mai
/
posimai-root
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(together): add member auth to GET endpoints, remove comment_count JOIN

This commit is contained in:
posimai 2026-04-18 08:51:16 +09:00
parent 8f41c4736f
commit 1eb94565d5
1 changed files with 47 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
server.js
View File

@ -2481,9 +2481,17 @@ ${excerpt}
} }
}); });
// GET /together/members/:groupId — メンバー一覧 // GET /together/members/:groupId — メンバー一覧 ?u=username
r.get('/together/members/:groupId', async (req, res) => { r.get('/together/members/:groupId', async (req, res) => {
const username = req.query.u;
if (!username) return res.status(400).json({ error: 'u (username) は必須です' });
try { try {
const memberCheck = await pool.query(
'SELECT 1 FROM together_members WHERE group_id=$1 AND username=$2',
[req.params.groupId, username]
);
if (memberCheck.rows.length === 0) return res.status(403).json({ error: 'グループのメンバーではありません' });
const result = await pool.query( const result = await pool.query(
'SELECT username, joined_at FROM together_members WHERE group_id=$1 ORDER BY joined_at', 'SELECT username, joined_at FROM together_members WHERE group_id=$1 ORDER BY joined_at',
[req.params.groupId] [req.params.groupId]
@ -2546,12 +2554,20 @@ ${excerpt}
} }
}); });
// GET /together/feed/:groupId — フィード(リアクション・コメント数付き) // GET /together/feed/:groupId — フィード(リアクション付き)
// ?limit=N&cursor=<ISO timestamp> でカーソルページネーション対応 // ?u=username&limit=N&cursor=<ISO timestamp>
r.get('/together/feed/:groupId', async (req, res) => { r.get('/together/feed/:groupId', async (req, res) => {
const username = req.query.u;
if (!username) return res.status(400).json({ error: 'u (username) は必須です' });
try { try {
const memberCheck = await pool.query(
'SELECT 1 FROM together_members WHERE group_id=$1 AND username=$2',
[req.params.groupId, username]
);
if (memberCheck.rows.length === 0) return res.status(403).json({ error: 'グループのメンバーではありません' });
const limit = Math.min(parseInt(req.query.limit) || 20, 50); const limit = Math.min(parseInt(req.query.limit) || 20, 50);
const cursor = req.query.cursor; // shared_at の ISO タイムスタンプ const cursor = req.query.cursor;
const params = [req.params.groupId]; const params = [req.params.groupId];
let cursorClause = ''; let cursorClause = '';
if (cursor) { if (cursor) {
@ -2564,11 +2580,9 @@ ${excerpt}
COALESCE( COALESCE(
json_agg(DISTINCT jsonb_build_object('username', r.username, 'type', r.type)) json_agg(DISTINCT jsonb_build_object('username', r.username, 'type', r.type))
FILTER (WHERE r.username IS NOT NULL), '[]' FILTER (WHERE r.username IS NOT NULL), '[]'
) AS reactions, ) AS reactions
COUNT(DISTINCT c.id)::int AS comment_count
FROM together_shares s FROM together_shares s
LEFT JOIN together_reactions r ON r.share_id = s.id LEFT JOIN together_reactions r ON r.share_id = s.id
LEFT JOIN together_comments c ON c.share_id = s.id
WHERE s.group_id = $1 ${cursorClause} WHERE s.group_id = $1 ${cursorClause}
GROUP BY s.id GROUP BY s.id
ORDER BY s.shared_at DESC ORDER BY s.shared_at DESC
@ -2585,9 +2599,17 @@ ${excerpt}
} }
}); });
// GET /together/article/:shareId — アーカイブ本文取得 // GET /together/article/:shareId — アーカイブ本文取得 ?u=username
r.get('/together/article/:shareId', async (req, res) => { r.get('/together/article/:shareId', async (req, res) => {
const username = req.query.u;
if (!username) return res.status(400).json({ error: 'u (username) は必須です' });
try { try {
const memberCheck = await pool.query(
'SELECT 1 FROM together_members m JOIN together_shares s ON s.group_id=m.group_id WHERE s.id=$1 AND m.username=$2',
[req.params.shareId, username]
);
if (memberCheck.rows.length === 0) return res.status(403).json({ error: 'グループのメンバーではありません' });
const result = await pool.query( const result = await pool.query(
'SELECT id, title, url, full_content, summary, archive_status, shared_at FROM together_shares WHERE id=$1', 'SELECT id, title, url, full_content, summary, archive_status, shared_at FROM together_shares WHERE id=$1',
[req.params.shareId] [req.params.shareId]
@ -2635,9 +2657,17 @@ ${excerpt}
} }
}); });
// GET /together/comments/:shareId — コメント一覧 // GET /together/comments/:shareId — コメント一覧 ?u=username
r.get('/together/comments/:shareId', async (req, res) => { r.get('/together/comments/:shareId', async (req, res) => {
const username = req.query.u;
if (!username) return res.status(400).json({ error: 'u (username) は必須です' });
try { try {
const memberCheck = await pool.query(
'SELECT 1 FROM together_members m JOIN together_shares s ON s.group_id=m.group_id WHERE s.id=$1 AND m.username=$2',
[req.params.shareId, username]
);
if (memberCheck.rows.length === 0) return res.status(403).json({ error: 'グループのメンバーではありません' });
const result = await pool.query( const result = await pool.query(
'SELECT * FROM together_comments WHERE share_id=$1 ORDER BY created_at', 'SELECT * FROM together_comments WHERE share_id=$1 ORDER BY created_at',
[req.params.shareId] [req.params.shareId]
@ -2673,9 +2703,15 @@ ${excerpt}
} }
}); });
// GET /together/search/:groupId — キーワード / タグ検索 // GET /together/search/:groupId — キーワード / タグ検索 ?u=username
r.get('/together/search/:groupId', async (req, res) => { r.get('/together/search/:groupId', async (req, res) => {
const { q = '', tag = '' } = req.query; const { q = '', tag = '', u: username = '' } = req.query;
if (!username) return res.status(400).json({ error: 'u (username) は必須です' });
const memberOk = await pool.query(
'SELECT 1 FROM together_members WHERE group_id=$1 AND username=$2',
[req.params.groupId, username]
).then(r => r.rows.length > 0).catch(() => false);
if (!memberOk) return res.status(403).json({ error: 'グループのメンバーではありません' });
if (!q && !tag) return res.status(400).json({ error: 'q または tag が必要です' }); if (!q && !tag) return res.status(400).json({ error: 'q または tag が必要です' });
try { try {
const keyword = q ? `%${q}%` : ''; const keyword = q ? `%${q}%` : '';