feat: add comment deletion functionality with user authentication

Author: Faralha

components/Comments/container.vue

@@ -1,8 +1,8 @@
 <template>
-  <div class="flex flex-col gap-2 bg-accented h-[20rem]">
+  <div class="flex flex-col gap-2 bg-accented h-[25rem]">
 
-    <!-- TEXTBOX -->
-    <div class="p-3 flex flex-col flex-shrink-0 w-full">
+    <!-- COMMENT INPUT -->
+    <div class="p-3 flex-shrink-0 w-full">
       <div v-if="isLoggedIn == true" class="flex flex-col w-full items-end gap-2">
         <UTextarea class="flex-1 w-full" v-model="newComment" placeholder="Add a comment..." />
         <UButton @click="submitComment">Submit</UButton>
@@ -13,23 +13,34 @@
       </div>
     </div>
 
+    <USeparator class="h-1 opacity-50 px-[2rem]" color="primary" />
 
-    <div v-if="pending">
-      <p>Loading comments...</p>
-    </div>
+    <!-- COMMENTS CONTAINER -->
+    <div class="overflow-y-auto flex-1">
+      <div v-if="pending">
+        <p>Loading comments...</p>
+      </div>
 
-    <!-- COMMENTS -->
-    <div v-else v-if="comments" v-for="data in comments" :key="data.id" class="p-3 flex items-start gap-2">
-      <UAvatar size="2xl" :src="data.user_avatar" />
-      <div class="flex flex-col">
-        <p class="text-sm text-current/80">@{{ data.username }}</p>
-        <p class="text-xs text-current/50 mb-1">{{ new Date(data.date_added).toLocaleDateString() }}</p>
-        <p>{{ data.comment }}</p>
+      <div v-else v-if="comments" v-for="data in comments" :key="data.id"
+        class="p-3 flex items-start justify-between gap-2">
+        <div class="flex items-start gap-2 flex-1">
+          <UAvatar size="2xl" :src="data.user_avatar" icon="i-lucide-circle-user-round"
+            class="outline outline-old-neutral-500 rounded-xl overflow-hidden" />
+          <div class="flex flex-col">
+            <p class="text-md text-current font-semibold">{{ data.username }}</p>
+            <p class="text-xs text-current/50 mb-1">{{ new Date(data.date_added).toLocaleDateString() }}</p>
+            <p>{{ data.comment }}</p>
+          </div>
+        </div>
+
+        <!-- Delete Button -->
+        <UButton v-if="user?.id === data.user_id.toString()" icon="i-lucide-trash" variant="ghost" color="neutral" size="sm"
+          @click="deleteComment(data.id)" />
       </div>
-    </div>
 
-    <div v-if="!comments || comments.length === 0" class="p-3 text-center text-current/50">
-      No comments yet. Be the first to comment!
+      <div v-if="!comments || comments.length === 0" class="p-3 text-center text-current/50">
+        No comments yet. Be the first to comment!
+      </div>
     </div>
   </div>
 </template>
@@ -39,6 +50,7 @@ import { useAuthStore } from '~/stores/auth';
 
 const authStore = useAuthStore();
 const isLoggedIn = computed(() => authStore.isLoggedIn);
+const user = computed(() => authStore.user);
 const isLoading = ref(false);
 const toast = useToast();
 const props = defineProps({
@@ -115,7 +127,7 @@ async function submitComment() {
     newComment.value = '';
     // Fetch updated comments
     await refresh();
-    
+
     toast.add({
       title: 'Success',
       description: 'Comment added successfully.',
@@ -134,6 +146,43 @@ async function submitComment() {
   }
 }
 
+// Delete Comment function
+async function deleteComment(commentId: number) {
+  if (!isLoggedIn.value) {
+    toast.add({
+      title: 'Error',
+      description: 'You must be logged in to delete comments.',
+      color: 'error',
+      duration: 3000
+    });
+    return;
+  }
+
+  try {
+    await $fetch(`/api/manga/${manga_id}/${chapter_id ? chapter_id + '/' : ''}comments/${commentId}`, {
+      method: 'DELETE'
+    });
+
+    // Refresh comments after deletion
+    await refresh();
+
+    toast.add({
+      title: 'Success',
+      description: 'Comment deleted successfully.',
+      color: 'success',
+      duration: 3000
+    });
+  } catch (error) {
+    console.error('Failed to delete comment:', error);
+    toast.add({
+      title: 'Error',
+      description: 'Failed to delete comment.',
+      color: 'error',
+      duration: 5000
+    });
+  }
+}
+
 onMounted(() => {
 })
 </script>

pages/manga/[id]/index.vue

@@ -117,7 +117,7 @@
 
     <!-- COMMENTS -->
     <p class="text-xl font-semibold mt-5">Comments</p>
-    <div class="max-h-[20rem] overflow-y-scroll rounded-md">
+    <div class="rounded-md">
       <CommentsContainer :manga_id="manga_id" />
     </div>
   </div>

public/assets/css/main.css

@@ -1,6 +1,10 @@
 @import "tailwindcss";
 @import "@nuxt/ui";
 
+.bg-accented {
+  @apply dark:bg-zinc-800
+}
+
 .container {
   width: 100%; /* Default 100% lebar */
   padding-left: 15px; /* Padding default untuk mobile */

…ID]/[chapterID]/comments/index.delete.ts …hapterID]/comments/[commentID].delete.tsserver/api/manga/[mangaID]/[chapterID]/comments/index.delete.ts renamed to server/api/manga/[mangaID]/[chapterID]/comments/[commentID].delete.ts server/api/manga/[mangaID]/[chapterID]/comments/index.delete.ts renamed to server/api/manga/[mangaID]/[chapterID]/comments/[commentID].delete.ts

@@ -3,6 +3,7 @@
  * @description Deletes a specific comment. This endpoint requires the user to be authenticated.
  * A user can only delete their own comments.
  *
+ * @param {string} commentID - The ID of the comment to delete.
  * @param {string} mangaID - The ID of the manga (used for URL structure, not in logic).
  * @param {string} chapterID - The ID of the chapter (used for URL structure, not in logic).
  *
@@ -48,11 +49,10 @@ export default defineEventHandler(async (event) => {
     });
   }
 
-  // 2. Read comment ID from request body
-  const body = await readBody(event);
-  const { commentId } = body;
+  // 2. Read comment ID from params
+  let commentID = getRouterParam(event, 'commentID')
 
-  if (!commentId) {
+  if (!commentID) {
     throw createError({
       statusCode: 400,
       message: "Comment ID is required in the request body.",
@@ -64,7 +64,7 @@ export default defineEventHandler(async (event) => {
     const result = await db.query(
       `DELETE FROM chapter_comments
        WHERE id = $1 AND user_ID = $2`,
-      [commentId, userID]
+      [commentID, userID]
     );
 
     // Check if any row was actually deleted

server/api/manga/[mangaID]/comments/[commentID].delete.ts

@@ -0,0 +1,93 @@
+/**
+ * @summary Delete a user's comment.
+ * @description Deletes a specific comment. This endpoint requires the user to be authenticated.
+ * A user can only delete their own comments.
+ *
+ * @param {string} commentID - The ID of the comment to delete.
+ * @param {string} mangaID - The ID of the manga (used for URL structure, not in logic).
+ *
+ * @body {{ commentId: number }} - The request body must be a JSON object containing the ID of the comment to be deleted.
+ *
+ * @returns {200, { message: string }} - On success, returns a confirmation message.
+ * @returns {400} - If the commentId is missing from the request body.
+ * @returns {401} - If the user is not authenticated or the token is invalid.
+ * @returns {403} - If the user tries to delete a comment that does not exist or does not belong to them.
+ * @returns {500} - For any other server-side errors.
+ */
+
+import jwt from "jsonwebtoken";
+import { db } from "~/server/utils/db";
+
+export default defineEventHandler(async (event) => {
+  // 1. Get User ID from JWT token (Authentication)
+  const token = getCookie(event, "auth-token");
+  if (!token) {
+    throw createError({
+      statusCode: 401,
+      message: "Authentication token is required",
+    });
+  }
+
+  let userID: string;
+  try {
+    const JWT_SECRET = process.env.JWT_SECRET;
+    if (!JWT_SECRET) {
+      throw new Error("Server configuration error: JWT_SECRET is not set.");
+    }
+    const decoded = jwt.verify(token, JWT_SECRET);
+    if (typeof decoded === "object" && decoded !== null && "id" in decoded) {
+      userID = (decoded as jwt.JwtPayload).id;
+    } else {
+      throw new Error("Invalid token payload.");
+    }
+  } catch (error) {
+    console.error("JWT verification failed:", error);
+    throw createError({
+      statusCode: 401,
+      message: "Invalid or expired authentication token",
+    });
+  }
+
+  // 2. Read comment ID from params
+  let commentID = getRouterParam(event, 'commentID')
+
+  if (!commentID) {
+    throw createError({
+      statusCode: 400,
+      message: "Comment ID is required in the request body.",
+    });
+  }
+
+  // 3. Delete from database, ensuring the user owns the comment
+  try {
+    const result = await db.query(
+      `DELETE FROM manga_comments
+       WHERE id = $1 AND user_ID = $2`,
+      [commentID, userID]
+    );
+
+    // Check if any row was actually deleted
+    if (result.rowCount === 0) {
+      // This happens if the comment doesn't exist OR the user doesn't own it.
+      // For security, we don't tell the user which one it is.
+      throw createError({
+        statusCode: 403, // Forbidden
+        message: "Comment not found or you do not have permission to delete it.",
+      });
+    }
+
+    return {
+      message: "Comment deleted successfully",
+    };
+  } catch (error: any) {
+    // Re-throw specific errors, otherwise throw a generic 500
+    if (error.statusCode) {
+      throw error;
+    }
+    console.error("Error deleting comment:", error);
+    throw createError({
+      statusCode: 500,
+      message: "An unexpected error occurred while deleting the comment.",
+    });
+  }
+});