Finished directory API.
This commit is contained in:
parent
2859349444
commit
36a45e9812
59
index.js
59
index.js
|
|
@ -796,6 +796,65 @@ app.delete('/api/v1/user/dir/deleteEntry/:number', async (req, res) => {
|
|||
});
|
||||
});
|
||||
|
||||
// User directory endpoint to mass update entries, with boolean 'replace' field to indicate if existing entries should be replaced with the new list.
|
||||
app.post('/api/v1/user/dir/massUpdate', async (req, res) => {
|
||||
const apiKey = req.headers['authorization'] ? req.headers['authorization'].replace('Bearer ', '') : null;
|
||||
if (!apiKey) {
|
||||
res.status(401).json({ error: 'API Key is required!' });
|
||||
return;
|
||||
}
|
||||
const routeData = await pool.query("SELECT * FROM routes WHERE apiKey = ?", [apiKey]);
|
||||
if (!routeData || routeData.length === 0) {
|
||||
res.status(401).json({ error: 'Unauthorized' });
|
||||
return;
|
||||
}
|
||||
|
||||
// Validate all entries, make sure we check that each number is within the block range for the current user
|
||||
|
||||
|
||||
const route = routeData[0];
|
||||
const entries = req.body.entries;
|
||||
const replace = req.body.replace || false;
|
||||
if (!Array.isArray(entries)) {
|
||||
res.status(400).json({ error: 'Bad Request. Not array' });
|
||||
return;
|
||||
}
|
||||
for (const entry of entries) {
|
||||
const number = Number(entry.number);
|
||||
const name = String(entry.name);
|
||||
if (!number || !name) {
|
||||
res.status(400).json({ error: 'Bad Request. Number Or Name' });
|
||||
return;
|
||||
}
|
||||
if (number < route.block_start || number > route.block_start + route.block_length) {
|
||||
res.status(403).json({ error: 'Forbidden' });
|
||||
return;
|
||||
}
|
||||
}
|
||||
if(replace) {
|
||||
// Delete all existing entries for this route
|
||||
await pool.query('DELETE FROM directory WHERE route = ?', [route.id]);
|
||||
}
|
||||
// Insert or update entries
|
||||
for (const entry of entries) {
|
||||
const number = Number(entry.number);
|
||||
const name = String(entry.name);
|
||||
// Remove html
|
||||
const safeName = require("escape-html")(name);
|
||||
// If number already exists, update, otherwise insert
|
||||
const existingEntries = await pool.query('SELECT * FROM directory WHERE number = ? AND route = ?', [number, route.id]);
|
||||
const row = existingEntries[0];
|
||||
if (row) {
|
||||
await pool.query('UPDATE directory SET name = ? WHERE number = ? AND route = ?',
|
||||
[safeName, number, route.id]);
|
||||
} else {
|
||||
await pool.query('INSERT INTO directory (number, name, route) VALUES (?, ?, ?)',
|
||||
[number, safeName, route.id]);
|
||||
}
|
||||
}
|
||||
res.json({ message: 'Mass update completed' });
|
||||
});
|
||||
|
||||
// == END USER ROUTES ==
|
||||
|
||||
// == Directory routes == (unauthenticated)
|
||||
|
|
|
|||
Loading…
Reference in a new issue