habitica/website/server/controllers/api-v3/inbox.js

import { authWithHeaders } from '../../middlewares/auth';
import * as inboxLib from '../../libs/inbox';
import { sanitizeText as sanitizeMessageText } from '../../models/message';
import highlightMentions from '../../libs/highlightMentions';
import { model as User } from '../../models/user';
import { NotAuthorized, NotFound } from '../../libs/errors';
import { sentMessage } from '../../libs/inbox';

const api = {};

/* NOTE most inbox routes are either in the user or members controller */

/**
 * @api {get} /api/v3/inbox/messages Get inbox messages for a user
 * @apiName GetInboxMessages
 * @apiGroup Inbox
 * @apiDescription Get inbox messages for a user
 *
 * @apiParam (Query) {Number} page Load the messages of the selected Page - 10 Messages per Page
 * @apiParam (Query) {GUID} conversation Loads only the messages of a conversation
 *
 * @apiSuccess {Array} data An array of inbox messages
 */
api.getInboxMessages = {
  method: 'GET',
  url: '/inbox/messages',
  middlewares: [authWithHeaders({ userFieldsToInclude: ['profile', 'contributor', 'backer', 'inbox'] })],
  async handler (req, res) {
    const { user } = res.locals;
    const { page } = req.query;
    const { conversation } = req.query;

    const userInbox = await inboxLib.getUserInbox(user, {
      page, conversation,
    });

    res.respond(200, userInbox);
  },
};

/**
 * @api {post} /api/v3/members/send-private-message Send a private message to a member
 * @apiName SendPrivateMessage
 * @apiGroup Member
 *
 * @apiParam (Body) {String} message The message
 * @apiParam (Body) {UUID} toUserId The id of the user to contact
 *
 * @apiSuccess {Object} data.message The message just sent
 *
 * @apiUse UserNotFound
 */
api.sendPrivateMessage = {
  method: 'POST',
  url: '/members/send-private-message',
  middlewares: [authWithHeaders()],
  async handler (req, res) {
    req.checkBody('message', res.t('messageRequired')).notEmpty();
    req.checkBody('toUserId', res.t('toUserIDRequired')).notEmpty().isUUID();

    const validationErrors = req.validationErrors();
    if (validationErrors) throw validationErrors;

    const sender = res.locals.user;
    const sanitizedMessageText = sanitizeMessageText(req.body.message);
    const message = (await highlightMentions(sanitizedMessageText))[0];

    const receiver = await User.findById(req.body.toUserId).exec();
    if (!receiver) throw new NotFound(res.t('userNotFound'));
    if (!receiver.flags.verifiedUsername) delete receiver.auth.local.username;

    const objections = sender.getObjectionsToInteraction('send-private-message', receiver);
    if (objections.length > 0 && !sender.hasPermission('moderator')) throw new NotAuthorized(res.t(objections[0]));

    const messageSent = await sentMessage(sender, receiver, message, res.t);

    res.respond(200, { message: messageSent });
  },
};

export default api;
New inbox client (#10644) * new inbox client * add tests for sendPrivateMessage returning the message * update DELETE user message tests * port v3 GET-inbox_messages * use v4 delete message route * sendPrivateMessage: return sent message * fix 2018-08-30 19:50:03 +00:00			`import { authWithHeaders } from '../../middlewares/auth';`
Move inbox to its own model (#10428) * shared model for chat and inbox * disable inbox schema * inbox: use separate model * remove old code that used group.chat * add back chat field (not used) and remove old tests * remove inbox exclusions when loading user * add GET /api/v3/inbox/messages * add comment * implement DELETE /inbox/messages/:messageid in v4 * implement GET /inbox/messages in v4 and update tests * implement DELETE /api/v4/inbox/clear * fix url * fix doc * update /export/inbox.html * update other data exports * add back messages in user schema * add user.toJSONWithInbox * add compativility until migration is done * more compatibility * fix tojson called twice * add compatibility methods * fix common tests * fix v4 integration tests * v3 get user -> with inbox * start to fix tests * fix v3 integration tests * wip * wip, client use new route * update tests for members/send-private-message * tests for get user in v4 * add tests for DELETE /inbox/messages/:messageId * add tests for DELETE /inbox/clear in v4 * update docs * fix tests * initial migration * fix migration * fix migration * migration fixes * migrate api.enterCouponCode * migrate api.castSpell * migrate reset, reroll, rebirth * add routes to v4 version * fix tests * fixes * api.updateUser * remove .only * get user -> userLib * refactor inbox.vue to work with new data model * fix return message when messaging yourself * wip fix bug with new conversation * wip * fix remaining ui issues * move api.registerLocal, fixes * keep only v3 version of GET /inbox/messages 2018-09-21 13:12:20 +00:00			`import * as inboxLib from '../../libs/inbox';`
combined messages restyling - next round (#15386) * split component prepare new views / states * extract empty and disabled state as components * fix empty state mail icon * first logic switching between modes, move page to /private-messages/index.vue * extract autoCompleteHelper.js * style header + start new message input * style plus button + focus input * state logic, types for sanity * WIP PM new Message started * add /members/username test * first design changes to messageCard * delete private message or chat - based on the mode * copy as todo * mention links to modal * report chat or private message * WIP likeButton * likeButton styling * hide like on private message cards * fix unit test * replace copy as todo - to just a copy to clipboard * style changes * menu position + like button width * dropdown items background + like font * fix like button padding * move api endpoints and tests around to group inbox methods + like for inbox private messages * restyle system messages * Dropdown Radius and Padding * WIP system messages * fix lint * copy delta commit of allowing liking own private messages * enable liking private messages * fix menu non hovered item icon color * fix import path * ignore background on system messages * requested changes + migration * update migration to update the unique id to some messages and delete the duplicates * migration based on users pagination * fix(migration): use Promise.all * change to bulkWrites per User, and all messages in one run (of a user) * check for array * use rest operator ... * skip sorting to get the users * remove migration, disable like for private messages without uniqueMessageId * lean+bulkWrite for likes, add time checks for like and auth for further debugging * add a limit 2 get the messages by uniqueId * Adding a simple server start script * remove pinned nodemon dep * fix inbox controller/tests * fix / requested style changes * fix empty state padding / * hide avatar weapons on messages - fix avatar spacing on messages * Hourglass Simplification (#15323) * begin removing obsolete tests * begin refactoring * update cron tests * cleanup * finish basic implementation of new logic * add more subscription tests * subscription test improvements * return nextHourglassDate again * fix gem limit * fix(test): short circuit this. * fix(admin): correct logic and style for shrimple subs * WIP(frontend): draft of main subs page view * fix hourglass count * Fix hourglass logic for upgrades * fix admin panel display * WIP(subs): extant Stripe state * fix admin panel strings * fix missing transaction type * add new field for cumulative subscription count * show date for hourglass bonus if it was received * fix test * feat(subscription): max Gems progress readout * fix(css): correct and refactor heights and selection states * fix(subs): correct border-radius and redirect * fix(stripe): correct redirect after success * Admin panel display fixes * don’t give additional HG for new sub if they already got one this month * fix issue with promo hourglasses * fix(subscription): update layout when gifting * fix(subscriptions): more gift layout revisions * fix(subscriptions): minor visual updates * fix(subs): pass autoRenews through Stripe * fix(subs): gifts DON't renew * fix(lint): unnecessary ternary * fix(lint): do negate object ig * fix(subs): try again on gifts * fix(subs): unhovery and un-12-monthy * fix bug with incorrectly giving HG bonus * remove only * fix test * fix test * fix(subs): also redirect to subs after gift sub * fix(subs): fix typeError * fix(g1g1): don't try to find Gems promo during bogo --------- Co-authored-by: Phillip Thelen <phillip@habitica.com> Co-authored-by: Kalista Payne <sabe@habitica.com> * chore(sprites): update subproject * fix(layout): tighten cancellation note * fix(subs): Google wording and HG escape * chore(testing): fake g1g1 dates * fix(subs): don't hide HG preview entirely * fix(subs): center next hourglass message * working validatedTextInput.vue within start-new-conversation-input-header.vue :tada: * fix(git): remove changes from old develop * Revert "fix(git): remove changes from old develop" This reverts commit 0e30f7df004bc363f2868d4b59de01862dec610f. * fix(git): no actually just this file i guesss * adding an empty loading state, hiding * fought the avatar arch nemesis again * fix chatMessages (party chat) message spacing * move disabled text back to above the input area - re-enable input area * show disabled private messages top panel * fix font color * fixing uiStates - removing disabled - moving the own user check to the last * fix(lint): add missing prop defaults * fix(lint): object default should be fn * fix(chat): correct grammar in error * remove weapon position relative * revert most of avatar.vue changes, add back weapons in chat message UI * show date tooltip above system / skill messages * fix toggle disable icon position * trivial CSS cleanup * fix(typo): English syntax in test * chore(test): small style cleanup * chore(logging): revert debug function * chore(debug): remove timers from inbox like --------- Co-authored-by: SabreCat <sabe@habitica.com> Co-authored-by: Kalista Payne <sabrecat@gmail.com> Co-authored-by: Phillip Thelen <phillip@habitica.com> 2025-03-04 23:00:24 +00:00			`import { sanitizeText as sanitizeMessageText } from '../../models/message';`
			`import highlightMentions from '../../libs/highlightMentions';`
			`import { model as User } from '../../models/user';`
			`import { NotAuthorized, NotFound } from '../../libs/errors';`
			`import { sentMessage } from '../../libs/inbox';`
New inbox client (#10644) * new inbox client * add tests for sendPrivateMessage returning the message * update DELETE user message tests * port v3 GET-inbox_messages * use v4 delete message route * sendPrivateMessage: return sent message * fix 2018-08-30 19:50:03 +00:00
start upgrading eslint 2019-10-08 14:57:10 +00:00			`const api = {};`
New inbox client (#10644) * new inbox client * add tests for sendPrivateMessage returning the message * update DELETE user message tests * port v3 GET-inbox_messages * use v4 delete message route * sendPrivateMessage: return sent message * fix 2018-08-30 19:50:03 +00:00
			`/* NOTE most inbox routes are either in the user or members controller */`

			`/**`
			`* @api {get} /api/v3/inbox/messages Get inbox messages for a user`
			`* @apiName GetInboxMessages`
			`* @apiGroup Inbox`
			`* @apiDescription Get inbox messages for a user`
			`*`
performance: private messages - API (#11077) * paging for inbox * clean up 2019-03-31 18:52:53 +00:00			`* @apiParam (Query) {Number} page Load the messages of the selected Page - 10 Messages per Page`
Inbox: Add API to list conversations (#11110) * Add API to list inbox conversations * fix test + add api doc * use `.lean()` * orderBy after the the grouped conversations are loaded * fix ordering 2019-04-26 16:45:05 +00:00			`* @apiParam (Query) {GUID} conversation Loads only the messages of a conversation`
performance: private messages - API (#11077) * paging for inbox * clean up 2019-03-31 18:52:53 +00:00			`*`
New inbox client (#10644) * new inbox client * add tests for sendPrivateMessage returning the message * update DELETE user message tests * port v3 GET-inbox_messages * use v4 delete message route * sendPrivateMessage: return sent message * fix 2018-08-30 19:50:03 +00:00			`* @apiSuccess {Array} data An array of inbox messages`
			`*/`
			`api.getInboxMessages = {`
			`method: 'GET',`
			`url: '/inbox/messages',`
Improve the performance of some frequently used API calls (#15251) * use lean for getting task lists * Only load necessary user data for group-plans call Also don’t make a db request for groups if the user is in none * Only load necessary user fields for in app rewards * Optimize updateStore by not checking every item * Only load necessary user data for task scoring * improve performance of inbox request calls * merge fix * fix scoring task call * add quests to scoring call * fix showing official pinned items * also load achievements 2024-08-12 21:45:35 +00:00			`middlewares: [authWithHeaders({ userFieldsToInclude: ['profile', 'contributor', 'backer', 'inbox'] })],`
New inbox client (#10644) * new inbox client * add tests for sendPrivateMessage returning the message * update DELETE user message tests * port v3 GET-inbox_messages * use v4 delete message route * sendPrivateMessage: return sent message * fix 2018-08-30 19:50:03 +00:00			`async handler (req, res) {`
start upgrading eslint 2019-10-08 14:57:10 +00:00			`const { user } = res.locals;`
			`const { page } = req.query;`
			`const { conversation } = req.query;`
New inbox client (#10644) * new inbox client * add tests for sendPrivateMessage returning the message * update DELETE user message tests * port v3 GET-inbox_messages * use v4 delete message route * sendPrivateMessage: return sent message * fix 2018-08-30 19:50:03 +00:00
performance: private messages - API (#11077) * paging for inbox * clean up 2019-03-31 18:52:53 +00:00			`const userInbox = await inboxLib.getUserInbox(user, {`
Inbox: Add API to list conversations (#11110) * Add API to list inbox conversations * fix test + add api doc * use `.lean()` * orderBy after the the grouped conversations are loaded * fix ordering 2019-04-26 16:45:05 +00:00			`page, conversation,`
performance: private messages - API (#11077) * paging for inbox * clean up 2019-03-31 18:52:53 +00:00			`});`
Move inbox to its own model (#10428) * shared model for chat and inbox * disable inbox schema * inbox: use separate model * remove old code that used group.chat * add back chat field (not used) and remove old tests * remove inbox exclusions when loading user * add GET /api/v3/inbox/messages * add comment * implement DELETE /inbox/messages/:messageid in v4 * implement GET /inbox/messages in v4 and update tests * implement DELETE /api/v4/inbox/clear * fix url * fix doc * update /export/inbox.html * update other data exports * add back messages in user schema * add user.toJSONWithInbox * add compativility until migration is done * more compatibility * fix tojson called twice * add compatibility methods * fix common tests * fix v4 integration tests * v3 get user -> with inbox * start to fix tests * fix v3 integration tests * wip * wip, client use new route * update tests for members/send-private-message * tests for get user in v4 * add tests for DELETE /inbox/messages/:messageId * add tests for DELETE /inbox/clear in v4 * update docs * fix tests * initial migration * fix migration * fix migration * migration fixes * migrate api.enterCouponCode * migrate api.castSpell * migrate reset, reroll, rebirth * add routes to v4 version * fix tests * fixes * api.updateUser * remove .only * get user -> userLib * refactor inbox.vue to work with new data model * fix return message when messaging yourself * wip fix bug with new conversation * wip * fix remaining ui issues * move api.registerLocal, fixes * keep only v3 version of GET /inbox/messages 2018-09-21 13:12:20 +00:00
			`res.respond(200, userInbox);`
New inbox client (#10644) * new inbox client * add tests for sendPrivateMessage returning the message * update DELETE user message tests * port v3 GET-inbox_messages * use v4 delete message route * sendPrivateMessage: return sent message * fix 2018-08-30 19:50:03 +00:00			`},`
			`};`

combined messages restyling - next round (#15386) * split component prepare new views / states * extract empty and disabled state as components * fix empty state mail icon * first logic switching between modes, move page to /private-messages/index.vue * extract autoCompleteHelper.js * style header + start new message input * style plus button + focus input * state logic, types for sanity * WIP PM new Message started * add /members/username test * first design changes to messageCard * delete private message or chat - based on the mode * copy as todo * mention links to modal * report chat or private message * WIP likeButton * likeButton styling * hide like on private message cards * fix unit test * replace copy as todo - to just a copy to clipboard * style changes * menu position + like button width * dropdown items background + like font * fix like button padding * move api endpoints and tests around to group inbox methods + like for inbox private messages * restyle system messages * Dropdown Radius and Padding * WIP system messages * fix lint * copy delta commit of allowing liking own private messages * enable liking private messages * fix menu non hovered item icon color * fix import path * ignore background on system messages * requested changes + migration * update migration to update the unique id to some messages and delete the duplicates * migration based on users pagination * fix(migration): use Promise.all * change to bulkWrites per User, and all messages in one run (of a user) * check for array * use rest operator ... * skip sorting to get the users * remove migration, disable like for private messages without uniqueMessageId * lean+bulkWrite for likes, add time checks for like and auth for further debugging * add a limit 2 get the messages by uniqueId * Adding a simple server start script * remove pinned nodemon dep * fix inbox controller/tests * fix / requested style changes * fix empty state padding / * hide avatar weapons on messages - fix avatar spacing on messages * Hourglass Simplification (#15323) * begin removing obsolete tests * begin refactoring * update cron tests * cleanup * finish basic implementation of new logic * add more subscription tests * subscription test improvements * return nextHourglassDate again * fix gem limit * fix(test): short circuit this. * fix(admin): correct logic and style for shrimple subs * WIP(frontend): draft of main subs page view * fix hourglass count * Fix hourglass logic for upgrades * fix admin panel display * WIP(subs): extant Stripe state * fix admin panel strings * fix missing transaction type * add new field for cumulative subscription count * show date for hourglass bonus if it was received * fix test * feat(subscription): max Gems progress readout * fix(css): correct and refactor heights and selection states * fix(subs): correct border-radius and redirect * fix(stripe): correct redirect after success * Admin panel display fixes * don’t give additional HG for new sub if they already got one this month * fix issue with promo hourglasses * fix(subscription): update layout when gifting * fix(subscriptions): more gift layout revisions * fix(subscriptions): minor visual updates * fix(subs): pass autoRenews through Stripe * fix(subs): gifts DON't renew * fix(lint): unnecessary ternary * fix(lint): do negate object ig * fix(subs): try again on gifts * fix(subs): unhovery and un-12-monthy * fix bug with incorrectly giving HG bonus * remove only * fix test * fix test * fix(subs): also redirect to subs after gift sub * fix(subs): fix typeError * fix(g1g1): don't try to find Gems promo during bogo --------- Co-authored-by: Phillip Thelen <phillip@habitica.com> Co-authored-by: Kalista Payne <sabe@habitica.com> * chore(sprites): update subproject * fix(layout): tighten cancellation note * fix(subs): Google wording and HG escape * chore(testing): fake g1g1 dates * fix(subs): don't hide HG preview entirely * fix(subs): center next hourglass message * working validatedTextInput.vue within start-new-conversation-input-header.vue :tada: * fix(git): remove changes from old develop * Revert "fix(git): remove changes from old develop" This reverts commit 0e30f7df004bc363f2868d4b59de01862dec610f. * fix(git): no actually just this file i guesss * adding an empty loading state, hiding * fought the avatar arch nemesis again * fix chatMessages (party chat) message spacing * move disabled text back to above the input area - re-enable input area * show disabled private messages top panel * fix font color * fixing uiStates - removing disabled - moving the own user check to the last * fix(lint): add missing prop defaults * fix(lint): object default should be fn * fix(chat): correct grammar in error * remove weapon position relative * revert most of avatar.vue changes, add back weapons in chat message UI * show date tooltip above system / skill messages * fix toggle disable icon position * trivial CSS cleanup * fix(typo): English syntax in test * chore(test): small style cleanup * chore(logging): revert debug function * chore(debug): remove timers from inbox like --------- Co-authored-by: SabreCat <sabe@habitica.com> Co-authored-by: Kalista Payne <sabrecat@gmail.com> Co-authored-by: Phillip Thelen <phillip@habitica.com> 2025-03-04 23:00:24 +00:00			`/**`
			`* @api {post} /api/v3/members/send-private-message Send a private message to a member`
			`* @apiName SendPrivateMessage`
			`* @apiGroup Member`
			`*`
			`* @apiParam (Body) {String} message The message`
			`* @apiParam (Body) {UUID} toUserId The id of the user to contact`
			`*`
			`* @apiSuccess {Object} data.message The message just sent`
			`*`
			`* @apiUse UserNotFound`
			`*/`
			`api.sendPrivateMessage = {`
			`method: 'POST',`
			`url: '/members/send-private-message',`
			`middlewares: [authWithHeaders()],`
			`async handler (req, res) {`
			`req.checkBody('message', res.t('messageRequired')).notEmpty();`
			`req.checkBody('toUserId', res.t('toUserIDRequired')).notEmpty().isUUID();`

			`const validationErrors = req.validationErrors();`
			`if (validationErrors) throw validationErrors;`

			`const sender = res.locals.user;`
			`const sanitizedMessageText = sanitizeMessageText(req.body.message);`
			`const message = (await highlightMentions(sanitizedMessageText))[0];`

			`const receiver = await User.findById(req.body.toUserId).exec();`
			`if (!receiver) throw new NotFound(res.t('userNotFound'));`
			`if (!receiver.flags.verifiedUsername) delete receiver.auth.local.username;`

			`const objections = sender.getObjectionsToInteraction('send-private-message', receiver);`
			`if (objections.length > 0 && !sender.hasPermission('moderator')) throw new NotAuthorized(res.t(objections[0]));`

			`const messageSent = await sentMessage(sender, receiver, message, res.t);`

			`res.respond(200, { message: messageSent });`
			`},`
			`};`

remove old module.exports from server aswell 2019-10-02 17:45:27 +00:00			`export default api;`