api/controllers/ReviewController.ts

/**
 * This file is part of SudoBot.
 *
 * Copyright (C) 2021-2023 OSN Developers.
 *
 * SudoBot is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * SudoBot is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
 */

import { NextFunction } from "express";
import { rateLimit } from "express-rate-limit";
import { z } from "zod";
import { Action } from "../../decorators/Action";
import { EnableAdminAccessControl } from "../../decorators/EnableAdminAccessControl";
import { Validate } from "../../decorators/Validate";
import { logError } from "../../utils/logger";
import Controller from "../Controller";
import Request from "../Request";

const ratelimiter = rateLimit({
    max: 2,
    windowMs: 1000 * 60 * 60 * 12,
    validate: false,
    standardHeaders: true,
    legacyHeaders: false
});

export default class ReviewController extends Controller {
    @Action("GET", "/reviews")
    public async index() {
        return await this.client.prisma.review.findMany({
            where: {
                approved: true
            },
            take: 10,
            orderBy: {
                rating: "desc"
            },
            select: {
                aboutReviewer: true,
                id: true,
                content: true,
                approved: true,
                email: false,
                discordId: false,
                rating: true,
                reviewer: true
            }
        });
    }

    @Action("POST", "/reviews", [(_: any, req: any, res: any, next: NextFunction) => ratelimiter(req, res, next)])
    @Validate(
        z.object({
            rating: z.number().int().min(0).max(5),
            content: z.string(),
            reviewer: z.string().optional(),
            discord_id: z.string().optional(),
            email: z.string().optional(),
            about_reviewer: z.string().optional()
        })
    )
    public async store(request: Request) {
        const {
            rating,
            content,
            about_reviewer: aboutReviewer,
            discord_id: discordId,
            email,
            reviewer
        } = request.parsedBody ?? {};

        await this.client.prisma.review.create({
            data: {
                rating,
                content,
                approved: false,
                aboutReviewer,
                discordId,
                email,
                reviewer
            }
        });

        return { success: true };
    }

    @Action("PATCH", "/reviews/:id")
    @EnableAdminAccessControl()
    @Validate(
        z.object({
            approved: z.boolean()
        })
    )
    async update(request: Request) {
        const { approved } = request.parsedBody ?? {};

        await this.client.prisma.review
            .update({
                where: {
                    id: parseInt(request.params.id)
                },
                data: {
                    approved
                }
            })
            .catch(logError);

        return {
            status: approved ? "Approved" : "Not approved"
        };
    }
}
1	rakinar2	577	/**
2			* This file is part of SudoBot.
3			*
4			* Copyright (C) 2021-2023 OSN Developers.
5			*
6			* SudoBot is free software; you can redistribute it and/or modify it
7			* under the terms of the GNU Affero General Public License as published by
8			* the Free Software Foundation, either version 3 of the License, or
9			* (at your option) any later version.
10			*
11			* SudoBot is distributed in the hope that it will be useful, but
12			* WITHOUT ANY WARRANTY; without even the implied warranty of
13			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14			* GNU Affero General Public License for more details.
15			*
16			* You should have received a copy of the GNU Affero General Public License
17			* along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
18			*/
19
20			import { NextFunction } from "express";
21			import { rateLimit } from "express-rate-limit";
22			import { z } from "zod";
23			import { Action } from "../../decorators/Action";
24			import { EnableAdminAccessControl } from "../../decorators/EnableAdminAccessControl";
25			import { Validate } from "../../decorators/Validate";
26			import { logError } from "../../utils/logger";
27			import Controller from "../Controller";
28			import Request from "../Request";
29
30			const ratelimiter = rateLimit({
31			max: 2,
32			windowMs: 1000 * 60 * 60 * 12,
33			validate: false,
34			standardHeaders: true,
35			legacyHeaders: false
36			});
37
38			export default class ReviewController extends Controller {
39			@Action("GET", "/reviews")
40			public async index() {
41			return await this.client.prisma.review.findMany({
42			where: {
43			approved: true
44			},
45			take: 10,
46			orderBy: {
47			rating: "desc"
48			},
49			select: {
50			aboutReviewer: true,
51			id: true,
52			content: true,
53			approved: true,
54			email: false,
55			discordId: false,
56			rating: true,
57			reviewer: true
58			}
59			});
60			}
61
62			@Action("POST", "/reviews", [(_: any, req: any, res: any, next: NextFunction) => ratelimiter(req, res, next)])
63			@Validate(
64			z.object({
65			rating: z.number().int().min(0).max(5),
66			content: z.string(),
67			reviewer: z.string().optional(),
68			discord_id: z.string().optional(),
69			email: z.string().optional(),
70			about_reviewer: z.string().optional()
71			})
72			)
73			public async store(request: Request) {
74			const {
75			rating,
76			content,
77			about_reviewer: aboutReviewer,
78			discord_id: discordId,
79			email,
80			reviewer
81			} = request.parsedBody ?? {};
82
83			await this.client.prisma.review.create({
84			data: {
85			rating,
86			content,
87			approved: false,
88			aboutReviewer,
89			discordId,
90			email,
91			reviewer
92			}
93			});
94
95			return { success: true };
96			}
97
98			@Action("PATCH", "/reviews/:id")
99			@EnableAdminAccessControl()
100			@Validate(
101			z.object({
102			approved: z.boolean()
103			})
104			)
105			async update(request: Request) {
106			const { approved } = request.parsedBody ?? {};
107
108			await this.client.prisma.review
109			.update({
110			where: {
111			id: parseInt(request.params.id)
112			},
113			data: {
114			approved
115			}
116			})
117			.catch(logError);
118
119			return {
120			status: approved ? "Approved" : "Not approved"
121			};
122			}
123			}