From e305c030e67026463d5adb523db6cc2f4355193c Mon Sep 17 00:00:00 2001
From: Jonas Leder <jonas.leder@jobrouter.com>
Date: Tue, 8 Mar 2022 15:10:52 +0100
Subject: [PATCH] add new comment endpoint

---
 public/API/queries/comments.php | 33 +++++++++++++++++++++++++++++++++
 public/API/queries/queries.php  | 11 +++++++++++
 2 files changed, 44 insertions(+)

diff --git a/public/API/queries/comments.php b/public/API/queries/comments.php
index 18abdfa..cb3f33a 100644
--- a/public/API/queries/comments.php
+++ b/public/API/queries/comments.php
@@ -2,6 +2,7 @@
 
 use GraphQL\Type\Definition\Type;
 use GraphQL\Type\Definition\ObjectType;
+use GuzzleHttp\Client;
 
 include "lib/getGravatar.php";
 $commentField = new ObjectType([
@@ -29,4 +30,36 @@ function comments($article, $conn) {
     }
     return $response;
 
+}
+
+function newComment($conn, $article, $name, $email, $comment, $hCaptchaResponse) {
+    require "./lib/config.php";
+    $data = array(
+        'secret' => $secretkey,
+        'response' => $hCaptchaResponse
+    );
+    $client = new Client();
+    
+    $response = $client->post("https://hcaptcha.com/siteverify", [
+        "form_params" => $data
+    ]);
+    
+    $responseData = json_decode($response->getBody());
+    if(! $responseData->success) {
+        return "Failed to verify Captcha";
+
+        $article = $conn->escape_string($article);
+        $name = $conn->escape_string($name);
+        $email = $conn->escape_string($email);
+        $comment = $conn->escape_string($comment);
+    
+        $sql = "INSERT INTO comments (name, email, comment, article) VALUES ('$name', '$email', '$comment', '$article')";
+    
+        if ($conn->query($sql) === TRUE) {
+            return "OK";
+        } else {
+            return "Error: " . $sql . "<br>" . $conn->error;
+        }
+    }
+
 }
\ No newline at end of file
diff --git a/public/API/queries/queries.php b/public/API/queries/queries.php
index 4e38aa6..bbd802a 100644
--- a/public/API/queries/queries.php
+++ b/public/API/queries/queries.php
@@ -53,6 +53,17 @@ $queryType = new ObjectType([
             ],
             'resolve' => fn ($rootValue, $args) => comments($args["article"], $rootValue["db"]),
         ],
+        "newComment" => [
+            "type" => Type::string(),
+            "args" => [
+                "article" => Type::string(),
+                "name" => Type::string(),
+                "email" => Type::string(),
+                "comment" => Type::string(),
+                "hCaptchaResponse" => Type::string()
+            ],
+            'resolve' => fn ($rootValue, $args) => newComment($rootValue["db"], $args["article"], $args["name"], $args["email"], $args["comment"], $args["hCaptchaResponse"]),
+        ],
         'ebayKleinanzeigen' => [
             "type" => $ebayKleinanzeigenFields,
             "args" => [
-- 
GitLab