239392b876
- lib/forum-sanitize.ts: cleanPostHtml con sanitize-html (misma allowlist que forum/sanitize.py de nh3: formato básico + a/img/tablas, rel nofollow, esquemas http/https/mailto). Verificado XSS-safe (script/onclick/javascript: eliminados). - lib/forum-write.ts: createTopic (tema + primer post), createPost (respuesta + updated_at), forumIsPostable / topicIsReplyable. - Routes /api/forum/topic y /api/forum/reply (guard de sesión; identidad = cuenta de juego: poster=username, poster_id=accountId). Componentes NewTopicForm y ReplyForm (clientes). Se muestran solo si hay sesión; el tema cerrado no admite respuesta. Verificado: escritura 401 sin sesión, saneado correcto. Pendiente: editar/borrar, moderación (fijar/cerrar/mover), búsqueda, editor enriquecido. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
58 lines
2.0 KiB
TypeScript
58 lines
2.0 KiB
TypeScript
import type { ResultSetHeader, RowDataPacket } from 'mysql2'
|
|
import { db, DB } from './db'
|
|
import { cleanPostHtml } from './forum-sanitize'
|
|
|
|
export async function createTopic(
|
|
forumId: number,
|
|
name: string,
|
|
poster: string,
|
|
posterId: number,
|
|
text: string,
|
|
): Promise<number> {
|
|
const clean = cleanPostHtml(text)
|
|
const [res] = await db(DB.web).query<ResultSetHeader>(
|
|
'INSERT INTO forum_topics (forum_id, name, poster, poster_id, created, created_at, updated_at, locked, sticky, deleted) ' +
|
|
'VALUES (?, ?, ?, ?, NOW(), NOW(), NOW(), 0, 0, 0)',
|
|
[forumId, name, poster, posterId],
|
|
)
|
|
const topicId = res.insertId
|
|
await db(DB.web).query(
|
|
'INSERT INTO forum_posts (topic_id, poster, poster_id, text, time, created_at, deleted) VALUES (?, ?, ?, ?, NOW(), NOW(), 0)',
|
|
[topicId, poster, posterId, clean],
|
|
)
|
|
return topicId
|
|
}
|
|
|
|
export async function createPost(
|
|
topicId: number,
|
|
poster: string,
|
|
posterId: number,
|
|
text: string,
|
|
): Promise<number> {
|
|
const clean = cleanPostHtml(text)
|
|
const [res] = await db(DB.web).query<ResultSetHeader>(
|
|
'INSERT INTO forum_posts (topic_id, poster, poster_id, text, time, created_at, deleted) VALUES (?, ?, ?, ?, NOW(), NOW(), 0)',
|
|
[topicId, poster, posterId, clean],
|
|
)
|
|
await db(DB.web).query('UPDATE forum_topics SET updated_at = NOW() WHERE id = ?', [topicId])
|
|
return res.insertId
|
|
}
|
|
|
|
/** Comprueba que un foro existe y es visible (para crear tema). */
|
|
export async function forumIsPostable(forumId: number): Promise<boolean> {
|
|
const [rows] = await db(DB.web).query<RowDataPacket[]>(
|
|
'SELECT id FROM forums WHERE id = ? AND visibility = 1 AND deleted = 0',
|
|
[forumId],
|
|
)
|
|
return Boolean(rows[0])
|
|
}
|
|
|
|
/** Comprueba que un tema existe y no está cerrado (para responder). */
|
|
export async function topicIsReplyable(topicId: number): Promise<boolean> {
|
|
const [rows] = await db(DB.web).query<RowDataPacket[]>(
|
|
'SELECT locked FROM forum_topics WHERE id = ? AND deleted = 0',
|
|
[topicId],
|
|
)
|
|
return Boolean(rows[0] && rows[0].locked !== 1)
|
|
}
|