api/controllers/ReviewController.ts

/**
 * This file is part of SudoBot.
 *
 * Copyright (C) 2021-2023 OSN Developers.
 *
 * SudoBot is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * SudoBot is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
 */

import { NextFunction } from "express";
import { rateLimit } from "express-rate-limit";
import { z } from "zod";
import { Action } from "../../decorators/Action";
import { EnableAdminAccessControl } from "../../decorators/EnableAdminAccessControl";
import { Validate } from "../../decorators/Validate";
import { logError } from "../../utils/logger";
import Controller from "../Controller";
import Request from "../Request";

const ratelimiter = rateLimit({
    max: 2,
    windowMs: 1000 * 60 * 60 * 12,
    validate: false,
    standardHeaders: true,
    legacyHeaders: false
});

export default class ReviewController extends Controller {
    @Action("GET", "/reviews")
    public async index() {
        return await this.client.prisma.review.findMany({
            where: {
                approved: true
            },
            take: 10,
            orderBy: {
                rating: "desc"
            },
            select: {
                aboutReviewer: true,
                id: true,
                content: true,
                approved: true,
                email: false,
                discordId: false,
                rating: true,
                reviewer: true,
                ip: false
            }
        });
    }

    @Action("POST", "/reviews", [(_: any, req: any, res: any, next: NextFunction) => ratelimiter(req, res, next)])
    @Validate(
        z.object({
            rating: z.number().int().min(0).max(5),
            content: z.string(),
            reviewer: z.string().optional(),
            discord_id: z.string().optional(),
            email: z.string().optional(),
            about_reviewer: z.string().optional()
        })
    )
    public async store(request: Request) {
        const {
            rating,
            content,
            about_reviewer: aboutReviewer,
            discord_id: discordId,
            email,
            reviewer
        } = request.parsedBody ?? {};

        await this.client.prisma.review.create({
            data: {
                rating,
                content,
                approved: false,
                aboutReviewer,
                discordId,
                email,
                reviewer,
                ip: request.ip
            }
        });

        return { success: true };
    }

    @Action("PATCH", "/reviews/:id")
    @EnableAdminAccessControl()
    @Validate(
        z.object({
            approved: z.boolean()
        })
    )
    async update(request: Request) {
        const { approved } = request.parsedBody ?? {};

        await this.client.prisma.review
            .update({
                where: {
                    id: parseInt(request.params.id)
                },
                data: {
                    approved
                }
            })
            .catch(logError);

        return {
            status: approved ? "Approved" : "Not approved"
        };
    }
}
1	rakinar2	577	/**
2			* This file is part of SudoBot.
3			*
4			* Copyright (C) 2021-2023 OSN Developers.
5			*
6			* SudoBot is free software; you can redistribute it and/or modify it
7			* under the terms of the GNU Affero General Public License as published by
8			* the Free Software Foundation, either version 3 of the License, or
9			* (at your option) any later version.
10			*
11			* SudoBot is distributed in the hope that it will be useful, but
12			* WITHOUT ANY WARRANTY; without even the implied warranty of
13			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14			* GNU Affero General Public License for more details.
15			*
16			* You should have received a copy of the GNU Affero General Public License
17			* along with SudoBot. If not, see <https://www.gnu.org/licenses/>.
18			*/
19
20			import { NextFunction } from "express";
21			import { rateLimit } from "express-rate-limit";
22			import { z } from "zod";
23			import { Action } from "../../decorators/Action";
24			import { EnableAdminAccessControl } from "../../decorators/EnableAdminAccessControl";
25			import { Validate } from "../../decorators/Validate";
26			import { logError } from "../../utils/logger";
27			import Controller from "../Controller";
28			import Request from "../Request";
29
30			const ratelimiter = rateLimit({
31			max: 2,
32			windowMs: 1000 * 60 * 60 * 12,
33			validate: false,
34			standardHeaders: true,
35			legacyHeaders: false
36			});
37
38			export default class ReviewController extends Controller {
39			@Action("GET", "/reviews")
40			public async index() {
41			return await this.client.prisma.review.findMany({
42			where: {
43			approved: true
44			},
45			take: 10,
46			orderBy: {
47			rating: "desc"
48			},
49			select: {
50			aboutReviewer: true,
51			id: true,
52			content: true,
53			approved: true,
54			email: false,
55			discordId: false,
56			rating: true,
57			reviewer: true,
58			ip: false
59			}
60			});
61			}
62
63			@Action("POST", "/reviews", [(_: any, req: any, res: any, next: NextFunction) => ratelimiter(req, res, next)])
64			@Validate(
65			z.object({
66			rating: z.number().int().min(0).max(5),
67			content: z.string(),
68			reviewer: z.string().optional(),
69			discord_id: z.string().optional(),
70			email: z.string().optional(),
71			about_reviewer: z.string().optional()
72			})
73			)
74			public async store(request: Request) {
75			const {
76			rating,
77			content,
78			about_reviewer: aboutReviewer,
79			discord_id: discordId,
80			email,
81			reviewer
82			} = request.parsedBody ?? {};
83
84			await this.client.prisma.review.create({
85			data: {
86			rating,
87			content,
88			approved: false,
89			aboutReviewer,
90			discordId,
91			email,
92			reviewer,
93			ip: request.ip
94			}
95			});
96
97			return { success: true };
98			}
99
100			@Action("PATCH", "/reviews/:id")
101			@EnableAdminAccessControl()
102			@Validate(
103			z.object({
104			approved: z.boolean()
105			})
106			)
107			async update(request: Request) {
108			const { approved } = request.parsedBody ?? {};
109
110			await this.client.prisma.review
111			.update({
112			where: {
113			id: parseInt(request.params.id)
114			},
115			data: {
116			approved
117			}
118			})
119			.catch(logError);
120
121			return {
122			status: approved ? "Approved" : "Not approved"
123			};
124			}
125			}