gamegroup2/backend/pb_hooks/main.go

package main

import (
	"log"

	"github.com/pocketbase/pocketbase"
	"github.com/pocketbase/pocketbase/apis"
	"github.com/pocketbase/pocketbase/core"
)

// isGroupMember checks if a user is a member of a group
func isGroupMember(app *pocketbase.PocketBase, groupId string, userId string) (bool, error) {
	group, err := app.Dao().FindRecordById("groups", groupId)
	if err != nil {
		return false, err
	}

	members := group.GetStringSlice("members")
	for _, member := range members {
		if member == userId {
			return true, nil
		}
	}
	return false, nil
}

// isGroupOwner checks if a user is the owner of a group
func isGroupOwner(app *pocketbase.PocketBase, groupId string, userId string) (bool, error) {
	group, err := app.Dao().FindRecordById("groups", groupId)
	if err != nil {
		return false, err
	}
	return group.GetString("owner") == userId, nil
}

func main() {
	app := pocketbase.New()

	// Groups API Rules
	app.OnRecordBeforeCreateRequest("groups").Add(func(e *core.RecordCreateEvent) error {
		authRecord, _ := e.HttpContext.AuthRecord()
		if authRecord == nil {
			return apis.NewForbiddenError("需要登录", nil)
		}

		// Set the owner to the current user
		e.Record.Set("owner", authRecord.Id)
		// Initialize members array with the owner
		e.Record.Set("members", []string{authRecord.Id})

		return nil
	})

	app.OnRecordBeforeUpdateRequest("groups").Add(func(e *core.RecordUpdateEvent) error {
		authRecord, _ := e.HttpContext.AuthRecord()
		if authRecord == nil {
			return apis.NewForbiddenError("需要登录", nil)
		}

		// Only owner can update the group
		isOwner, err := isGroupOwner(app, e.Record.Id, authRecord.Id)
		if err != nil || !isOwner {
			return apis.NewForbiddenError("只有群组所有者可以更新群组", nil)
		}

		return nil
	})

	app.OnRecordBeforeDeleteRequest("groups").Add(func(e *core.RecordDeleteEvent) error {
		authRecord, _ := e.HttpContext.AuthRecord()
		if authRecord == nil {
			return apis.NewForbiddenError("需要登录", nil)
		}

		// Only owner can delete the group
		isOwner, err := isGroupOwner(app, e.Record.Id, authRecord.Id)
		if err != nil || !isOwner {
			return apis.NewForbiddenError("只有群组所有者可以删除群组", nil)
		}

		return nil
	})

	// Team Sessions API Rules
	app.OnRecordBeforeCreateRequest("team_sessions").Add(func(e *core.RecordCreateEvent) error {
		authRecord, _ := e.HttpContext.AuthRecord()
		if authRecord == nil {
			return apis.NewForbiddenError("需要登录", nil)
		}

		groupId := e.Record.GetString("group")

		// Check if user is a member of the group
		isMember, err := isGroupMember(app, groupId, authRecord.Id)
		if err != nil || !isMember {
			return apis.NewForbiddenError("只有群组成员可以创建团队会话", nil)
		}

		return nil
	})

	// Invitations API Rules
	app.OnRecordBeforeCreateRequest("invitations").Add(func(e *core.RecordCreateEvent) error {
		authRecord, _ := e.HttpContext.AuthRecord()
		if authRecord == nil {
			return apis.NewForbiddenError("需要登录", nil)
		}

		groupId := e.Record.GetString("group")

		// Only group owner can create invitations
		isOwner, err := isGroupOwner(app, groupId, authRecord.Id)
		if err != nil || !isOwner {
			return apis.NewForbiddenError("只有群组所有者可以创建邀请", nil)
		}

		// Set status to pending
		e.Record.Set("status", "pending")

		return nil
	})

	app.OnRecordAfterCreateRequest("invitations").Add(func(e *core.RecordCreateEvent) error {
		// Send real-time notification to the invited user
		message := map[string]interface{}{
			"action": "invitation",
			"data": map[string]interface{}{
				"id":         e.Record.Id,
				"group":      e.Record.GetString("group"),
				"invited_by": e.Record.GetString("invited_by"),
				"status":     e.Record.GetString("status"),
				"created":    e.Record.Created.Time(),
			},
		}

		// Broadcast to the invited user's channel
		if err := app.Subscriptions().Broadcast("invitations", message); err != nil {
			log.Printf("Error broadcasting invitation: %v", err)
		}

		return nil
	})

	// Real-time subscription rules
	app.OnRecordAfterAuthWithTokenRequest().Add(func(e *core.RecordAuthEvent) error {
		// Subscribe to invitations channel and user's groups channel
		app.Subscriptions().Subscribe(e.HttpContext.Response(), []string{
			"invitations",
			"groups:" + e.Record.Id,
			"team_sessions",
		})

		return nil
	})

	if err := app.Start(); err != nil {
		log.Fatal(err)
	}
}