diff --git a/src/db-migrate.js b/src/db-migrate.js index a122e77..c0fe75d 100644 --- a/src/db-migrate.js +++ b/src/db-migrate.js @@ -307,6 +307,34 @@ async function migrate() { ) `); + // blocklist + await query(` + CREATE TABLE IF NOT EXISTS blocklist ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + is_blocked BOOLEAN NOT NULL DEFAULT true, + username TEXT, + email TEXT, + phone TEXT, + ip INET, + blocked_at TIMESTAMPTZ, + unblocked_at TIMESTAMPTZ, + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW() + ) + `); + + await query(` + DROP TRIGGER IF EXISTS blocklist_updated_at ON blocklist; + CREATE TRIGGER blocklist_updated_at + BEFORE UPDATE ON blocklist + FOR EACH ROW EXECUTE FUNCTION update_updated_at() + `); + + await query(`CREATE INDEX IF NOT EXISTS blocklist_email_idx ON blocklist (lower(email)) WHERE email IS NOT NULL`); + await query(`CREATE INDEX IF NOT EXISTS blocklist_username_idx ON blocklist (lower(username)) WHERE username IS NOT NULL`); + await query(`CREATE INDEX IF NOT EXISTS blocklist_phone_idx ON blocklist (phone) WHERE phone IS NOT NULL`); + await query(`CREATE INDEX IF NOT EXISTS blocklist_ip_idx ON blocklist (ip) WHERE ip IS NOT NULL`); + console.log('Migration complete'); } diff --git a/src/index.js b/src/index.js index 2960dcd..9321c63 100644 --- a/src/index.js +++ b/src/index.js @@ -31,6 +31,7 @@ app.use('/api/objects', auth, require('./routes/objects')); app.use('/api/pairs', auth, require('./routes/pairs')); app.use('/api/questions', auth, require('./routes/questions')); app.use('/api/statements', auth, require('./routes/statements')); +app.use('/api/blocklist', auth, require('./routes/blocklist')); // 404 app.use((req, res) => { diff --git a/src/routes/blocklist.js b/src/routes/blocklist.js new file mode 100644 index 0000000..46f818c --- /dev/null +++ b/src/routes/blocklist.js @@ -0,0 +1,112 @@ +const router = require('express').Router(); +const { query } = require('../db'); + +// GET /api/blocklist +router.get('/', async (req, res, next) => { + try { + const { is_blocked, limit = 50, offset = 0 } = req.query; + const params = [Math.min(parseInt(limit), 500), parseInt(offset)]; + const where = is_blocked !== undefined ? `WHERE is_blocked = $3` : ''; + if (is_blocked !== undefined) params.push(is_blocked === 'true'); + const result = await query( + `SELECT * FROM blocklist ${where} ORDER BY created_at DESC LIMIT $1 OFFSET $2`, + params + ); + res.json(result.rows); + } catch (err) { next(err); } +}); + +// GET /api/blocklist/:id +router.get('/:id', async (req, res, next) => { + try { + const result = await query('SELECT * FROM blocklist WHERE id = $1', [req.params.id]); + if (!result.rows.length) return res.status(404).json({ error: 'Not found' }); + res.json(result.rows[0]); + } catch (err) { next(err); } +}); + +// POST /api/blocklist/check — Registrierungs-Check +router.post('/check', async (req, res, next) => { + try { + const { username, email, phone, ip } = req.body; + if (!username && !email && !phone && !ip) + return res.status(400).json({ error: 'Provide at least one field to check' }); + + const conditions = []; + const params = []; + if (email) { params.push(email.toLowerCase()); conditions.push(`lower(email) = $${params.length}`); } + if (username) { params.push(username.toLowerCase()); conditions.push(`lower(username) = $${params.length}`); } + if (phone) { params.push(phone); conditions.push(`phone = $${params.length}`); } + if (ip) { params.push(ip); conditions.push(`ip = $${params.length}`); } + + const result = await query( + `SELECT id, is_blocked, username, email, phone, ip FROM blocklist + WHERE is_blocked = true AND (${conditions.join(' OR ')}) + LIMIT 1`, + params + ); + + if (result.rows.length) { + return res.status(403).json({ blocked: true, matched: result.rows[0] }); + } + res.json({ blocked: false }); + } catch (err) { next(err); } +}); + +// POST /api/blocklist — Eintrag anlegen +router.post('/', async (req, res, next) => { + try { + const { username, email, phone, ip } = req.body; + if (!username && !email && !phone && !ip) + return res.status(400).json({ error: 'Provide at least one of: username, email, phone, ip' }); + + const result = await query( + `INSERT INTO blocklist (username, email, phone, ip, blocked_at) + VALUES ($1, $2, $3, $4, NOW()) RETURNING *`, + [username || null, email ? email.toLowerCase() : null, phone || null, ip || null] + ); + res.status(201).json(result.rows[0]); + } catch (err) { next(err); } +}); + +// PATCH /api/blocklist/:id — blockieren / entsperren +router.patch('/:id', async (req, res, next) => { + try { + const allowed = ['is_blocked', 'username', 'email', 'phone', 'ip', 'blocked_at', 'unblocked_at']; + const fields = Object.keys(req.body).filter(k => allowed.includes(k)); + if (!fields.length) return res.status(400).json({ error: 'No valid fields provided' }); + + // Auto-timestamps bei is_blocked Wechsel + if (req.body.is_blocked === true && !req.body.blocked_at) { + fields.push('blocked_at'); + req.body.blocked_at = new Date().toISOString(); + } + if (req.body.is_blocked === false && !req.body.unblocked_at) { + fields.push('unblocked_at'); + req.body.unblocked_at = new Date().toISOString(); + } + + // Email normalisieren + if (req.body.email) req.body.email = req.body.email.toLowerCase(); + + const setClauses = fields.map((f, i) => `${f} = $${i + 1}`).join(', '); + const values = [...fields.map(f => req.body[f]), req.params.id]; + const result = await query( + `UPDATE blocklist SET ${setClauses} WHERE id = $${fields.length + 1} RETURNING *`, + values + ); + if (!result.rows.length) return res.status(404).json({ error: 'Not found' }); + res.json(result.rows[0]); + } catch (err) { next(err); } +}); + +// DELETE /api/blocklist/:id +router.delete('/:id', async (req, res, next) => { + try { + const result = await query('DELETE FROM blocklist WHERE id = $1 RETURNING id', [req.params.id]); + if (!result.rows.length) return res.status(404).json({ error: 'Not found' }); + res.status(204).end(); + } catch (err) { next(err); } +}); + +module.exports = router;