server/routes/news.js

   1 let router = require("express").Router();
   2 const access = require("../utils/access");
   3 const params = require("../config/parameters");
   4 const NewsModel = require("../models/News");
   5 const sanitizeHtml = require('sanitize-html');
   6
   7 router.post("/news", access.logged, access.ajax, (req,res) => {
   8   if (params.devs.includes(req.userId)) {
   9     const content = sanitizeHtml(req.body.news.content);
  10     NewsModel.create(content, req.userId, (err, ret) => {
  11       res.json(err || ret);
  12     });
  13   }
  14 });
  15
  16 router.get("/news", access.ajax, (req,res) => {
  17   const cursor = req.query["cursor"];
  18   if (!!cursor && !!cursor.match(/^[0-9]+$/)) {
  19     NewsModel.getNext(cursor, (err, newsList) => {
  20       res.json(err || { newsList: newsList });
  21     });
  22   }
  23 });
  24
  25 router.get("/newsts", access.ajax, (req,res) => {
  26   // Special query for footer: just return timestamp of last news
  27   NewsModel.getTimestamp((err, ts) => {
  28     res.json(err || { timestamp: !!ts ? ts.added : 0 });
  29   });
  30 });
  31
  32 router.put("/news", access.logged, access.ajax, (req,res) => {
  33   let news = req.body.news;
  34   if (
  35     params.devs.includes(req.userId) &&
  36     news.id.toString().match(/^[0-9]+$/)
  37   ) {
  38     news.content = sanitizeHtml(news.content);
  39     NewsModel.update(news);
  40     res.json({});
  41   }
  42 });
  43
  44 router.delete("/news", access.logged, access.ajax, (req,res) => {
  45   const nid = req.query.id;
  46   if (
  47     params.devs.includes(req.userId) &&
  48     nid.toString().match(/^[0-9]+$/)
  49   ) {
  50     NewsModel.remove(nid);
  51     res.json({});
  52   }
  53 });
  54
  55 module.exports = router;