-// AJAX methods to get, create, update or delete a problem
-
let router = require("express").Router();
const access = require("../utils/access");
+const params = require("../config/parameters");
const NewsModel = require("../models/News");
const sanitizeHtml = require('sanitize-html');
-const devs = [1]; //hard-coded list of developers, allowed to post news
-router.get("/news", (req,res) => {
+router.post("/news", access.logged, access.ajax, (req,res) => {
+ if (params.devs.includes(req.userId)) {
+ const content = sanitizeHtml(req.body.news.content);
+ NewsModel.create(content, req.userId, (err, ret) => {
+ res.json(err || ret);
+ });
+ }
+});
+
+router.get("/news", access.ajax, (req,res) => {
const cursor = req.query["cursor"];
- if (!cursor.match(/^[0-9]+$/))
- return res.json({errmsg: "Bad cursor value"});
- NewsModel.getNext(cursor, (err,newsList) => {
- res.json(err || {newsList:newsList});
- });
+ if (!!cursor && !!cursor.match(/^[0-9]+$/)) {
+ NewsModel.getNext(cursor, (err, newsList) => {
+ res.json(err || { newsList: newsList });
+ });
+ }
});
-router.post("/news", access.logged, access.ajax, (req,res) => {
- if (!devs.includes(req.userId))
- return res.json({errmsg: "Not allowed to post"});
- const content = sanitizeHtml(req.body.news.content);
- NewsModel.create(content, req.userId, (err,ret) => {
- return res.json(err || {id:ret.nid});
+router.get("/newsts", access.ajax, (req,res) => {
+ // Special query for footer: just return timestamp of last news
+ NewsModel.getTimestamp((err, ts) => {
+ res.json(err || { timestamp: !!ts ? ts.added : 0 });
});
});
router.put("/news", access.logged, access.ajax, (req,res) => {
- if (!devs.includes(req.userId))
- return res.json({errmsg: "Not allowed to edit"});
let news = req.body.news;
- if (!news.id.toString().match(/^[0-9]+$/))
- res.json({errmsg: "Bad news ID"});
- news.content = sanitizeHtml(news.content);
- NewsModel.update(news, (err) => {
- res.json(err || {});
- });
+ if (
+ params.devs.includes(req.userId) &&
+ news.id.toString().match(/^[0-9]+$/)
+ ) {
+ news.content = sanitizeHtml(news.content);
+ NewsModel.update(news);
+ res.json({});
+ }
});
router.delete("/news", access.logged, access.ajax, (req,res) => {
- if (!devs.includes(req.userId))
- return res.json({errmsg: "Not allowed to delete"});
const nid = req.query.id;
- if (!nid.toString().match(/^[0-9]+$/))
- res.json({errmsg: "Bad news ID"});
- NewsModel.remove(nid, err => {
- res.json(err || {});
- });
+ if (
+ params.devs.includes(req.userId) &&
+ nid.toString().match(/^[0-9]+$/)
+ ) {
+ NewsModel.remove(nid);
+ res.json({});
+ }
});
module.exports = router;