first commit
This commit is contained in:
Vlastislav Svatek
122
api/comments.php
Normal file
122
api/comments.php
Normal file
@@ -0,0 +1,122 @@
|
||||
<?php
|
||||
// ============================================================
|
||||
// api/comments.php
|
||||
//
|
||||
// GET /api/comments?streamer_id=N — načti komentáře (veřejné)
|
||||
// POST /api/comments — přidej komentář
|
||||
// DELETE /api/comments?id=N — smaž komentář (admin)
|
||||
// ============================================================
|
||||
|
||||
require_once __DIR__ . '/db.php';
|
||||
|
||||
cors();
|
||||
|
||||
$method = $_SERVER['REQUEST_METHOD'];
|
||||
|
||||
// ------------------------------------------------------------------
|
||||
// GET — komentáře pro daného streamera
|
||||
// ------------------------------------------------------------------
|
||||
if ($method === 'GET') {
|
||||
$sid = (int)($_GET['streamer_id'] ?? 0);
|
||||
if (!$sid) json_error('Missing streamer_id');
|
||||
|
||||
$rows = db()->prepare("
|
||||
SELECT c.id, c.author, c.body, c.is_admin, c.created_at, c.user_id,
|
||||
u.display_name AS user_display, u.avatar AS user_avatar, u.provider AS user_provider,
|
||||
COALESCE(
|
||||
(SELECT array_agg(rgm.group_id ORDER BY rgm.group_id)
|
||||
FROM rater_group_members rgm WHERE rgm.user_id = c.user_id),
|
||||
ARRAY[]::int[]
|
||||
) AS team_ids
|
||||
FROM comments c
|
||||
LEFT JOIN users u ON u.id = c.user_id
|
||||
WHERE c.streamer_id = :sid
|
||||
ORDER BY c.created_at ASC
|
||||
");
|
||||
$rows->execute([':sid' => $sid]);
|
||||
$rs = $rows->fetchAll();
|
||||
// Postgres returns array as PHP-native array via PDO; ensure shape
|
||||
foreach ($rs as &$r) {
|
||||
if (is_string($r['team_ids'])) {
|
||||
// Fallback: parse "{1,2,3}" string
|
||||
$r['team_ids'] = array_filter(array_map('intval', explode(',', trim($r['team_ids'], '{}'))), fn($x)=>$x>0);
|
||||
}
|
||||
$r['team_ids'] = array_values(array_map('intval', $r['team_ids'] ?? []));
|
||||
}
|
||||
unset($r);
|
||||
json_out($rs);
|
||||
}
|
||||
|
||||
// ------------------------------------------------------------------
|
||||
// POST — přidat komentář
|
||||
// ------------------------------------------------------------------
|
||||
if ($method === 'POST') {
|
||||
start_session();
|
||||
|
||||
$body = body();
|
||||
$sid = (int)($body['streamer_id'] ?? 0);
|
||||
$text = trim($body['body'] ?? '');
|
||||
|
||||
if (!$sid) json_error('Missing streamer_id');
|
||||
if (strlen($text) < 2) json_error('Komentář je příliš krátký');
|
||||
if (strlen($text) > 1000) json_error('Komentář je příliš dlouhý (max 1000 znaků)');
|
||||
|
||||
// Check auth settings
|
||||
$settings_row = db()->query("SELECT key, value FROM settings")->fetchAll();
|
||||
$settings = [];
|
||||
foreach ($settings_row as $r) $settings[$r['key']] = $r['value'];
|
||||
|
||||
$auth_enabled = ($settings['auth_enabled'] ?? 'false') === 'true';
|
||||
$oauth_user = $_SESSION['oauth_user'] ?? null;
|
||||
$is_admin = !empty($_SESSION['is_admin']);
|
||||
|
||||
// If auth required and user not logged in (and not admin)
|
||||
if ($auth_enabled && !$oauth_user && !$is_admin) {
|
||||
json_error('Pro komentování je vyžadováno přihlášení', 401);
|
||||
}
|
||||
|
||||
// Determine author name and user_id
|
||||
if ($oauth_user) {
|
||||
$author = $oauth_user['display_name'];
|
||||
$user_id = $oauth_user['id'];
|
||||
} else {
|
||||
$author = mb_substr(trim($body['author'] ?? 'Anonym'), 0, 50) ?: 'Anonym';
|
||||
$user_id = null;
|
||||
}
|
||||
|
||||
$stmt = db()->prepare("
|
||||
INSERT INTO comments (streamer_id, user_id, author, body, is_admin)
|
||||
VALUES (:sid, :uid, :author, :body, :is_admin)
|
||||
RETURNING id, author, body, is_admin, created_at
|
||||
");
|
||||
$stmt->execute([
|
||||
':sid' => $sid,
|
||||
':uid' => $user_id,
|
||||
':author' => $author,
|
||||
':body' => $text,
|
||||
':is_admin' => $is_admin ? 'true' : 'false',
|
||||
]);
|
||||
$comment = $stmt->fetch();
|
||||
|
||||
// Add user info to response
|
||||
if ($oauth_user) {
|
||||
$comment['user_display'] = $oauth_user['display_name'];
|
||||
$comment['user_avatar'] = $oauth_user['avatar'];
|
||||
$comment['user_provider'] = $oauth_user['provider'];
|
||||
}
|
||||
|
||||
json_out($comment, 201);
|
||||
}
|
||||
|
||||
// ------------------------------------------------------------------
|
||||
// DELETE — smazat komentář (admin only)
|
||||
// ------------------------------------------------------------------
|
||||
if ($method === 'DELETE') {
|
||||
require_admin();
|
||||
$id = (int)($_GET['id'] ?? 0);
|
||||
if (!$id) json_error('Missing id');
|
||||
db()->prepare("DELETE FROM comments WHERE id = :id")->execute([':id' => $id]);
|
||||
json_out(['ok' => true]);
|
||||
}
|
||||
|
||||
json_error('Method not allowed', 405);
|
||||
Reference in New Issue
Block a user