import { jsonError } from "../../../common.js"; export async function onRequestDelete(context: RequestContext) { const eventId = context.params.id as string; const eventData: | ({ [k: string]: number; } & { created_by: string }) | null = await context.env.D1.prepare( "SELECT created_by, day, month, year FROM events WHERE id = ?;", ) .bind(eventId) .first(); if (!eventData) return jsonError("No event exists with that ID", 404); const { current_user: currentUser } = context.data; const isETM = [1 << 4, 1 << 12].find((int) => currentUser.permissions & int); if (eventData.created_by !== currentUser.id && !isETM) return jsonError("You are not authorized to delete that event", 403); const now = new Date(); now.setUTCHours(0, 0, 0, 0); const eventDate = new Date( eventData.year, eventData.month - 1, eventData.day, ); if (!isETM && now.getTime() <= eventDate.getTime()) return jsonError( "Event cannot be deleted on or after the scheduled date", 403, ); await context.env.D1.prepare("DELETE FROM events WHERE id = ?;") .bind(eventId) .run(); return new Response(null, { status: 204, }); } export async function onRequestPatch(context: RequestContext) { const eventId = context.params.id as string; const { body } = context.data; const eventData: Record | null = await context.env.D1.prepare( "SELECT answer, created_by, day, details, month, year FROM events WHERE id = ?;", ) .bind(eventId) .first(); if (!eventData) return jsonError("No event exists with that ID", 404); const { current_user: currentUser } = context.data; if ( eventData.created_by !== currentUser.id && ![1 << 4, 1 << 12].find((int) => currentUser.permissions & int) ) return jsonError("You are not authorized to modify this event", 403); eventData.answer &&= body.answer; eventData.details &&= body.details; await context.env.D1.prepare( "UPDATE events SET answer = ?, approved = 0, day = ?, details = ?, pending = 1 WHERE id = ?;", ) .bind(eventData.answer, eventData.day, eventData.details, eventId) .run(); await fetch(context.env.EVENTS_WEBHOOK, { body: JSON.stringify({ embeds: [ { title: "Event Modified", color: 3756250, description: `${context.data.current_user.username} updated their ${(eventData.type as string).toUpperCase()} for ${eventData.year}-${eventData.month.toString().padStart(2, "0")}-${eventData.day.toString().padStart(2, "0")}`, }, ], }), headers: { "content-type": "application/json", }, method: "POST", }); return new Response(null, { status: 204, }); } export async function onRequestPost(context: RequestContext) { const eventId = context.params.id as string; const eventData = await context.env.D1.prepare( "SELECT approved, performed_at FROM events WHERE id = ?;", ) .bind(eventId) .first(); if (!eventData) return jsonError("No event exists with that ID", 404); if (!eventData.approved) return jsonError("Cannot perform unapproved event", 403); await context.env.D1.prepare( "UPDATE events SET performed_at = ? WHERE id = ?;", ) .bind(Date.now(), eventId) .run(); return new Response(null, { status: 204, }); }