backend/pb_hooks/main.go

package main

import (
	"log"

	"github.com/pocketbase/pocketbase"
	"github.com/pocketbase/pocketbase/apis"
	"github.com/pocketbase/pocketbase/core"
)

// isGroupMember checks if a user is a member of a group
func isGroupMember(app *pocketbase.PocketBase, groupId string, userId string) (bool, error) {
	group, err := app.Dao().FindRecordById("groups", groupId)
	if err != nil {
		return false, err
	}

	members := group.GetStringSlice("members")
	for _, member := range members {
		if member == userId {
			return true, nil
		}
	}
	return false, nil
}

// isGroupOwner checks if a user is the owner of a group
func isGroupOwner(app *pocketbase.PocketBase, groupId string, userId string) (bool, error) {
	group, err := app.Dao().FindRecordById("groups", groupId)
	if err != nil {
		return false, err
	}
	return group.GetString("owner") == userId, nil
}

func main() {
	app := pocketbase.New()

	// Groups API Rules
	app.OnRecordBeforeCreateRequest("groups").Add(func(e *core.RecordCreateEvent) error {
		authRecord, _ := e.HttpContext.AuthRecord()
		if authRecord == nil {
			return apis.NewForbiddenError("需要登录", nil)
		}

		// Set the owner to the current user
		e.Record.Set("owner", authRecord.Id)
		// Initialize members array with the owner
		e.Record.Set("members", []string{authRecord.Id})

		return nil
	})

	app.OnRecordBeforeUpdateRequest("groups").Add(func(e *core.RecordUpdateEvent) error {
		authRecord, _ := e.HttpContext.AuthRecord()
		if authRecord == nil {
			return apis.NewForbiddenError("需要登录", nil)
		}

		// Only owner can update the group
		isOwner, err := isGroupOwner(app, e.Record.Id, authRecord.Id)
		if err != nil || !isOwner {
			return apis.NewForbiddenError("只有群组所有者可以更新群组", nil)
		}

		return nil
	})

	app.OnRecordBeforeDeleteRequest("groups").Add(func(e *core.RecordDeleteEvent) error {
		authRecord, _ := e.HttpContext.AuthRecord()
		if authRecord == nil {
			return apis.NewForbiddenError("需要登录", nil)
		}

		// Only owner can delete the group
		isOwner, err := isGroupOwner(app, e.Record.Id, authRecord.Id)
		if err != nil || !isOwner {
			return apis.NewForbiddenError("只有群组所有者可以删除群组", nil)
		}

		return nil
	})

	// Team Sessions API Rules
	app.OnRecordBeforeCreateRequest("team_sessions").Add(func(e *core.RecordCreateEvent) error {
		authRecord, _ := e.HttpContext.AuthRecord()
		if authRecord == nil {
			return apis.NewForbiddenError("需要登录", nil)
		}

		groupId := e.Record.GetString("group")

		// Check if user is a member of the group
		isMember, err := isGroupMember(app, groupId, authRecord.Id)
		if err != nil || !isMember {
			return apis.NewForbiddenError("只有群组成员可以创建团队会话", nil)
		}

		return nil
	})

	// Invitations API Rules
	app.OnRecordBeforeCreateRequest("invitations").Add(func(e *core.RecordCreateEvent) error {
		authRecord, _ := e.HttpContext.AuthRecord()
		if authRecord == nil {
			return apis.NewForbiddenError("需要登录", nil)
		}

		groupId := e.Record.GetString("group")

		// Only group owner can create invitations
		isOwner, err := isGroupOwner(app, groupId, authRecord.Id)
		if err != nil || !isOwner {
			return apis.NewForbiddenError("只有群组所有者可以创建邀请", nil)
		}

		// Set status to pending
		e.Record.Set("status", "pending")

		return nil
	})

	app.OnRecordAfterCreateRequest("invitations").Add(func(e *core.RecordCreateEvent) error {
		// Send real-time notification to the invited user
		message := map[string]interface{}{
			"action": "invitation",
			"data": map[string]interface{}{
				"id":         e.Record.Id,
				"group":      e.Record.GetString("group"),
				"invited_by": e.Record.GetString("invited_by"),
				"status":     e.Record.GetString("status"),
				"created":    e.Record.Created.Time(),
			},
		}

		// Broadcast to the invited user's channel
		if err := app.Subscriptions().Broadcast("invitations", message); err != nil {
			log.Printf("Error broadcasting invitation: %v", err)
		}

		return nil
	})

	// Real-time subscription rules
	app.OnRecordAfterAuthWithTokenRequest().Add(func(e *core.RecordAuthEvent) error {
		// Subscribe to invitations channel and user's groups channel
		app.Subscriptions().Subscribe(e.HttpContext.Response(), []string{
			"invitations",
			"groups:" + e.Record.Id,
			"team_sessions",
		})

		return nil
	})

	if err := app.Start(); err != nil {
		log.Fatal(err)
	}
}
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`package main`

			`import (`
			`"log"`

			`"github.com/pocketbase/pocketbase"`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`"github.com/pocketbase/pocketbase/apis"`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`"github.com/pocketbase/pocketbase/core"`
			`)`

			`// isGroupMember checks if a user is a member of a group`
			`func isGroupMember(app *pocketbase.PocketBase, groupId string, userId string) (bool, error) {`
			`group, err := app.Dao().FindRecordById("groups", groupId)`
			`if err != nil {`
			`return false, err`
			`}`

			`members := group.GetStringSlice("members")`
			`for _, member := range members {`
			`if member == userId {`
			`return true, nil`
			`}`
			`}`
			`return false, nil`
			`}`

			`// isGroupOwner checks if a user is the owner of a group`
			`func isGroupOwner(app *pocketbase.PocketBase, groupId string, userId string) (bool, error) {`
			`group, err := app.Dao().FindRecordById("groups", groupId)`
			`if err != nil {`
			`return false, err`
			`}`
			`return group.GetString("owner") == userId, nil`
			`}`

			`func main() {`
			`app := pocketbase.New()`

			`// Groups API Rules`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`app.OnRecordBeforeCreateRequest("groups").Add(func(e *core.RecordCreateEvent) error {`
			`authRecord, _ := e.HttpContext.AuthRecord()`
			`if authRecord == nil {`
			`return apis.NewForbiddenError("需要登录", nil)`
			`}`

feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`// Set the owner to the current user`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`e.Record.Set("owner", authRecord.Id)`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`// Initialize members array with the owner`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`e.Record.Set("members", []string{authRecord.Id})`

			`return nil`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`})`

fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`app.OnRecordBeforeUpdateRequest("groups").Add(func(e *core.RecordUpdateEvent) error {`
			`authRecord, _ := e.HttpContext.AuthRecord()`
			`if authRecord == nil {`
			`return apis.NewForbiddenError("需要登录", nil)`
			`}`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00
			`// Only owner can update the group`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`isOwner, err := isGroupOwner(app, e.Record.Id, authRecord.Id)`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`if err != nil \|\| !isOwner {`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`return apis.NewForbiddenError("只有群组所有者可以更新群组", nil)`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`}`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00
			`return nil`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`})`

fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`app.OnRecordBeforeDeleteRequest("groups").Add(func(e *core.RecordDeleteEvent) error {`
			`authRecord, _ := e.HttpContext.AuthRecord()`
			`if authRecord == nil {`
			`return apis.NewForbiddenError("需要登录", nil)`
			`}`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00
			`// Only owner can delete the group`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`isOwner, err := isGroupOwner(app, e.Record.Id, authRecord.Id)`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`if err != nil \|\| !isOwner {`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`return apis.NewForbiddenError("只有群组所有者可以删除群组", nil)`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`}`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00
			`return nil`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`})`

			`// Team Sessions API Rules`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`app.OnRecordBeforeCreateRequest("team_sessions").Add(func(e *core.RecordCreateEvent) error {`
			`authRecord, _ := e.HttpContext.AuthRecord()`
			`if authRecord == nil {`
			`return apis.NewForbiddenError("需要登录", nil)`
			`}`

feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`groupId := e.Record.GetString("group")`

			`// Check if user is a member of the group`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`isMember, err := isGroupMember(app, groupId, authRecord.Id)`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`if err != nil \|\| !isMember {`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`return apis.NewForbiddenError("只有群组成员可以创建团队会话", nil)`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`}`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00
			`return nil`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`})`

			`// Invitations API Rules`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`app.OnRecordBeforeCreateRequest("invitations").Add(func(e *core.RecordCreateEvent) error {`
			`authRecord, _ := e.HttpContext.AuthRecord()`
			`if authRecord == nil {`
			`return apis.NewForbiddenError("需要登录", nil)`
			`}`

feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`groupId := e.Record.GetString("group")`

			`// Only group owner can create invitations`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`isOwner, err := isGroupOwner(app, groupId, authRecord.Id)`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`if err != nil \|\| !isOwner {`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`return apis.NewForbiddenError("只有群组所有者可以创建邀请", nil)`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`}`

			`// Set status to pending`
			`e.Record.Set("status", "pending")`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00
			`return nil`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`})`

fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`app.OnRecordAfterCreateRequest("invitations").Add(func(e *core.RecordCreateEvent) error {`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`// Send real-time notification to the invited user`
			`message := map[string]interface{}{`
			`"action": "invitation",`
			`"data": map[string]interface{}{`
			`"id": e.Record.Id,`
			`"group": e.Record.GetString("group"),`
			`"invited_by": e.Record.GetString("invited_by"),`
			`"status": e.Record.GetString("status"),`
			`"created": e.Record.Created.Time(),`
			`},`
			`}`

			`// Broadcast to the invited user's channel`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`if err := app.Subscriptions().Broadcast("invitations", message); err != nil {`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`log.Printf("Error broadcasting invitation: %v", err)`
			`}`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00
			`return nil`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`})`

			`// Real-time subscription rules`
fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`app.OnRecordAfterAuthWithTokenRequest().Add(func(e *core.RecordAuthEvent) error {`
			`// Subscribe to invitations channel and user's groups channel`
			`app.Subscriptions().Subscribe(e.HttpContext.Response(), []string{`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`"invitations",`
			`"groups:" + e.Record.Id,`
			`"team_sessions",`
			`})`

fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`return nil`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`})`

fix: use proper PocketBase hook patterns 2026-04-17 14:17:54 +08:00			`if err := app.Start(); err != nil {`
			`log.Fatal(err)`
			`}`
feat: add API rules and hooks 2026-04-17 14:16:56 +08:00			`}`