From 82d4a71845b0db6e06aa7e3441ab13d970bbc3a5 Mon Sep 17 00:00:00 2001
From: turt2live <travpc@gmail.com>
Date: Mon, 13 Feb 2017 18:36:58 -0700
Subject: [PATCH] Add API endpoint to delete message. Part of #5

A better view system is probably needed to add the actual button/other header information planned.
---
 config/default.json |  3 ++-
 database.js         | 32 +++++++++++++++++++++++++++-----
 web.js              | 28 ++++++++++++++++++++++++++++
 3 files changed, 57 insertions(+), 6 deletions(-)

diff --git a/config/default.json b/config/default.json
index aa02262..6b0ba5f 100644
--- a/config/default.json
+++ b/config/default.json
@@ -13,7 +13,8 @@
       "allow_from": ["my_personal_email@gmail.com"],
       "deny_from": ["that_guy@gmail.com"],
       "message_format": "$subject: <a href='https://email.t2bot.io/m/$id'>Click to view</a>",
-      "skip_db": false
+      "skip_db": false,
+      "delete_key": "YOUR_SECRET_KEY_HERE"
     }
   },
   "room_defaults": {
diff --git a/database.js b/database.js
index 1c7be7a..60361f0 100644
--- a/database.js
+++ b/database.js
@@ -5,10 +5,24 @@ var db = new sqlite3.Database("db/" + (process.env.NODE_ENV || "development") +
 
 function init() {
     db.serialize(function () {
+        // TODO: Proper migration scripts
         db.run("CREATE TABLE IF NOT EXISTS captured_emails (id TEXT PRIMARY KEY NOT NULL, email_id TEXT NOT NULL, from_email TEXT NOT NULL, from_name TEXT NOT NULL, to_email TEXT NOT NULL, to_name TEXT NOT NULL, subject TEXT NOT NULL, body TEXT NOT NULL, is_html TINYINT NOT NULL, received_timestamp DATETIME)");
+        db.all("PRAGMA table_info(captured_emails)", function (err, rows) {
+            var addTargetRoomCol = true;
+            for (var i = 0; i < rows.length; i++) {
+                var row = rows[i];
+                if (row.name == "target_room") {
+                    addTargetRoomCol = false;
+                    break;
+                }
+            }
+
+            if (addTargetRoomCol)
+                db.run("ALTER TABLE captured_emails ADD COLUMN target_room TEXT NOT NULL DEFAULT 'Unknown'");
+        });
     });
 }
-function prepareMessage(emailId, fromEmail, fromName, toEmail, toName, subject, body, isHtml) {
+function prepareMessage(emailId, fromEmail, fromName, toEmail, toName, subject, body, isHtml, targetRoom) {
     return {
         email_id: emailId,
         from_name: fromName,
@@ -17,14 +31,15 @@ function prepareMessage(emailId, fromEmail, fromName, toEmail, toName, subject,
         to_email: toEmail,
         subject: subject,
         body: body,
-        is_html: isHtml
+        is_html: isHtml,
+        target_room: targetRoom
     };
 }
 
 function writeMessage(message) {
     var id = uuid.v4();
-    db.run("INSERT INTO captured_emails (id, email_id, from_name, from_email, to_name, to_email, subject, body, is_html, received_timestamp) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, CURRENT_TIMESTAMP)",
-        id, message.email_id, message.from_name, message.from_email, message.to_name, message.to_email, message.subject, message.body, message.is_html ? 1 : 0);
+    db.run("INSERT INTO captured_emails (id, email_id, from_name, from_email, to_name, to_email, subject, body, is_html, received_timestamp, target_room) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, CURRENT_TIMESTAMP, ?)",
+        id, message.email_id, message.from_name, message.from_email, message.to_name, message.to_email, message.subject, message.body, message.is_html ? 1 : 0, message.target_room);
     return id;
 }
 
@@ -40,10 +55,17 @@ function hasEmailMessage(emailId, callback) {
     });
 }
 
+function deleteMessage(id, callback) {
+    db.run("DELETE FROM captured_emails WHERE email_id = ?", id, function (err) {
+        callback(err ? false : true);
+    });
+}
+
 module.exports = {
     init: init,
     writeMessage: writeMessage,
     prepareMessage: prepareMessage,
     getMessage: getMessage,
-    hasEmailMessage: hasEmailMessage
+    hasEmailMessage: hasEmailMessage,
+    deleteMessage: deleteMessage
 };
diff --git a/web.js b/web.js
index 7be773a..b1f791b 100644
--- a/web.js
+++ b/web.js
@@ -26,6 +26,34 @@ app.get('/m/:id', function (request, response) {
     });
 });
 
+app.delete('/m/:id', function (request, response) {
+    db.getMessage(request.params.id, function (msg) {
+        if (!msg) {
+            response.status(404);
+            response.json({error: "message not found "});
+        } else {
+            var roomConfig = config.rules[msg.target_room];
+            if (!roomConfig) {
+                response.status(401);
+                response.json({error: "Invalid secret "});
+            } else if (roomConfig.delete_key != request.params.deleteKey) {
+                response.status(401);
+                response.json({error: "Invalid secret "});
+            } else {
+                db.deleteMessage(msg.id, function (success) {
+                    if (success) {
+                        response.status(200);
+                        response.json({message: "Message deleted "});
+                    } else {
+                        response.status(500);
+                        response.json({error: "Internal Server Error"});
+                    }
+                });
+            }
+        }
+    });
+});
+
 function init() {
     app.set("view engine", "pug");
     app.listen(config.get("web.port"), config.get("web.bind_ip"));