Added row level security to alert tables. Added alerts to user query.

src/alerts.js

@@ -1,16 +1,48 @@
 'use strict';
 
 const knex = require('./knex');
+const { HttpError } = require('./errors');
 
-async function addAlert(alert, user) {
-	console.log(alert);
-	const alertId = await knex('alerts').insert({
-		user_id: user.id,
-		notify: alert.notify,
-		email: alert.notify,
-	});
+async function addAlert(alert, sessionUser) {
+	if (!sessionUser) {
+		throw new HttpError('You are not authenthicated', 401);
+	}
 
-	console.log(alertId);
+	if (!alert.actors?.length > 0 && !alert.tags?.length > 0 && !alert.entity) {
+		throw new HttpError('Alert must contain at least one actor, tag or entity', 400);
+	}
+
+	const [alertId] = await knex('alerts')
+		.insert({
+			user_id: sessionUser.id,
+			notify: alert.notify,
+			email: alert.email,
+		})
+		.returning('id');
+
+	await Promise.all([
+		alert.actors?.length > 0 && knex('alerts_actors')
+			.insert(alert.actors.map(actorId => ({
+				alert_id: alertId,
+				actor_id: actorId,
+			}))),
+		alert.tags?.length > 0 && knex('alerts_tags')
+			.insert(alert.tags.map(tagId => ({
+				alert_id: alertId,
+				tag_id: tagId,
+			}))),
+		alert.stashes?.length > 0 && knex('alerts_stashes')
+			.insert(alert.stashes.map(stashId => ({
+				alert_id: alertId,
+				stash_id: stashId,
+			}))),
+		alert.entity && knex('alerts_entities').insert({
+			alert_id: alertId,
+			entity_id: alert.entity,
+		}),
+	]);
+
+	return alertId;
 }
 
 async function removeAlert(alertId) {

src/web/alerts.js

@@ -3,9 +3,9 @@
 const { addAlert, removeAlert } = require('../alerts');
 
 async function addAlertApi(req, res) {
-	const alert = await addAlert(req.body, req.session.user);
+	const alertId = await addAlert(req.body, req.session.user);
 
-	res.send(alert);
+	res.send({ id: alertId });
 }
 
 async function removeAlertApi(req, res) {