Add edit, delete and emojis on messages

Author: MartinBraquet

backend/api/src/app.ts

@@ -69,6 +69,9 @@ import {localSendTestEmail} from "api/test";
 import path from "node:path";
 import {saveSubscriptionMobile} from "api/save-subscription-mobile";
 import {IS_LOCAL} from "common/hosting/constants";
+import {editMessage} from "api/edit-message";
+import {reactToMessage} from "api/react-to-message";
+import {deleteMessage} from "api/delete-message";
 
 // const corsOptions: CorsOptions = {
 //   origin: ['*'], // Only allow requests from this domain
@@ -358,6 +361,9 @@ const handlers: { [k in APIPath]: APIHandler<k> } = {
   'save-subscription-mobile': saveSubscriptionMobile,
   'create-bookmarked-search': createBookmarkedSearch,
   'delete-bookmarked-search': deleteBookmarkedSearch,
+  'delete-message': deleteMessage,
+  'edit-message': editMessage,
+  'react-to-message': reactToMessage,
   // 'auth-google': authGoogle,
 }
 

backend/api/src/delete-message.ts

@@ -0,0 +1,64 @@
+import {APIError, APIHandler} from './helpers/endpoint'
+import {createSupabaseDirectClient} from 'shared/supabase/init'
+import {broadcastPrivateMessages} from "api/helpers/private-messages";
+
+// const DELETED_MESSAGE_CONTENT: JSONContent = {
+//   type: 'doc',
+//   content: [
+//     {
+//       type: 'paragraph',
+//       content: [
+//         {
+//           type: 'text',
+//           text: '[deleted]',
+//         },
+//       ],
+//     },
+//   ],
+// }
+
+export const deleteMessage: APIHandler<'delete-message'> = async ({messageId}, auth) => {
+  const pg = createSupabaseDirectClient()
+
+  // Verify user is the message author and message is not too old
+  const message = await pg.oneOrNone(
+    `SELECT *
+     FROM private_user_messages
+     WHERE id = $1
+       AND user_id = $2`,
+    [messageId, auth.uid]
+  )
+
+  if (!message) {
+    throw new APIError(404, 'Message not found')
+  }
+
+  // Soft delete the message
+  // await pg.none(
+  //   `UPDATE private_user_messages
+  //    SET deleted = TRUE,
+  //        content = $2::jsonb,
+  //        ciphertext = NULL,
+  //        iv = NULL,
+  //        tag = NULL
+  //    WHERE id = $1`,
+  //   [messageId, DELETED_MESSAGE_CONTENT]
+  // )
+
+  // Hard delete the message
+  await pg.none(
+    `DELETE
+     FROM private_user_messages
+     WHERE id = $1
+       AND user_id = $2`,
+    [messageId, auth.uid]
+  )
+
+  void broadcastPrivateMessages(pg, message.channel_id, auth.uid)
+    .catch((err) => {
+      console.error('broadcastPrivateMessages failed', err)
+    })
+
+  return {success: true}
+}
+

backend/api/src/edit-message.ts

@@ -0,0 +1,44 @@
+import {APIError, APIHandler} from './helpers/endpoint'
+import {createSupabaseDirectClient} from 'shared/supabase/init'
+import {encryptMessage} from "shared/encryption";
+import {broadcastPrivateMessages} from "api/helpers/private-messages";
+
+
+export const editMessage: APIHandler<'edit-message'> = async ({messageId, content}, auth) => {
+  const pg = createSupabaseDirectClient()
+
+  // Verify user is the message author and message is not too old
+  const message = await pg.oneOrNone(
+    `SELECT *
+     FROM private_user_messages
+     WHERE id = $1
+       AND user_id = $2
+       AND created_time > NOW() - INTERVAL '1 day'
+       AND deleted = FALSE`,
+    [messageId, auth.uid]
+  )
+
+  if (!message) {
+    throw new APIError(404, 'Message not found or cannot be edited')
+  }
+
+  const plaintext = JSON.stringify(content)
+  const {ciphertext, iv, tag} = encryptMessage(plaintext)
+  await pg.none(
+    `UPDATE private_user_messages
+     SET ciphertext   = $1,
+         iv = $2,
+         tag = $3,
+         is_edited = TRUE,
+         edited_at = NOW()
+     WHERE id = $4`,
+    [ciphertext, iv, tag, messageId]
+  )
+
+  void broadcastPrivateMessages(pg, message.channel_id, auth.uid)
+    .catch((err) => {
+      console.error('broadcastPrivateMessages failed', err)
+    })
+
+  return {success: true}
+}

backend/api/src/helpers/private-messages.ts

@@ -90,6 +90,27 @@ export const addUsersToPrivateMessageChannel = async (
   )
 }
 
+export async function broadcastPrivateMessages(
+  pg: SupabaseDirectClient,
+  channelId: number,
+  userId: string,
+) {
+  const otherUserIds = await pg.map<string>(
+    `select user_id
+     from private_user_message_channel_members
+     where channel_id = $1
+       and user_id != $2
+       and status != 'left'
+    `,
+    [channelId, userId],
+    (r) => r.user_id
+  )
+  otherUserIds.concat(userId).forEach((otherUserId) => {
+    broadcast(`private-user-messages/${otherUserId}`, {})
+  })
+  return otherUserIds;
+}
+
 export const createPrivateUserMessageMain = async (
   creator: User,
   channelId: number,
@@ -117,20 +138,7 @@ export const createPrivateUserMessageMain = async (
     channel_id: channelId,
     user_id: creator.id,
   }
-
-  const otherUserIds = await pg.map<string>(
-    `select user_id
-     from private_user_message_channel_members
-     where channel_id = $1
-       and user_id != $2
-       and status != 'left'
-    `,
-    [channelId, creator.id],
-    (r) => r.user_id
-  )
-  otherUserIds.concat(creator.id).forEach((otherUserId) => {
-    broadcast(`private-user-messages/${otherUserId}`, {})
-  })
+  const otherUserIds = await broadcastPrivateMessages(pg, channelId, creator.id);
 
   // Fire and forget safely
   void notifyOtherUserInChannelIfInactive(channelId, creator, content, pg)

backend/api/src/react-to-message.ts

@@ -0,0 +1,60 @@
+import {APIError, APIHandler} from './helpers/endpoint'
+import {createSupabaseDirectClient} from 'shared/supabase/init'
+import {broadcastPrivateMessages} from "api/helpers/private-messages";
+
+
+export const reactToMessage: APIHandler<'react-to-message'> = async ({messageId, reaction, toDelete}, auth) => {
+  const pg = createSupabaseDirectClient()
+
+  // Verify user is a member of the channel
+  const message = await pg.oneOrNone(
+    `SELECT *
+     FROM private_user_message_channel_members m
+              JOIN private_user_messages msg ON msg.channel_id = m.channel_id
+     WHERE m.user_id = $1
+       AND msg.id = $2`,
+    [auth.uid, messageId]
+  )
+
+  if (!message) {
+    throw new APIError(403, 'Not authorized to react to this message')
+  }
+
+  if (toDelete) {
+    // Remove the reaction
+    await pg.none(
+      `UPDATE private_user_messages
+       SET reactions = reactions - $1
+       WHERE id = $2
+       AND reactions -> $1 ? $3`,
+      [reaction, messageId, auth.uid]
+    )
+  } else {
+    // Toggle reaction
+    await pg.none(
+      `UPDATE private_user_messages
+       SET reactions =
+               CASE
+                   WHEN reactions -> $1 IS NOT NULL
+                       THEN reactions - $1
+                   ELSE jsonb_set(
+                           COALESCE(reactions, '{}'::jsonb),
+                           ARRAY [$1],
+                           (
+                               COALESCE(reactions -> $1, '[]'::jsonb) || to_jsonb($2::text)
+                               ),
+                           TRUE
+                        )
+                   END
+       WHERE id = $3`,
+      [reaction, auth.uid, messageId]
+    )
+  }
+
+  void broadcastPrivateMessages(pg, message.channel_id, auth.uid)
+    .catch((err) => {
+      console.error('broadcastPrivateMessages failed', err)
+    })
+
+  return {success: true}
+}

backend/supabase/migrations/20251106_add_message_actions.sql

@@ -0,0 +1,55 @@
+-- Add columns to support message actions
+ALTER TABLE private_user_messages 
+ADD COLUMN IF NOT EXISTS is_edited BOOLEAN DEFAULT FALSE,
+ADD COLUMN IF NOT EXISTS reactions JSONB DEFAULT '{}'::jsonb,
+ADD COLUMN IF NOT EXISTS deleted BOOLEAN DEFAULT FALSE,
+ADD COLUMN IF NOT EXISTS edited_at TIMESTAMPTZ;
+
+-- Create a function to update edited_at timestamp
+-- CREATE OR REPLACE FUNCTION update_edited_at()
+-- RETURNS TRIGGER AS $$
+-- BEGIN
+--     IF NEW.content <> OLD.content THEN
+--         NEW.is_edited := TRUE;
+--         NEW.edited_at := NOW();
+--     END IF;
+--     RETURN NEW;
+-- END;
+-- $$ LANGUAGE plpgsql;
+--
+-- -- Create a trigger to update edited_at when content changes
+-- DROP TRIGGER IF EXISTS update_private_message_edited_at ON private_user_messages;
+-- CREATE TRIGGER update_private_message_edited_at
+-- BEFORE UPDATE ON private_user_messages
+-- FOR EACH ROW
+-- WHEN (OLD.content IS DISTINCT FROM NEW.content)
+-- EXECUTE FUNCTION update_edited_at();
+
+-- Update RLS policies to allow message owners to update their messages
+-- DROP POLICY IF EXISTS "private message update" ON private_user_messages;
+-- CREATE POLICY "private message update" ON private_user_messages
+-- FOR UPDATE USING (
+--     user_id = firebase_uid()
+--     AND created_time > NOW() - INTERVAL '1 day' -- Only allow editing for 24 hours
+--     AND deleted = FALSE
+-- );
+
+-- Add policy for soft delete
+-- DROP POLICY IF EXISTS "private message delete" ON private_user_messages;
+-- CREATE POLICY "private message delete" ON private_user_messages
+-- FOR UPDATE USING (
+--     user_id = firebase_uid()
+-- );
+
+-- Add policy for reactions
+-- DROP POLICY IF EXISTS "private message react" ON private_user_messages;
+-- CREATE POLICY "private message react" ON private_user_messages
+-- FOR UPDATE USING (
+--     EXISTS (
+--         SELECT 1
+--         FROM private_user_message_channels ch
+--         JOIN private_user_message_channel_members m ON ch.id = m.channel_id
+--         WHERE m.user_id = firebase_uid()
+--         AND ch.id = private_user_messages.channel_id
+--     )
+-- );

common/src/api/schema.ts

@@ -574,6 +574,55 @@ export const API = (_apiTypeCheck = {
     summary: 'Leave a private message channel',
     tag: 'Messages',
   },
+  'edit-message': {
+    method: 'POST',
+    authed: true,
+    rateLimited: true,
+    returns: {} as any,
+    props: z.object({
+      messageId: z.number(),
+      content: contentSchema,
+    }),
+    summary: 'Edit a private message',
+    tag: 'Messages',
+  },
+  'delete-message': {
+    method: 'POST',
+    authed: true,
+    rateLimited: true,
+    returns: {} as any,
+    props: z.object({
+      messageId: z.number(),
+    }),
+    summary: 'Delete a private message',
+    tag: 'Messages',
+  },
+  'react-to-message': {
+    method: 'POST',
+    authed: true,
+    rateLimited: true,
+    returns: {} as any,
+    props: z.object({
+      messageId: z.number(),
+      reaction: z.string(),
+      toDelete: z.boolean().optional(),
+    }),
+    summary: 'Add or remove a reaction to a message',
+    tag: 'Messages',
+  },
+  // 'get-message-reactions': {
+  //   method: 'GET',
+  //   authed: true,
+  //   rateLimited: false,
+  //   returns: {} as {
+  //     reactions: Record<string, number>
+  //   },
+  //   props: z.object({
+  //     messageId: z.string(),
+  //   }),
+  //   summary: 'Get reactions for a message',
+  //   tag: 'Messages',
+  // },
   'create-compatibility-question': {
     method: 'POST',
     authed: true,

common/src/chat-message.ts

@@ -2,12 +2,14 @@ import { type JSONContent } from '@tiptap/core'
 export type ChatVisibility = 'private' | 'system_status' | 'introduction'
 
 export type ChatMessage = {
-  id: string
+  id: number
   userId: string
   channelId: string
   content: JSONContent
   createdTime: number
   visibility: ChatVisibility
+  isEdited: boolean
+  reactions: any
 }
 export type PrivateChatMessage = Omit<ChatMessage, 'id'> & {
   id: number