[vchess.git] / server / routes / news.js

let router = require("express").Router();
const access = require("../utils/access");
const NewsModel = require("../models/News");
const sanitizeHtml = require('sanitize-html');
const devs = [1]; //hard-coded list of developers IDs, allowed to post news

router.post("/news", access.logged, access.ajax, (req,res) => {
  if (devs.includes(req.userId))
  {
    const content = sanitizeHtml(req.body.news.content);
    NewsModel.create(content, req.userId, (err,ret) => {
      res.json(err || {id:ret.nid});
    });
  }
});

router.get("/news", access.ajax, (req,res) => {
  const cursor = req.query["cursor"];
  if (cursor.match(/^[0-9]+$/))
  {
    NewsModel.getNext(cursor, (err,newsList) => {
      res.json(err || {newsList:newsList});
    });
  }
});

router.put("/news", access.logged, access.ajax, (req,res) => {
  let news = req.body.news;
  if (devs.includes(req.userId) && news.id.toString().match(/^[0-9]+$/))
  {
    news.content = sanitizeHtml(news.content);
    NewsModel.update(news);
    res.json({});
  }
});

router.delete("/news", access.logged, access.ajax, (req,res) => {
  const nid = req.query.id;
  if (devs.includes(req.userId) && nid.toString().match(/^[0-9]+$/))
  {
    NewsModel.remove(nid);
    res.json({});
  }
});

module.exports = router;
Commit	Line	Data
604b951e BA	1	let router = require("express").Router();
	2	const access = require("../utils/access");
	3	const NewsModel = require("../models/News");
	4	const sanitizeHtml = require('sanitize-html');
866842c3	5	const devs = [1]; //hard-coded list of developers IDs, allowed to post news
604b951e	6
866842c3 BA	7	router.post("/news", access.logged, access.ajax, (req,res) => {
	8	if (devs.includes(req.userId))
	9	{
	10	const content = sanitizeHtml(req.body.news.content);
	11	NewsModel.create(content, req.userId, (err,ret) => {
	12	res.json(err \|\| {id:ret.nid});
	13	});
	14	}
604b951e BA	15	});
604b951e BA	16
866842c3 BA	17	router.get("/news", access.ajax, (req,res) => {
	18	const cursor = req.query["cursor"];
	19	if (cursor.match(/^[0-9]+$/))
	20	{
	21	NewsModel.getNext(cursor, (err,newsList) => {
	22	res.json(err \|\| {newsList:newsList});
	23	});
	24	}
604b951e BA	25	});
	26
	27	router.put("/news", access.logged, access.ajax, (req,res) => {
604b951e	28	let news = req.body.news;
866842c3 BA	29	if (devs.includes(req.userId) && news.id.toString().match(/^[0-9]+$/))
	30	{
	31	news.content = sanitizeHtml(news.content);
	32	NewsModel.update(news);
	33	res.json({});
	34	}
604b951e BA	35	});
	36
	37	router.delete("/news", access.logged, access.ajax, (req,res) => {
604b951e	38	const nid = req.query.id;
866842c3 BA	39	if (devs.includes(req.userId) && nid.toString().match(/^[0-9]+$/))
	40	{
	41	NewsModel.remove(nid);
	42	res.json({});
	43	}
604b951e BA	44	});
	45
	46	module.exports = router;