jmb/48hr.email
1
0
Fork 0
mirror of https://github.com/Crazyco-xyz/48hr.email.git synced 2026-01-09 11:19:36 +01:00
Code Issues Projects Releases Packages Wiki Activity
48hr.email/infrastructure/web/api/routes/locks.js

137 lines
No EOL
4.8 KiB
JavaScript
Raw Blame History

const express = require('express')
const router = express.Router()
const { body, validationResult } = require('express-validator')
const createAuthenticator = require('../middleware/authenticator')
/**
* Inbox Lock Management API Routes
* GET / - List user's locked inboxes
* POST / - Lock an inbox
* DELETE /:address - Unlock/release inbox
* GET /:address/status - Check if inbox is locked
*/
function createLocksRouter(dependencies) {
const { inboxLock, userRepository, apiTokenRepository, config } = dependencies
// Inbox locking is always enabled if authentication is enabled
if (!inboxLock || !config.user.authEnabled) {
router.all('*', (req, res) => {
res.apiError('Authentication is required for inbox locking', 'AUTH_REQUIRED', 401)
})
return router
}
const { requireAuth, optionalAuth } = createAuthenticator(userRepository)
/**
* GET / - List user's locked inboxes
*/
router.get('/', requireAuth, async(req, res, next) => {
try {
const userId = req.user.id;
const locks = inboxLock.getUserLockedInboxes(userId);
const templateContext = { userId, config: { maxLockedInboxes: config.user.maxLockedInboxes } };
res.apiList(locks, null, 200, templateContext);
} catch (error) {
next(error);
}
})
/**
* POST / - Lock an inbox
*/
router.post('/',
requireAuth,
body('address').isEmail().normalizeEmail(),
body('password').optional().isString(),
async(req, res, next) => {
try {
const errors = validationResult(req)
if (!errors.isEmpty()) {
return res.apiError('Invalid email address', 'VALIDATION_ERROR', 400, { userId: req.user.id })
}
const { address } = req.body
const userId = req.user.id
// Check if user can lock more inboxes
if (!inboxLock.canLockMore(userId)) {
return res.apiError(
`Maximum ${config.user.maxLockedInboxes} locked inboxes allowed`,
'MAX_LOCKS_REACHED',
400, { userId, config: { maxLockedInboxes: config.user.maxLockedInboxes } }
)
}
// Check if inbox is already locked
if (inboxLock.isLocked(address)) {
const isOwner = inboxLock.isOwner(address, userId)
if (isOwner) {
return res.apiError('You already own this lock', 'ALREADY_LOCKED', 400, { userId })
}
return res.apiError('Inbox is locked by another user', 'LOCKED_BY_OTHER', 403)
return res.apiError('Inbox is locked by another user', 'LOCKED_BY_OTHER', 403, { userId })
}
// Lock inbox
inboxLock.lock(userId, address, '')
res.apiSuccess({
message: 'Inbox locked successfully',
address: address
}, 201, { userId, address })
} catch (error) {
next(error)
}
}
)
/**
* DELETE /:address - Unlock/release inbox
*/
router.delete('/:address', requireAuth, async(req, res, next) => {
try {
const address = req.params.address.toLowerCase()
const userId = req.user.id
// Check if user owns this lock
if (!inboxLock.isOwner(address, userId)) {
return res.apiError('Lock not found or unauthorized', 'NOT_FOUND', 404, { userId, address })
}
// Release lock
inboxLock.release(userId, address)
res.apiSuccess({ message: 'Inbox unlocked successfully' }, 200, { userId, address })
} catch (error) {
next(error)
}
})
/**
* GET /:address/status - Check if inbox is locked
*/
router.get('/:address/status', optionalAuth, async(req, res, next) => {
try {
const address = req.params.address.toLowerCase();
const isLocked = inboxLock.isLocked(address);
const templateContext = { address, isLocked };
const response = {
address: address,
locked: isLocked
};
// If user is authenticated, check if they own the lock
if (req.user && isLocked) {
response.ownedByYou = inboxLock.isOwner(address, req.user.id);
templateContext.ownedByYou = response.ownedByYou;
}
res.apiSuccess(response, 200, templateContext);
} catch (error) {
next(error)
}
})
return router
}
module.exports = createLocksRouter
Reference in a new issue View git blame Copy permalink