diff --git a/createSchema.sql b/createSchema.sql index 629ddef..bbaba48 100644 --- a/createSchema.sql +++ b/createSchema.sql @@ -35,14 +35,14 @@ CREATE TABLE `posts` ( ); CREATE TABLE `dms` ( - `post_id` bigint NOT NULL AUTO_INCREMENT, - `post_user_name` varchar(100) NOT NULL, - `post_text` varchar(4000) NOT NULL, - `post_time` bigint NOT NULL, - `post_special_text` varchar(100) DEFAULT NULL, - `post_receiver_name` varchar(100) DEFAULT NULL, - `post_is_private` tinyint DEFAULT '0', - `post_from_bot` tinyint DEFAULT '0', - `post_reply_id` bigint unsigned DEFAULT NULL, - PRIMARY KEY (`post_id`) + `dms_id` bigint NOT NULL AUTO_INCREMENT, + `dms_user_name` varchar(100) NOT NULL, + `dms_text` varchar(4000) NOT NULL, + `dms_time` bigint NOT NULL, + `dms_special_text` varchar(100) DEFAULT NULL, + `dms_channel` varchar(100) DEFAULT NULL, + `dms_is_private` tinyint DEFAULT '0', + `dms_from_bot` tinyint DEFAULT '0', + `dms_reply_id` bigint unsigned DEFAULT NULL, + PRIMARY KEY (`dms_id`) ); diff --git a/server.js b/server.js index 174f69b..780d6f3 100644 --- a/server.js +++ b/server.js @@ -614,8 +614,16 @@ router.get("/api/getPost", async function(req,res) { router.get("/api/getPersonalPosts", async function(req,res) { res.set("Access-Control-Allow-Origin","") - let sql = `select post_user_name,post_text,post_time,post_special_text,post_id,post_from_bot,post_reply_id from ipost.dms where (post_receiver_name = ?) order by post_id desc;` - con.query(sql, [encodeURIComponent(res.locals.username)], function (err, result) { + + let otherperson = req.query.otherperson + + if(typeof otherperson != "string" || otherperson.length > 100) { + res.status(400).json({"error": "invalid otherperson given"}) + return + } + + let sql = `select dms_user_name,dms_text,dms_time,dms_special_text,dms_id,dms_from_bot,dms_reply_id from ipost.dms where (dms_channel = ?) order by dms_id desc;` + con.query(sql, [xor(encodeURIComponent(res.locals.username),otherperson)], function (err, result) { if (err) throw err; res.json(result) });