const express = require('express'); const router = express.Router(); const { getDb } = require('../models/db'); const { authMiddleware, adminMiddleware } = require('../middleware/auth'); module.exports = function(io) { // ── Helpers ─────────────────────────────────────────────────────────────────── function postSysMsg(db, groupId, userId, content) { const r = db.prepare(`INSERT INTO messages (group_id, user_id, content, type) VALUES (?, ?, ?, 'system')`).run(groupId, userId, content); const msg = db.prepare(` SELECT m.*, u.name as user_name, u.display_name as user_display_name, u.avatar as user_avatar, u.role as user_role, u.status as user_status, u.hide_admin_tag as user_hide_admin_tag, u.about_me as user_about_me, u.allow_dm as user_allow_dm FROM messages m JOIN users u ON m.user_id = u.id WHERE m.id = ? `).get(r.lastInsertRowid); if (msg) { msg.reactions = []; io.to(`group:${groupId}`).emit('message:new', msg); } } function addUserToDmGroup(db, dmGroupId, userId, actorId) { db.prepare("INSERT OR IGNORE INTO group_members (group_id, user_id, joined_at) VALUES (?, ?, datetime('now'))").run(dmGroupId, userId); io.in(`user:${userId}`).socketsJoin(`group:${dmGroupId}`); const dmGroup = db.prepare('SELECT * FROM groups WHERE id = ?').get(dmGroupId); io.to(`user:${userId}`).emit('group:new', { group: dmGroup }); const u = db.prepare('SELECT name, display_name FROM users WHERE id = ?').get(userId); postSysMsg(db, dmGroupId, actorId, `${u?.display_name || u?.name || 'A user'} has joined the conversation.`); } function removeUserFromDmGroup(db, dmGroupId, userId, actorId) { db.prepare('DELETE FROM group_members WHERE group_id = ? AND user_id = ?').run(dmGroupId, userId); io.in(`user:${userId}`).socketsLeave(`group:${dmGroupId}`); io.to(`user:${userId}`).emit('group:deleted', { groupId: dmGroupId }); const u = db.prepare('SELECT name, display_name FROM users WHERE id = ?').get(userId); postSysMsg(db, dmGroupId, actorId, `${u?.display_name || u?.name || 'A user'} has been removed from the conversation.`); } // Get all user_ids for a user group function getUserIdsForGroup(db, userGroupId) { return db.prepare('SELECT user_id FROM user_group_members WHERE user_group_id = ?').all(userGroupId).map(r => r.user_id); } // ── USER GROUPS ─────────────────────────────────────────────────────────────── router.get('/', authMiddleware, adminMiddleware, (req, res) => { const db = getDb(); const groups = db.prepare(` SELECT ug.*, (SELECT COUNT(*) FROM user_group_members WHERE user_group_id = ug.id) as member_count FROM user_groups ug ORDER BY ug.name ASC `).all(); res.json({ groups }); }); // ── MULTI-GROUP DMs ─────────────────────────────────────────────────────────── router.get('/multigroup', authMiddleware, adminMiddleware, (req, res) => { const db = getDb(); const dms = db.prepare(` SELECT mgd.*, (SELECT COUNT(*) FROM multi_group_dm_members WHERE multi_group_dm_id = mgd.id) as group_count FROM multi_group_dms mgd ORDER BY mgd.name ASC `).all(); // Attach member user group IDs for (const dm of dms) { dm.memberGroupIds = db.prepare('SELECT user_group_id FROM multi_group_dm_members WHERE multi_group_dm_id = ?').all(dm.id).map(r => r.user_group_id); } res.json({ dms }); }); router.post('/multigroup', authMiddleware, adminMiddleware, (req, res) => { const { name, userGroupIds = [] } = req.body; if (!name?.trim()) return res.status(400).json({ error: 'Name required' }); if (userGroupIds.length < 2) return res.status(400).json({ error: 'At least two user groups required' }); const db = getDb(); if (db.prepare('SELECT id FROM multi_group_dms WHERE LOWER(name) = LOWER(?)').get(name.trim())) { return res.status(400).json({ error: 'Name already in use' }); } const admin = db.prepare('SELECT id FROM users WHERE is_default_admin = 1').get(); const dmResult = db.prepare(`INSERT INTO groups (name, type, owner_id, is_managed) VALUES (?, 'private', ?, 1)`).run(name.trim(), admin?.id || req.user.id); const dmGroupId = dmResult.lastInsertRowid; const mgResult = db.prepare(`INSERT INTO multi_group_dms (name, dm_group_id) VALUES (?, ?)`).run(name.trim(), dmGroupId); const mgId = mgResult.lastInsertRowid; const validGroupIds = userGroupIds.map(Number).filter(Boolean); const addedUsers = new Set(); for (const ugId of validGroupIds) { db.prepare('INSERT OR IGNORE INTO multi_group_dm_members (multi_group_dm_id, user_group_id) VALUES (?, ?)').run(mgId, ugId); const uids = getUserIdsForGroup(db, ugId); for (const uid of uids) { if (!addedUsers.has(uid)) { addedUsers.add(uid); addUserToDmGroup(db, dmGroupId, uid, req.user.id); } } const ug = db.prepare('SELECT name FROM user_groups WHERE id = ?').get(ugId); if (ug) postSysMsg(db, dmGroupId, req.user.id, `Group "${ug.name}" has been added to this conversation.`); } const dm = db.prepare('SELECT * FROM multi_group_dms WHERE id = ?').get(mgId); dm.memberGroupIds = validGroupIds; res.json({ dm }); }); router.patch('/multigroup/:id', authMiddleware, adminMiddleware, (req, res) => { const db = getDb(); const mg = db.prepare('SELECT * FROM multi_group_dms WHERE id = ?').get(req.params.id); if (!mg) return res.status(404).json({ error: 'Not found' }); const { name, userGroupIds } = req.body; if (name && name.trim() !== mg.name) { if (db.prepare('SELECT id FROM multi_group_dms WHERE LOWER(name) = LOWER(?) AND id != ?').get(name.trim(), mg.id)) { return res.status(400).json({ error: 'Name already in use' }); } db.prepare("UPDATE multi_group_dms SET name = ?, updated_at = datetime('now') WHERE id = ?").run(name.trim(), mg.id); if (mg.dm_group_id) { db.prepare("UPDATE groups SET name = ?, updated_at = datetime('now') WHERE id = ?").run(name.trim(), mg.dm_group_id); } } if (Array.isArray(userGroupIds) && mg.dm_group_id) { const newGroupIds = new Set(userGroupIds.map(Number).filter(Boolean)); const currentGroupIds = new Set(db.prepare('SELECT user_group_id FROM multi_group_dm_members WHERE multi_group_dm_id = ?').all(mg.id).map(r => r.user_group_id)); // Add new user groups for (const ugId of newGroupIds) { if (!currentGroupIds.has(ugId)) { db.prepare("INSERT OR IGNORE INTO multi_group_dm_members (multi_group_dm_id, user_group_id) VALUES (?, ?)").run(mg.id, ugId); const uids = getUserIdsForGroup(db, ugId); for (const uid of uids) addUserToDmGroup(db, mg.dm_group_id, uid, req.user.id); const ug = db.prepare('SELECT name FROM user_groups WHERE id = ?').get(ugId); if (ug) postSysMsg(db, mg.dm_group_id, req.user.id, `Group "${ug.name}" has been added to this conversation.`); } } // Remove dropped user groups for (const ugId of currentGroupIds) { if (!newGroupIds.has(ugId)) { db.prepare('DELETE FROM multi_group_dm_members WHERE multi_group_dm_id = ? AND user_group_id = ?').run(mg.id, ugId); const uids = getUserIdsForGroup(db, ugId); for (const uid of uids) { const stillInOtherGroup = db.prepare('SELECT 1 FROM multi_group_dm_members mgdm JOIN user_group_members ugm ON ugm.user_group_id = mgdm.user_group_id WHERE mgdm.multi_group_dm_id = ? AND ugm.user_id = ?').get(mg.id, uid); if (!stillInOtherGroup) removeUserFromDmGroup(db, mg.dm_group_id, uid, req.user.id); } const ug = db.prepare('SELECT name FROM user_groups WHERE id = ?').get(ugId); if (ug) postSysMsg(db, mg.dm_group_id, req.user.id, `Group "${ug.name}" has been removed from this conversation.`); } } } const updated = db.prepare('SELECT * FROM multi_group_dms WHERE id = ?').get(req.params.id); updated.memberGroupIds = db.prepare('SELECT user_group_id FROM multi_group_dm_members WHERE multi_group_dm_id = ?').all(mg.id).map(r => r.user_group_id); res.json({ dm: updated }); }); router.delete('/multigroup/:id', authMiddleware, adminMiddleware, (req, res) => { const db = getDb(); const mg = db.prepare('SELECT * FROM multi_group_dms WHERE id = ?').get(req.params.id); if (!mg) return res.status(404).json({ error: 'Not found' }); if (mg.dm_group_id) { const members = db.prepare('SELECT user_id FROM group_members WHERE group_id = ?').all(mg.dm_group_id).map(r => r.user_id); db.prepare('DELETE FROM groups WHERE id = ?').run(mg.dm_group_id); for (const uid of members) io.to(`user:${uid}`).emit('group:deleted', { groupId: mg.dm_group_id }); } db.prepare('DELETE FROM multi_group_dms WHERE id = ?').run(mg.id); res.json({ success: true }); }); return router; }; router.get('/:id', authMiddleware, adminMiddleware, (req, res) => { const db = getDb(); const group = db.prepare('SELECT * FROM user_groups WHERE id = ?').get(req.params.id); if (!group) return res.status(404).json({ error: 'Not found' }); const members = db.prepare(` SELECT u.id, u.name, u.display_name, u.avatar, u.role, u.status FROM user_group_members ugm JOIN users u ON u.id = ugm.user_id WHERE ugm.user_group_id = ? ORDER BY u.name ASC `).all(req.params.id); res.json({ group, members }); }); router.post('/', authMiddleware, adminMiddleware, (req, res) => { const { name, memberIds = [] } = req.body; if (!name?.trim()) return res.status(400).json({ error: 'Name required' }); const db = getDb(); if (db.prepare('SELECT id FROM user_groups WHERE LOWER(name) = LOWER(?)').get(name.trim())) { return res.status(400).json({ error: 'A group with that name already exists' }); } const admin = db.prepare('SELECT id FROM users WHERE is_default_admin = 1').get(); const dmResult = db.prepare(` INSERT INTO groups (name, type, owner_id, is_readonly, is_direct, is_managed) VALUES (?, 'private', ?, 0, 0, 1) `).run(name.trim(), admin?.id || req.user.id); const dmGroupId = dmResult.lastInsertRowid; const ugResult = db.prepare(`INSERT INTO user_groups (name, dm_group_id) VALUES (?, ?)`).run(name.trim(), dmGroupId); const ugId = ugResult.lastInsertRowid; const validIds = Array.isArray(memberIds) ? memberIds.map(Number).filter(Boolean) : []; for (const uid of validIds) { db.prepare("INSERT OR IGNORE INTO user_group_members (user_group_id, user_id) VALUES (?, ?)").run(ugId, uid); addUserToDmGroup(db, dmGroupId, uid, req.user.id); } const group = db.prepare('SELECT * FROM user_groups WHERE id = ?').get(ugId); res.json({ group }); }); router.patch('/:id', authMiddleware, adminMiddleware, (req, res) => { const db = getDb(); const ug = db.prepare('SELECT * FROM user_groups WHERE id = ?').get(req.params.id); if (!ug) return res.status(404).json({ error: 'Not found' }); const { name, memberIds } = req.body; if (name && name.trim() !== ug.name) { if (db.prepare('SELECT id FROM user_groups WHERE LOWER(name) = LOWER(?) AND id != ?').get(name.trim(), ug.id)) { return res.status(400).json({ error: 'Name already in use' }); } db.prepare("UPDATE user_groups SET name = ?, updated_at = datetime('now') WHERE id = ?").run(name.trim(), ug.id); if (ug.dm_group_id) { db.prepare("UPDATE groups SET name = ?, updated_at = datetime('now') WHERE id = ?").run(name.trim(), ug.dm_group_id); } } if (Array.isArray(memberIds) && ug.dm_group_id) { const newIds = new Set(memberIds.map(Number).filter(Boolean)); const current = db.prepare('SELECT user_id FROM user_group_members WHERE user_group_id = ?').all(ug.id).map(r => r.user_id); const currentSet = new Set(current); for (const uid of newIds) { if (!currentSet.has(uid)) { db.prepare("INSERT OR IGNORE INTO user_group_members (user_group_id, user_id) VALUES (?, ?)").run(ug.id, uid); addUserToDmGroup(db, ug.dm_group_id, uid, req.user.id); // Also add to any multi-group DMs that include this user group const mgDms = db.prepare('SELECT mgd.dm_group_id FROM multi_group_dm_members mgdm JOIN multi_group_dms mgd ON mgd.id = mgdm.multi_group_dm_id WHERE mgdm.user_group_id = ?').all(ug.id); for (const mg of mgDms) { if (mg.dm_group_id) addUserToDmGroup(db, mg.dm_group_id, uid, req.user.id); } } } for (const uid of currentSet) { if (!newIds.has(uid)) { db.prepare('DELETE FROM user_group_members WHERE user_group_id = ? AND user_id = ?').run(ug.id, uid); // Only remove from DM group if user isn't in another user group that also has access const otherUgMemberships = db.prepare(` SELECT ugm.user_group_id FROM user_group_members ugm WHERE ugm.user_id = ? AND ugm.user_group_id != ? AND EXISTS (SELECT 1 FROM group_members gm WHERE gm.group_id = ? AND gm.user_id = ?) `).all(uid, ug.id, ug.dm_group_id, uid); if (otherUgMemberships.length === 0) { removeUserFromDmGroup(db, ug.dm_group_id, uid, req.user.id); // Remove from multi-group DMs they got access through this group const mgDms = db.prepare('SELECT mgd.dm_group_id FROM multi_group_dm_members mgdm JOIN multi_group_dms mgd ON mgd.id = mgdm.multi_group_dm_id WHERE mgdm.user_group_id = ?').all(ug.id); for (const mg of mgDms) { if (mg.dm_group_id) { const stillMember = db.prepare('SELECT 1 FROM group_members WHERE group_id = ? AND user_id = ?').get(mg.dm_group_id, uid); if (stillMember) removeUserFromDmGroup(db, mg.dm_group_id, uid, req.user.id); } } } } } } const updated = db.prepare('SELECT * FROM user_groups WHERE id = ?').get(req.params.id); res.json({ group: updated }); }); router.delete('/:id', authMiddleware, adminMiddleware, (req, res) => { const db = getDb(); const ug = db.prepare('SELECT * FROM user_groups WHERE id = ?').get(req.params.id); if (!ug) return res.status(404).json({ error: 'Not found' }); if (ug.dm_group_id) { const members = db.prepare('SELECT user_id FROM group_members WHERE group_id = ?').all(ug.dm_group_id).map(r => r.user_id); db.prepare('DELETE FROM groups WHERE id = ?').run(ug.dm_group_id); for (const uid of members) io.to(`user:${uid}`).emit('group:deleted', { groupId: ug.dm_group_id }); } db.prepare('DELETE FROM user_groups WHERE id = ?').run(ug.id); res.json({ success: true }); });