-router.post("/news", access.logged, access.ajax, (req,res) => {
- if (!devs.includes(req.userId))
- return res.json({errmsg: "Not allowed to post"});
- const content = sanitizeHtml(req.body.news.content);
- NewsModel.create(content, req.userId, (err,ret) => {
- return res.json(err || {nid:ret.nid});
- });
+router.get("/news", access.ajax, (req,res) => {
+ const cursor = req.query["cursor"];
+ if (cursor.match(/^[0-9]+$/))
+ {
+ NewsModel.getNext(cursor, (err,newsList) => {
+ res.json(err || {newsList:newsList});
+ });
+ }