRouterParam(ev, "revid")!);
+	let c2d = await Review.findById(revid);
+	if (!c2d) {
+		throw createError({
+			statusCode: 404,
+			message: messages[404],
+		});
+	}
+	let s2v = await Story.findById(c2d!.leftOn);
+	if (!s2v)
+		throw createError({
+			statusCode: 400,
+			message: "bad parameter",
+		});
+	if (
+		ev.context.currentUser!._id != s2v?.author &&
+		ev.context.currentUser!._id != c2d._id
+	)
+		throw createError({
+			statusCode: 403,
+			message: messages[403],
+		});
+	s2v.reviews += 1;
+	await s2v!.save();
+	await Review.findByIdAndRemove(revid);
+	return {
+		success: true,
+	};
+});

server/api/review/[revid]/index.get.ts

@@ -0,0 +1,16 @@
+import { messages } from "~/lib/server/constants";
+import { Review } from "~/models/stories/review";
+
+export default eventHandler(async (ev) => {
+	const revid = parseInt(getRouterParam(ev, "revid")!);
+	const r = await Review.findById(revid)
+		.populate("author", "username _id")
+		.exec();
+	if (!r) {
+		throw createError({
+			statusCode: 404,
+			message: messages[404],
+		});
+	}
+	return r.toObject();
+});

server/api/review/[revid]/index.put.ts

@@ -0,0 +1,34 @@
+import san from "sanitize-html";
+import { messages } from "~/lib/server/constants";
+import isLoggedIn from "~/lib/server/middlewareButNotReally/isLoggedIn";
+import { Review } from "~/models/stories/review";
+
+export default eventHandler(async (ev) => {
+	isLoggedIn(ev);
+	const revid = parseInt(getRouterParam(ev, "revid")!);
+	let c = await Review.findById(revid);
+	if (!c) {
+		throw createError({
+			statusCode: 404,
+			message: messages[404],
+		});
+	}
+	if (c?.author != ev.context.currentUser?._id) {
+		throw createError({
+			message: messages[403],
+			statusCode: 403,
+		});
+	}
+	const body = await readBody(ev);
+	await Review.findByIdAndUpdate(revid, {
+		$set: {
+			text: san(body.content),
+		},
+	});
+	return {
+		success: true,
+		data: await Review.findById(revid)
+			.populate("author", "username _id")
+			.exec(),
+	};
+});

server/api/review/[revid]/reply.post.ts

@@ -0,0 +1,50 @@
+import san from "sanitize-html";
+import { messages } from "~/lib/server/constants";
+import isLoggedIn from "~/lib/server/middlewareButNotReally/isLoggedIn";
+import { Story } from "~/models/stories";
+import { Review } from "~/models/stories/review";
+
+export default eventHandler(async (ev) => {
+	isLoggedIn(ev);
+	const revid = parseInt(getRouterParam(ev, "revid")!);
+	let replyingTo = await Review.findOne({
+		_id: revid,
+	})
+		.populate("author", "username _id blocked")
+		.exec();
+	if (!replyingTo) {
+		throw createError({
+			statusCode: 404,
+			message: messages[404],
+		});
+	}
+	if (
+		replyingTo?.author.blocked.includes(ev.context.currentUser!._id) ||
+		ev.context.currentUser!.blocked.includes(replyingTo?.author._id)
+	) {
+		throw createError({
+			statusCode: 403,
+			message: "That didn't work",
+		});
+	}
+	const body = await readBody(ev);
+	const newReply = new Review({
+		author: ev.context.currentUser!._id,
+		replyingTo: revid,
+		text: san(body.content),
+		leftOn: replyingTo?.leftOn,
+		whichChapter: replyingTo.whichChapter,
+		datePosted: new Date(),
+	});
+	let nrs = await newReply.save();
+	replyingTo.replies.push(nrs._id);
+	await replyingTo.save();
+	const story = await Story.findById(replyingTo.leftOn);
+	return {
+		back: `/story/${replyingTo.leftOn}/${
+			story!.chapters.findIndex((x) => x.id === nrs.whichChapter) + 1
+		}`,
+		data: nrs.toObject(),
+		success: true,
+	};
+});