[vchess.git] / server / routes / news.js

// AJAX methods to get, create, update or delete a problem

let router = require("express").Router();
const access = require("../utils/access");
const NewsModel = require("../models/News");
const sanitizeHtml = require('sanitize-html');
const devs = [1]; //hard-coded list of developers, allowed to post news

router.get("/news", (req,res) => {
  const cursor = req.query["cursor"];
  if (!cursor.match(/^[0-9]+$/))
    return res.json({errmsg: "Bad cursor value"});
  NewsModel.getNext(cursor, (err,newsList) => {
    res.json(err || {newsList:newsList});
  });
});

router.post("/news", access.logged, access.ajax, (req,res) => {
  if (!devs.includes(req.userId))
    return res.json({errmsg: "Not allowed to post"});
  const content = sanitizeHtml(req.body.news.content);
  NewsModel.create(content, req.userId, (err,ret) => {
    return res.json(err || {id:ret.nid});
  });
});

router.put("/news", access.logged, access.ajax, (req,res) => {
  if (!devs.includes(req.userId))
    return res.json({errmsg: "Not allowed to edit"});
  let news = req.body.news;
  if (!news.id.toString().match(/^[0-9]+$/))
    res.json({errmsg: "Bad news ID"});
  news.content = sanitizeHtml(news.content);
  NewsModel.update(news, (err) => {
    res.json(err || {});
  });
});

router.delete("/news", access.logged, access.ajax, (req,res) => {
  if (!devs.includes(req.userId))
    return res.json({errmsg: "Not allowed to delete"});
  const nid = req.query.id;
  if (!nid.toString().match(/^[0-9]+$/))
    res.json({errmsg: "Bad news ID"});
  NewsModel.remove(nid, err => {
    res.json(err || {});
  });
});

module.exports = router;
Commit	Line	Data
604b951e BA	1	// AJAX methods to get, create, update or delete a problem
	2
	3	let router = require("express").Router();
	4	const access = require("../utils/access");
	5	const NewsModel = require("../models/News");
	6	const sanitizeHtml = require('sanitize-html');
	7	const devs = [1]; //hard-coded list of developers, allowed to post news
	8
	9	router.get("/news", (req,res) => {
	10	const cursor = req.query["cursor"];
	11	if (!cursor.match(/^[0-9]+$/))
	12	return res.json({errmsg: "Bad cursor value"});
	13	NewsModel.getNext(cursor, (err,newsList) => {
	14	res.json(err \|\| {newsList:newsList});
	15	});
	16	});
	17
	18	router.post("/news", access.logged, access.ajax, (req,res) => {
	19	if (!devs.includes(req.userId))
	20	return res.json({errmsg: "Not allowed to post"});
	21	const content = sanitizeHtml(req.body.news.content);
	22	NewsModel.create(content, req.userId, (err,ret) => {
8eb8e9b2	23	return res.json(err \|\| {id:ret.nid});
604b951e BA	24	});
	25	});
	26
	27	router.put("/news", access.logged, access.ajax, (req,res) => {
	28	if (!devs.includes(req.userId))
	29	return res.json({errmsg: "Not allowed to edit"});
	30	let news = req.body.news;
	31	if (!news.id.toString().match(/^[0-9]+$/))
	32	res.json({errmsg: "Bad news ID"});
	33	news.content = sanitizeHtml(news.content);
	34	NewsModel.update(news, (err) => {
	35	res.json(err \|\| {});
	36	});
	37	});
	38
	39	router.delete("/news", access.logged, access.ajax, (req,res) => {
	40	if (!devs.includes(req.userId))
	41	return res.json({errmsg: "Not allowed to delete"});
	42	const nid = req.query.id;
	43	if (!nid.toString().match(/^[0-9]+$/))
	44	res.json({errmsg: "Bad news ID"});
	45	NewsModel.remove(nid, err => {
	46	res.json(err \|\| {});
	47	});
	48	});
	49
	50	module.exports = router;