From 34c3e3cd3d195367d5ca74a04cfe2c364ce9b39e Mon Sep 17 00:00:00 2001
From: niansa <anton-sa@web.de>
Date: Mon, 11 Jan 2021 20:53:05 +0100
Subject: [PATCH] Added a few buttons and slt

---
 bots.sql             |  6 ++-
 controllers/views.cc | 95 ++++++++++++++++++++++++++------------------
 views/botdetail.csp  | 24 +++++++----
 3 files changed, 77 insertions(+), 48 deletions(-)

diff --git a/bots.sql b/bots.sql
index cb13120..bc8481f 100644
--- a/bots.sql
+++ b/bots.sql
@@ -35,7 +35,8 @@ CREATE TABLE public.bots (
     owner_id text,
     app_id text,
     votes integer,
-    approved boolean
+    approved boolean,
+    CONSTRAINT can_vote_check CHECK ((((votes > 0) AND approved) OR (votes < 1)))
 );
 
 
@@ -47,7 +48,8 @@ ALTER TABLE public.bots OWNER TO nils;
 
 COPY public.bots (name, short_description, long_description, avatar_url, owner, support_server, prefix, owner_id, app_id, votes, approved) FROM stdin;
 DFB	This Bot is for the Server DFB	This bot was created for our Discordlist for Bots Server	https://cdn.discordapp.com/avatars/795612465130897420/c3bd0733f876a664b4b79ec03866f131.png	Julius#1755	42vDtZxZSt	dfb?	703944517048598568	795612465130897420	3744	t
-Tuxiflux	A fun but simple bot with globalchat	Tuxiflux is a funny, useful and intuitive bot for server moderation and play with in-bot money.	https://cdn.discordapp.com/embed/avatars/2.png	Tuxifan#4660	6smrmKkjP7	t#	609486822715818000	788310535799308288	7	t
+Tuxiflux	A fun but simple bot with globalchat	Tuxiflux is a funny, useful and intuitive bot for server moderation and play with in-bot money.	https://cdn.discordapp.com/embed/avatars/2.png	Tuxifan#4660	6smrmKkjP7	t#	609486822715818000	788310535799308288	9	t
+MEE6	szreszxer	eszxertgszx	https://cdn.discordapp.com/avatars/159985870458322944/b50adff099924dd5e6b72d13f77eb9d7.png	Tuxifan#4660	erdsxzt	redsxz	609486822715818000	159985870458322944	0	f
 \.
 
 
diff --git a/controllers/views.cc b/controllers/views.cc
index 9a3d4ed..56b3f45 100644
--- a/controllers/views.cc
+++ b/controllers/views.cc
@@ -15,7 +15,7 @@ static unordered_map <std::string, trantor::Date> last_votes;
 #define authenticate(cb) cb(HttpResponse::newRedirectionResponse(OAUTH_URL)); return
 #define toStart(cb) cb(HttpResponse::newRedirectionResponse("/")); return
 #define voteID(uid, bid) std::to_string(uid)+'-'+std::to_string(bid)
-#define cantVote(vid) auto _cantvoteres = last_votes.find(vid); auto now = trantor::Date::date(); if (_cantvoteres != last_votes.end() and now < _cantvoteres->second.after(43200))
+#define cantVote(vid, ...) {auto _cantvoteres = last_votes.find(vid); auto now = trantor::Date::date(); if (_cantvoteres != last_votes.end() and now < _cantvoteres->second.after(43200)) __VA_ARGS__}
 
 
 
@@ -47,6 +47,19 @@ std::string dbEsc(const std::string& src) {
     }
     return fres.str();
 }
+std::string htmlEsc(const std::string& src) {
+    std::ostringstream fres;
+    for (const auto &character : src) {
+        switch (character) {
+            case '<': fres << "&lt;"; break;
+            case '>': fres << "&gt;"; break;
+            case '&': fres << "&amp;"; break;
+            case '"': fres << "&quot;"; break;
+            default:  fres << character;
+        }
+    }
+    return fres.str();
+}
 
 auto errPage(const std::exception& e) {
     HttpViewData data;
@@ -146,15 +159,18 @@ void views::botdetail(
             callback(HttpResponse::newNotFoundResponse());
         } else {
             // Bot found
+            auto session = req->session();
             auto bot = deserializeBot(rows[0]);
             HttpViewData data;
+            data.insert("modView", false);
             data.insert("bot_id", bot.app_id);
             data.insert("bot", bot);
-            {cantVote(voteID(req->session()->get<uint64_t>("discord_user_id"), bot_id)) {
+            data.insert("owner", session->isAuthed() and session->get<uint64_t>("discord_user_id") == bot.owner_id);
+            cantVote(voteID(req->session()->get<uint64_t>("discord_user_id"), bot_id), {
                 data.insert("canVote", false);
             } else {
-                data.insert("canVote", true);
-            }}
+                data.insert("canVote", bot.approved);
+            })
 
             callback(HttpResponse::newHttpViewResponse("botdetail.csp", data));
         }
@@ -167,10 +183,10 @@ void views::botvote(const HttpRequestPtr& req, std::function<void (const HttpRes
     // Check if user is able to vote again
     auto user_id = session->get<uint64_t>("discord_user_id");
     auto vote_id = voteID(user_id, bot_id);
-    {cantVote(vote_id) {
+    cantVote(vote_id, {
         callback(HttpResponse::newRedirectionResponse("detail"));
         return;
-    }}
+    })
     // Register vote
     db->execSqlAsync("UPDATE bots SET votes = votes + 1 WHERE app_id = '"+std::to_string(bot_id)+"'",
                      [vote_id, callback] (const orm::Result &rows) {
@@ -182,7 +198,9 @@ void views::botvote(const HttpRequestPtr& req, std::function<void (const HttpRes
             // Redirect back
             callback(HttpResponse::newRedirectionResponse("detail"));
         }
-    }, dbErr);
+    }, [callback] (const orm::DrogonDbException &) {
+        callback(HttpResponse::newNotFoundResponse());
+    });
 }
 
 void views::botregister_view(const HttpRequestPtr& req, std::function<void (const HttpResponsePtr &)> &&callback,
@@ -198,44 +216,45 @@ void views::botregister_view(const HttpRequestPtr& req, std::function<void (cons
 void views::botregister_submit(const HttpRequestPtr& req, std::function<void (const HttpResponsePtr &)> &&callback
                                ) {
     auto session = req->session();
-    // Get and check parameters
+    // Set error handler
     auto onError = [callback] (const std::string& e) {
        callback(HttpResponse::newRedirectionResponse("register?error="+e));
     };
+    // Get and check parameters
+    string short_description, long_description, support_server, prefix;
+    uint64_t app_id;
     try {
-        auto app_id = std::stoul(req->getParameter("app_id"));
-        auto short_description = req->getParameter("short_description");
-        auto long_description = req->getParameter("long_description");
-        auto support_server = req->getParameter("support_server");
-        auto prefix = req->getParameter("prefix");
-        // Check if bot already exists
-        db->execSqlAsync("select 1 from bots where app_id ='"+std::to_string(app_id)+"'",
-                         [=] (const orm::Result &r) {
-            if (not r.empty()) {
-                onError("Bot%20has%20already%20been%20registered");
-                return;
-            }
-            // Get bots avatar
-            getUser(app_id, [=] (const Json::Value& botuser) {
-                // Check result
-                if (botuser.empty() or not botuser["bot"].asBool()) {
-                    onError("Invalid%20client%20ID");
-                    return;
-                }
-                // Perform database operation
-                db->execSqlAsync(fmt::format("INSERT INTO bots (name, short_description, long_description, avatar_url, owner, support_server, prefix, owner_id, app_id, votes, approved) "
-                                             "VALUES('{}', '{}', '{}', '{}', '{}', '{}', '{}', '{}', '{}', 0, 'f')",
-                                 dbEsc(botuser["username"].asString()), dbEsc(short_description), dbEsc(long_description), dbEsc(botuser["avatar_url"].asString()), session->get<std::string>("discord_user_fullname"), dbEsc(support_server), dbEsc(prefix), session->get<uint64_t>("discord_user_id"), app_id),
-                                 [app_id, callback] (const orm::Result &) {
-                    callback(HttpResponse::newRedirectionResponse(std::to_string(app_id)+"/detail"));
-                }, [onError] (const orm::DrogonDbException &e) {
-                    onError(e.base().what());
-                });
-            });
-        }, dbErr);
+        app_id = std::stoul(req->getParameter("app_id"));
+        short_description = htmlEsc(req->getParameter("short_description"));
+        long_description = htmlEsc(req->getParameter("long_description"));
+        support_server = htmlEsc(req->getParameter("support_server"));
+        prefix = htmlEsc(req->getParameter("prefix"));
     } catch (std::exception& e) {
         onError(e.what());
     }
+    // Check if bot already exists
+    db->execSqlAsync("select 1 from bots where app_id ='"+std::to_string(app_id)+"'",
+                     [=] (const orm::Result &r) {
+        if (not r.empty()) {
+            onError("Bot%20has%20already%20been%20registered");
+            return;
+        }
+        // Get bots avatar
+        getUser(app_id, [=] (const Json::Value& botuser) {
+            // Check result
+            if (botuser.empty() or not botuser["bot"].asBool()) {
+                onError("Invalid%20client%20ID");
+                return;
+            }
+            // Perform database operation
+            db->execSqlAsync(fmt::format("INSERT INTO bots (name, short_description, long_description, avatar_url, owner, support_server, prefix, owner_id, app_id, votes, approved) "
+                                         "VALUES('{}', '{}', '{}', '{}', '{}', '{}', '{}', '{}', '{}', 0, 'f')",
+                             dbEsc(botuser["username"].asString()), dbEsc(short_description), dbEsc(long_description), dbEsc(botuser["avatar_url"].asString()), session->get<std::string>("discord_user_fullname"), dbEsc(support_server), dbEsc(prefix), session->get<uint64_t>("discord_user_id"), app_id),
+                             [app_id, callback] (const orm::Result &) {
+                callback(HttpResponse::newRedirectionResponse(std::to_string(app_id)+"/detail"));
+            }, dbErr);
+        });
+    }, dbErr);
 }
 
 void views::discorddeauth(
diff --git a/views/botdetail.csp b/views/botdetail.csp
index 72d11a3..fc0d3a0 100644
--- a/views/botdetail.csp
+++ b/views/botdetail.csp
@@ -2,6 +2,8 @@
 <%c++ auto bot_id = @@.get<uint64_t>("bot_id");%>
 <%c++ auto bot = @@.get<Bot>("bot");%>
 <%c++ auto canVote = @@.get<bool>("canVote");%>
+<%c++ auto owner = @@.get<bool>("owner");%>
+<%c++ auto modView = @@.get<bool>("modView");%>
 
 
 <!DOCTYPE html>
@@ -23,11 +25,21 @@
       <div class="bot-text text text-center title">
         {%bot.name%}
       </div>
-      <div class="actionsWrapper">
-        <div class="actions">
-          <a class="special-button" href="https://discord.com/oauth2/authorize?client_id={%bot_id%}&permissions=8&scope=applications.commands%20bot">Invite</a>
-          <a class="special-button" {%(canVote?"href='vote'":"href='#' style='color:grey;'")%}>Vote</a>
+      <%c++ if (owner or modView) {%>
+        <div class="actionsWrapper actions">
+          <a class="special-button" href="edit" style="background-color:yellow;color:black;">Edit</a>
+          <a class="special-button" href="delete" style="background-color:red;color:black;">Delete</a>
         </div>
+        <%c++ if (modView) {%>
+          <div class="actionsWrapper actions">
+            <a class="special-button" href="approve" style="background-color:green;color:white;">Approve</a>
+            <a class="special-button" href="decline" style="background-color:black;color:white;">Decline</a>
+          </div>
+        <%c++ }%>
+      <%c++ }%>
+      <div class="actionsWrapper actions">
+        <a class="special-button" href="https://discord.com/oauth2/authorize?client_id={%bot_id%}&permissions=8&scope=applications.commands%20bot">Invite</a>
+        <a class="special-button" {%(canVote?"href='vote'":"style='color:grey;'")%}>Vote <b>{%bot.votes%}</b></a>
       </div>
     </div>
     <hr>
@@ -48,10 +60,6 @@
           <td class="overview-key">Owner</td>
           <td class="overview-value">{%bot.owner%}</td>
         </tr>
-        <tr>
-          <td class="overview-key">Votes</td>
-          <td class="overview-value">{%bot.votes%}</td>
-        </tr>
       </table>
       <br>
       <a class="special-button" style="margin:0px;" href="https://discord.gg/{%bot.support_server%}">Support Server</a>