X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=server%2Froutes%2Fusers.js;h=fc29730cf0df686ee3cefcbb11001ca0414b7573;hb=5c026d9a2c5546aa5b0d6882ae54cdb7bb36bdeb;hp=11966754573d0687f6753fbcf51dbb88c54c940c;hpb=f0c68a04e31bb6a4b2f8b94a532ef3ca2eebbe3e;p=vchess.git

diff --git a/server/routes/users.js b/server/routes/users.js
index 11966754..fc29730c 100644
--- a/server/routes/users.js
+++ b/server/routes/users.js
@@ -34,16 +34,23 @@ router.post('/register', access.unlogged, access.ajax, (req,res) => {
 });
 
 // NOTE: this method is safe because the sessionToken must be guessed
-router.get("/whoami", (req,res) => {
+router.get("/whoami", access.ajax, (req,res) => {
   const callback = (user) => {
     res.json({
       name: user.name,
       email: user.email,
       id: user.id,
       notify: user.notify,
+      newsRead: user.newsRead
     });
   };
-  const anonymous = {name:"", email:"", id:0, notify:false};
+  const anonymous = {
+    name: "",
+    email: "",
+    id: 0,
+    notify: false,
+    newsRead: 0
+  };
   if (!req.cookies.token)
     callback(anonymous);
   else if (req.cookies.token.match(/^[a-z0-9]+$/))
@@ -81,6 +88,12 @@ router.put('/update', access.logged, access.ajax, (req,res) => {
   }
 });
 
+// Special route to update newsRead timestamp:
+router.put('/newsread', access.logged, access.ajax, (req,res) => {
+  UserModel.setNewsRead(req.userId);
+  res.json({});
+});
+
 // Authentication-related methods:
 
 // to: object user (to who we send an email)
@@ -90,7 +103,7 @@ function setAndSendLoginToken(subject, to, res)
   const token = genToken(params.token.length);
   UserModel.setLoginToken(token, to.id);
   const body =
-    "Hello " + to.name + "!" + `
+    "Hello " + to.name + " !" + `
 ` +
     "Access your account here: " +
     params.siteURL + "/#/authenticate/" + token + `