can add image to message
This commit is contained in:
jackiettran
@@ -1,10 +1,14 @@
|
||||
const express = require('express');
|
||||
const helmet = require('helmet');
|
||||
const { Message, User } = require('../models');
|
||||
const { authenticateToken } = require('../middleware/auth');
|
||||
const { uploadMessageImage } = require('../middleware/upload');
|
||||
const logger = require('../utils/logger');
|
||||
const { emitNewMessage, emitMessageRead } = require('../sockets/messageSocket');
|
||||
const { Op } = require('sequelize');
|
||||
const emailService = require('../services/emailService');
|
||||
const fs = require('fs');
|
||||
const path = require('path');
|
||||
const router = express.Router();
|
||||
|
||||
// Get all messages for the current user (inbox)
|
||||
@@ -242,7 +246,7 @@ router.get('/:id', authenticateToken, async (req, res) => {
|
||||
});
|
||||
|
||||
// Send a new message
|
||||
router.post('/', authenticateToken, async (req, res) => {
|
||||
router.post('/', authenticateToken, uploadMessageImage, async (req, res) => {
|
||||
try {
|
||||
const { receiverId, subject, content, parentMessageId } = req.body;
|
||||
|
||||
@@ -257,12 +261,16 @@ router.post('/', authenticateToken, async (req, res) => {
|
||||
return res.status(400).json({ error: 'Cannot send messages to yourself' });
|
||||
}
|
||||
|
||||
// Extract image filename if uploaded
|
||||
const imagePath = req.file ? req.file.filename : null;
|
||||
|
||||
const message = await Message.create({
|
||||
senderId: req.user.id,
|
||||
receiverId,
|
||||
subject,
|
||||
content,
|
||||
parentMessageId
|
||||
parentMessageId,
|
||||
imagePath
|
||||
});
|
||||
|
||||
const messageWithSender = await Message.findByPk(message.id, {
|
||||
@@ -389,4 +397,51 @@ router.get('/unread/count', authenticateToken, async (req, res) => {
|
||||
}
|
||||
});
|
||||
|
||||
// Get message image (authorized)
|
||||
router.get('/images/:filename',
|
||||
authenticateToken,
|
||||
// Override Helmet's CORP header for cross-origin image loading
|
||||
helmet.crossOriginResourcePolicy({ policy: "cross-origin" }),
|
||||
async (req, res) => {
|
||||
try {
|
||||
const { filename } = req.params;
|
||||
|
||||
// Verify user is sender or receiver of a message with this image
|
||||
const message = await Message.findOne({
|
||||
where: {
|
||||
imagePath: filename,
|
||||
[Op.or]: [
|
||||
{ senderId: req.user.id },
|
||||
{ receiverId: req.user.id }
|
||||
]
|
||||
}
|
||||
});
|
||||
|
||||
if (!message) {
|
||||
const reqLogger = logger.withRequestId(req.id);
|
||||
reqLogger.warn('Unauthorized image access attempt', {
|
||||
userId: req.user.id,
|
||||
filename
|
||||
});
|
||||
return res.status(403).json({ error: 'Access denied' });
|
||||
}
|
||||
|
||||
// Serve the image
|
||||
const filePath = path.join(__dirname, '../uploads/messages', filename);
|
||||
|
||||
if (!fs.existsSync(filePath)) {
|
||||
return res.status(404).json({ error: 'Image not found' });
|
||||
}
|
||||
|
||||
res.sendFile(filePath);
|
||||
} catch (error) {
|
||||
const reqLogger = logger.withRequestId(req.id);
|
||||
reqLogger.error('Image serve failed', {
|
||||
error: error.message,
|
||||
filename: req.params.filename
|
||||
});
|
||||
res.status(500).json({ error: 'Failed to load image' });
|
||||
}
|
||||
});
|
||||
|
||||
module.exports = router;
|
||||
Reference in New Issue
Block a user