Add delete forwarder/file

jacnils · jacnils · commit 9ef12e2615c2 · 2025-06-08T01:54:02.000+02:00
diff --git a/include/ff.hpp b/include/ff.hpp
@@ -399,6 +399,8 @@ namespace ff {
     limhamn::http::server::response handle_api_try_login_endpoint(const limhamn::http::server::request& request, database& db);
     limhamn::http::server::response handle_try_upload_forwarder_endpoint(const limhamn::http::server::request& request, database& db);
     limhamn::http::server::response handle_try_upload_file_endpoint(const limhamn::http::server::request& request, database& db);
+    limhamn::http::server::response handle_api_delete_forwarder_endpoint(const limhamn::http::server::request& request, database& db);
+    limhamn::http::server::response handle_api_delete_file_endpoint(const limhamn::http::server::request& request, database& db);
     limhamn::http::server::response handle_api_get_forwarders_endpoint(const limhamn::http::server::request& request, database& db);
     limhamn::http::server::response handle_api_get_files_endpoint(const limhamn::http::server::request& request, database& db);
     limhamn::http::server::response handle_api_set_approval_for_uploads_endpoint(const limhamn::http::server::request& request, database& db);
diff --git a/js/ff.js b/js/ff.js
@@ -3200,6 +3200,50 @@ function update_stars_for_file(id, stars) {
         });
 }
 
+function delete_forwarder(id) {
+    const json = {
+        forwarder_identifier: id
+    };
+
+    fetch('/api/delete_forwarder', {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+        },
+        body: JSON.stringify(json),
+    })
+        .then(response => {
+            if (response.status === 204) {
+                show_browse();
+            }
+        })
+        .catch((error) => {
+            console.error('Error:', error);
+        });
+}
+
+function delete_file(id) {
+    const json = {
+        file_identifier: id
+    };
+
+    fetch('/api/delete_file', {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+        },
+        body: JSON.stringify(json),
+    })
+        .then(response => {
+            if (response.status === 204) {
+                show_sandbox();
+            }
+        })
+        .catch((error) => {
+            console.error('Error:', error);
+        });
+}
+
 function update_stars_for_forwarder(id, stars) {
     const json = {
         forwarder_identifier: id,
@@ -3722,6 +3766,59 @@ async function draw_article(type, forwarder, id) {
         view_window.appendChild(accept_button);
         view_window.appendChild(reject_button);
     }
+    if (get_cookie('username') === forwarder.uploader || get_cookie('user_type') === '1') {
+        const delete_button = document.createElement('button');
+        delete_button.innerHTML = 'Delete';
+        delete_button.className = 'view_floating_window_delete';
+        delete_button.onclick = () => {
+            play_click();
+
+            const confirmation = create_window('confirmation-window');
+
+            const confirmation_title = document.createElement('h1');
+            confirmation_title.innerHTML = 'Are you sure?';
+            confirmation_title.className = 'confirmation_window_title';
+            confirmation_title.id = 'confirmation-window-title';
+
+            const confirmation_text = document.createElement('p');
+            confirmation_text.innerHTML = 'Are you sure you want to delete this? This action cannot be undone.';
+            confirmation_text.className = 'confirmation_window_text';
+            confirmation_text.id = 'confirmation-window-text';
+
+            const yes_button = document.createElement('button');
+            yes_button.innerHTML = 'Yes';
+            yes_button.className = 'confirmation_window_yes';
+            yes_button.id = 'confirmation-window-yes';
+            yes_button.style.marginRight = '10px';
+            yes_button.onclick = () => {
+                play_click();
+
+                confirmation.remove();
+
+                if (type === Forwarder) {
+                    delete_forwarder(id);
+                } else {
+                    delete_file(id);
+                }
+            }
+
+            const no_button = document.createElement('button');
+            no_button.innerHTML = 'No';
+            no_button.className = 'confirmation_window_no';
+            no_button.id = 'confirmation-window-no';
+            no_button.onclick = () => {
+                play_click();
+                draw_article(type, forwarder, id);
+            }
+
+            confirmation.appendChild(confirmation_title);
+            confirmation.appendChild(confirmation_text);
+            confirmation.appendChild(yes_button);
+            confirmation.appendChild(no_button);
+        }
+
+        view_window.appendChild(delete_button);
+    }
 
     const post_comment = document.createElement('div');
     post_comment.className = 'view_floating_window_post_comment';
diff --git a/src/ff.cpp b/src/ff.cpp
@@ -288,6 +288,8 @@ void ff::start_server() {
                 {"/api/edit_announcement", ff::handle_api_edit_announcement},
                 {"/api/stay_logged_in", ff::handle_api_stay_logged_in},
                 {"/api/try_logout", ff::handle_api_try_logout_endpoint},
+                {"/api/delete_forwarder", ff::handle_api_delete_forwarder_endpoint},
+                {"/api/delete_file", ff::handle_api_delete_file_endpoint},
             };
             const std::unordered_map<std::string, std::function<limhamn::http::server::response(const limhamn::http::server::request&, ff::database&)>> setup_handlers{
                 {virtual_favicon_path, ff::handle_virtual_favicon_endpoint},
diff --git a/src/path_handlers.cpp b/src/path_handlers.cpp
@@ -3083,6 +3083,238 @@ limhamn::http::server::response ff::handle_api_delete_comment_file_endpoint(cons
     return response;
 }
 
+limhamn::http::server::response ff::handle_api_delete_file_endpoint(const limhamn::http::server::request& request, database& db) {
+    limhamn::http::server::response response{};
+    response.content_type = "application/json";
+
+    const auto get_username = [&request]() -> std::string {
+        if (request.session.find("username") != request.session.end()) {
+            return request.session.at("username");
+        }
+
+        try {
+            const auto json = nlohmann::json::parse(request.body);
+            if (json.find("username") != json.end() && json.at("username").is_string()) {
+                return json.at("username").get<std::string>();
+            }
+        } catch (const std::exception&) {
+            // ignore
+        }
+
+        return "";
+    };
+
+    const auto get_key = [&request]() -> std::string {
+        if (request.session.find("key") != request.session.end()) {
+            return request.session.at("key");
+        }
+
+        try {
+            const auto json = nlohmann::json::parse(request.body);
+            if (json.find("key") != json.end() && json.at("key").is_string()) {
+                return json.at("key").get<std::string>();
+            }
+        } catch (const std::exception&) {
+            // ignore
+        }
+
+        return "";
+    };
+
+    const std::string username{get_username()};
+    const std::string key{get_key()};
+
+    if (username.empty() || key.empty()) {
+#ifdef FF_DEBUG
+        logger.write_to_log(limhamn::logger::type::notice, "Username or key is empty.\n");
+#endif
+        nlohmann::json json;
+        json["error_str"] = "Username or key is empty.";
+        json["error"] = "FF_INVALID_CREDENTIALS";
+        response.http_status = 400;
+        response.body = json.dump();
+        return response;
+    }
+
+    if (!ff::verify_key(db, username, key)) {
+#ifdef FF_DEBUG
+        logger.write_to_log(limhamn::logger::type::notice, "Invalid credentials.\n");
+#endif
+        nlohmann::json json;
+        json["error_str"] = "Invalid credentials.";
+        json["error"] = "FF_INVALID_CREDENTIALS";
+        response.http_status = 400;
+        response.body = json.dump();
+        return response;
+    }
+
+    nlohmann::json json;
+    try {
+        json = nlohmann::json::parse(request.body);
+    } catch (const std::exception&) {
+        nlohmann::json ret;
+        ret["error_str"] = "Invalid JSON";
+        ret["error"] = "FF_INVALID_JSON";
+        response.http_status = 400;
+        response.body = ret.dump();
+        return response;
+    }
+
+    if (!json.contains("file_identifier") || !json.at("file_identifier").is_string()) {
+        nlohmann::json ret;
+        ret["error_str"] = "file_identifier is required";
+        ret["error"] = "FF_INVALID_JSON";
+        response.http_status = 400;
+        response.body = ret.dump();
+        return response;
+    }
+
+    const std::string& file_identifier = json.at("file_identifier").get<std::string>();
+
+    nlohmann::json db_json;
+    try {
+        db_json = nlohmann::json::parse(ff::get_json_from_table(db, "sandbox", "identifier", file_identifier));
+        const auto& uploader = db_json.at("uploader").get<std::string>();
+        if (username != uploader && get_user_type(db, username) != ff::UserType::Administrator) {
+            nlohmann::json ret;
+            ret["error_str"] = "You can only delete your own files";
+            ret["error"] = "FF_NOT_AUTHORIZED";
+            response.http_status = 403;
+            response.body = ret.dump();
+            return response;
+        }
+
+        db.exec("DELETE FROM sandbox WHERE identifier = ?", file_identifier);
+    } catch (const std::exception&) {
+        nlohmann::json ret;
+        ret["error_str"] = "File not found";
+        ret["error"] = "FF_FILE_NOT_FOUND";
+        response.http_status = 404;
+        response.body = ret.dump();
+        return response;
+    }
+
+    response.http_status = 204;
+    response.body = "";
+    return response;
+}
+
+limhamn::http::server::response ff::handle_api_delete_forwarder_endpoint(const limhamn::http::server::request& request, database& db) {
+    limhamn::http::server::response response{};
+    response.content_type = "application/json";
+
+    const auto get_username = [&request]() -> std::string {
+        if (request.session.find("username") != request.session.end()) {
+            return request.session.at("username");
+        }
+
+        try {
+            const auto json = nlohmann::json::parse(request.body);
+            if (json.find("username") != json.end() && json.at("username").is_string()) {
+                return json.at("username").get<std::string>();
+            }
+        } catch (const std::exception&) {
+            // ignore
+        }
+
+        return "";
+    };
+
+    const auto get_key = [&request]() -> std::string {
+        if (request.session.find("key") != request.session.end()) {
+            return request.session.at("key");
+        }
+
+        try {
+            const auto json = nlohmann::json::parse(request.body);
+            if (json.find("key") != json.end() && json.at("key").is_string()) {
+                return json.at("key").get<std::string>();
+            }
+        } catch (const std::exception&) {
+            // ignore
+        }
+
+        return "";
+    };
+
+    const std::string username{get_username()};
+    const std::string key{get_key()};
+
+    if (username.empty() || key.empty()) {
+#ifdef FF_DEBUG
+        logger.write_to_log(limhamn::logger::type::notice, "Username or key is empty.\n");
+#endif
+        nlohmann::json json;
+        json["error_str"] = "Username or key is empty.";
+        json["error"] = "FF_INVALID_CREDENTIALS";
+        response.http_status = 400;
+        response.body = json.dump();
+        return response;
+    }
+
+    if (!ff::verify_key(db, username, key)) {
+#ifdef FF_DEBUG
+        logger.write_to_log(limhamn::logger::type::notice, "Invalid credentials.\n");
+#endif
+        nlohmann::json json;
+        json["error_str"] = "Invalid credentials.";
+        json["error"] = "FF_INVALID_CREDENTIALS";
+        response.http_status = 400;
+        response.body = json.dump();
+        return response;
+    }
+
+    nlohmann::json json;
+    try {
+        json = nlohmann::json::parse(request.body);
+    } catch (const std::exception&) {
+        nlohmann::json ret;
+        ret["error_str"] = "Invalid JSON";
+        ret["error"] = "FF_INVALID_JSON";
+        response.http_status = 400;
+        response.body = ret.dump();
+        return response;
+    }
+
+    if (!json.contains("forwarder_identifier") || !json.at("forwarder_identifier").is_string()) {
+        nlohmann::json ret;
+        ret["error_str"] = "forwarder_identifier is required";
+        ret["error"] = "FF_INVALID_JSON";
+        response.http_status = 400;
+        response.body = ret.dump();
+        return response;
+    }
+
+    const std::string& forwarder_identifier = json.at("forwarder_identifier").get<std::string>();
+
+    nlohmann::json db_json;
+    try {
+        db_json = nlohmann::json::parse(ff::get_json_from_table(db, "forwarders", "identifier", forwarder_identifier));
+        const auto& uploader = db_json.at("uploader").get<std::string>();
+        if (username != uploader && get_user_type(db, username) != ff::UserType::Administrator) {
+            nlohmann::json ret;
+            ret["error_str"] = "You can only delete your own files";
+            ret["error"] = "FF_NOT_AUTHORIZED";
+            response.http_status = 403;
+            response.body = ret.dump();
+            return response;
+        }
+
+        db.exec("DELETE FROM forwarders WHERE identifier = ?", forwarder_identifier);
+    } catch (const std::exception&) {
+        nlohmann::json ret;
+        ret["error_str"] = "File not found";
+        ret["error"] = "FF_FILE_NOT_FOUND";
+        response.http_status = 404;
+        response.body = ret.dump();
+        return response;
+    }
+
+    response.http_status = 204;
+    response.body = "";
+    return response;
+}
+
 limhamn::http::server::response ff::handle_api_stay_logged_in(const limhamn::http::server::request& request, database& db) {
     limhamn::http::server::response response{};
 
