Fix news notification system
[vchess.git] / server / routes / news.js
CommitLineData
604b951e
BA
1let router = require("express").Router();
2const access = require("../utils/access");
3const NewsModel = require("../models/News");
4const sanitizeHtml = require('sanitize-html');
866842c3 5const devs = [1]; //hard-coded list of developers IDs, allowed to post news
604b951e 6
866842c3
BA
7router.post("/news", access.logged, access.ajax, (req,res) => {
8 if (devs.includes(req.userId))
9 {
10 const content = sanitizeHtml(req.body.news.content);
11 NewsModel.create(content, req.userId, (err,ret) => {
d9a7a1e4 12 res.json(err || { id: ret.nid });
866842c3
BA
13 });
14 }
604b951e
BA
15});
16
866842c3
BA
17router.get("/news", access.ajax, (req,res) => {
18 const cursor = req.query["cursor"];
d9a7a1e4 19 if (cursor.match(/^[0-9]+$/)) {
866842c3 20 NewsModel.getNext(cursor, (err,newsList) => {
d9a7a1e4 21 res.json(err || { newsList: newsList });
866842c3
BA
22 });
23 }
604b951e
BA
24});
25
d9a7a1e4
BA
26router.get("/newsts", access.ajax, (req,res) => {
27 // Special query for footer: just return timestamp of last news
28 NewsModel.getTimestamp((err,ts) => {
29 res.json(err || { timestamp: ts.added });
30 });
31});
32
604b951e 33router.put("/news", access.logged, access.ajax, (req,res) => {
604b951e 34 let news = req.body.news;
d9a7a1e4 35 if (devs.includes(req.userId) && news.id.toString().match(/^[0-9]+$/)) {
866842c3
BA
36 news.content = sanitizeHtml(news.content);
37 NewsModel.update(news);
38 res.json({});
39 }
604b951e
BA
40});
41
42router.delete("/news", access.logged, access.ajax, (req,res) => {
604b951e 43 const nid = req.query.id;
d9a7a1e4 44 if (devs.includes(req.userId) && nid.toString().match(/^[0-9]+$/)) {
866842c3
BA
45 NewsModel.remove(nid);
46 res.json({});
47 }
604b951e
BA
48});
49
50module.exports = router;