123 lines
4.4 KiB
PHP
123 lines
4.4 KiB
PHP
<?php
|
|
// ============================================================
|
|
// api/comments.php
|
|
//
|
|
// GET /api/comments?streamer_id=N — načti komentáře (veřejné)
|
|
// POST /api/comments — přidej komentář
|
|
// DELETE /api/comments?id=N — smaž komentář (admin)
|
|
// ============================================================
|
|
|
|
require_once __DIR__ . '/db.php';
|
|
|
|
cors();
|
|
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
|
|
// ------------------------------------------------------------------
|
|
// GET — komentáře pro daného streamera
|
|
// ------------------------------------------------------------------
|
|
if ($method === 'GET') {
|
|
$sid = (int)($_GET['streamer_id'] ?? 0);
|
|
if (!$sid) json_error('Missing streamer_id');
|
|
|
|
$rows = db()->prepare("
|
|
SELECT c.id, c.author, c.body, c.is_admin, c.created_at, c.user_id,
|
|
u.display_name AS user_display, u.avatar AS user_avatar, u.provider AS user_provider,
|
|
COALESCE(
|
|
(SELECT array_agg(rgm.group_id ORDER BY rgm.group_id)
|
|
FROM rater_group_members rgm WHERE rgm.user_id = c.user_id),
|
|
ARRAY[]::int[]
|
|
) AS team_ids
|
|
FROM comments c
|
|
LEFT JOIN users u ON u.id = c.user_id
|
|
WHERE c.streamer_id = :sid
|
|
ORDER BY c.created_at ASC
|
|
");
|
|
$rows->execute([':sid' => $sid]);
|
|
$rs = $rows->fetchAll();
|
|
// Postgres returns array as PHP-native array via PDO; ensure shape
|
|
foreach ($rs as &$r) {
|
|
if (is_string($r['team_ids'])) {
|
|
// Fallback: parse "{1,2,3}" string
|
|
$r['team_ids'] = array_filter(array_map('intval', explode(',', trim($r['team_ids'], '{}'))), fn($x)=>$x>0);
|
|
}
|
|
$r['team_ids'] = array_values(array_map('intval', $r['team_ids'] ?? []));
|
|
}
|
|
unset($r);
|
|
json_out($rs);
|
|
}
|
|
|
|
// ------------------------------------------------------------------
|
|
// POST — přidat komentář
|
|
// ------------------------------------------------------------------
|
|
if ($method === 'POST') {
|
|
start_session();
|
|
|
|
$body = body();
|
|
$sid = (int)($body['streamer_id'] ?? 0);
|
|
$text = trim($body['body'] ?? '');
|
|
|
|
if (!$sid) json_error('Missing streamer_id');
|
|
if (strlen($text) < 2) json_error('Komentář je příliš krátký');
|
|
if (strlen($text) > 1000) json_error('Komentář je příliš dlouhý (max 1000 znaků)');
|
|
|
|
// Check auth settings
|
|
$settings_row = db()->query("SELECT key, value FROM settings")->fetchAll();
|
|
$settings = [];
|
|
foreach ($settings_row as $r) $settings[$r['key']] = $r['value'];
|
|
|
|
$auth_enabled = ($settings['auth_enabled'] ?? 'false') === 'true';
|
|
$oauth_user = $_SESSION['oauth_user'] ?? null;
|
|
$is_admin = !empty($_SESSION['is_admin']);
|
|
|
|
// If auth required and user not logged in (and not admin)
|
|
if ($auth_enabled && !$oauth_user && !$is_admin) {
|
|
json_error('Pro komentování je vyžadováno přihlášení', 401);
|
|
}
|
|
|
|
// Determine author name and user_id
|
|
if ($oauth_user) {
|
|
$author = $oauth_user['display_name'];
|
|
$user_id = $oauth_user['id'];
|
|
} else {
|
|
$author = mb_substr(trim($body['author'] ?? 'Anonym'), 0, 50) ?: 'Anonym';
|
|
$user_id = null;
|
|
}
|
|
|
|
$stmt = db()->prepare("
|
|
INSERT INTO comments (streamer_id, user_id, author, body, is_admin)
|
|
VALUES (:sid, :uid, :author, :body, :is_admin)
|
|
RETURNING id, author, body, is_admin, created_at
|
|
");
|
|
$stmt->execute([
|
|
':sid' => $sid,
|
|
':uid' => $user_id,
|
|
':author' => $author,
|
|
':body' => $text,
|
|
':is_admin' => $is_admin ? 'true' : 'false',
|
|
]);
|
|
$comment = $stmt->fetch();
|
|
|
|
// Add user info to response
|
|
if ($oauth_user) {
|
|
$comment['user_display'] = $oauth_user['display_name'];
|
|
$comment['user_avatar'] = $oauth_user['avatar'];
|
|
$comment['user_provider'] = $oauth_user['provider'];
|
|
}
|
|
|
|
json_out($comment, 201);
|
|
}
|
|
|
|
// ------------------------------------------------------------------
|
|
// DELETE — smazat komentář (admin only)
|
|
// ------------------------------------------------------------------
|
|
if ($method === 'DELETE') {
|
|
require_admin();
|
|
$id = (int)($_GET['id'] ?? 0);
|
|
if (!$id) json_error('Missing id');
|
|
db()->prepare("DELETE FROM comments WHERE id = :id")->execute([':id' => $id]);
|
|
json_out(['ok' => true]);
|
|
}
|
|
|
|
json_error('Method not allowed', 405);
|