dbd6d382fffc3192d0750a254cb41246e12b975c
[vchess.git] / server / routes / news.js
1 // AJAX methods to get, create, update or delete a problem
2
3 let router = require("express").Router();
4 const access = require("../utils/access");
5 const NewsModel = require("../models/News");
6 const sanitizeHtml = require('sanitize-html');
7 const devs = [1]; //hard-coded list of developers, allowed to post news
8
9 router.get("/news", (req,res) => {
10 const cursor = req.query["cursor"];
11 if (!cursor.match(/^[0-9]+$/))
12 return res.json({errmsg: "Bad cursor value"});
13 NewsModel.getNext(cursor, (err,newsList) => {
14 res.json(err || {newsList:newsList});
15 });
16 });
17
18 router.post("/news", access.logged, access.ajax, (req,res) => {
19 if (!devs.includes(req.userId))
20 return res.json({errmsg: "Not allowed to post"});
21 const content = sanitizeHtml(req.body.news.content);
22 NewsModel.create(content, req.userId, (err,ret) => {
23 return res.json(err || {id:ret.nid});
24 });
25 });
26
27 router.put("/news", access.logged, access.ajax, (req,res) => {
28 if (!devs.includes(req.userId))
29 return res.json({errmsg: "Not allowed to edit"});
30 let news = req.body.news;
31 if (!news.id.toString().match(/^[0-9]+$/))
32 res.json({errmsg: "Bad news ID"});
33 news.content = sanitizeHtml(news.content);
34 NewsModel.update(news, (err) => {
35 res.json(err || {});
36 });
37 });
38
39 router.delete("/news", access.logged, access.ajax, (req,res) => {
40 if (!devs.includes(req.userId))
41 return res.json({errmsg: "Not allowed to delete"});
42 const nid = req.query.id;
43 if (!nid.toString().match(/^[0-9]+$/))
44 res.json({errmsg: "Bad news ID"});
45 NewsModel.remove(nid, err => {
46 res.json(err || {});
47 });
48 });
49
50 module.exports = router;