server/routes/news.js

   1 let router = require("express").Router();
   2 const access = require("../utils/access");
   3 const NewsModel = require("../models/News");
   4 const sanitizeHtml = require('sanitize-html');
   5 const devs = [1]; //hard-coded list of developers IDs, allowed to post news
   6
   7 router.post("/news", access.logged, access.ajax, (req,res) => {
   8   if (devs.includes(req.userId))
   9   {
  10     const content = sanitizeHtml(req.body.news.content);
  11     NewsModel.create(content, req.userId, (err,ret) => {
  12       res.json(err || { id: ret.nid });
  13     });
  14   }
  15 });
  16
  17 router.get("/news", access.ajax, (req,res) => {
  18   const cursor = req.query["cursor"];
  19   if (cursor.match(/^[0-9]+$/)) {
  20     NewsModel.getNext(cursor, (err,newsList) => {
  21       res.json(err || { newsList: newsList });
  22     });
  23   }
  24 });
  25
  26 router.get("/newsts", access.ajax, (req,res) => {
  27   // Special query for footer: just return timestamp of last news
  28   NewsModel.getTimestamp((err,ts) => {
  29     res.json(err || { timestamp: ts.added });
  30   });
  31 });
  32
  33 router.put("/news", access.logged, access.ajax, (req,res) => {
  34   let news = req.body.news;
  35   if (devs.includes(req.userId) && news.id.toString().match(/^[0-9]+$/)) {
  36     news.content = sanitizeHtml(news.content);
  37     NewsModel.update(news);
  38     res.json({});
  39   }
  40 });
  41
  42 router.delete("/news", access.logged, access.ajax, (req,res) => {
  43   const nid = req.query.id;
  44   if (devs.includes(req.userId) && nid.toString().match(/^[0-9]+$/)) {
  45     NewsModel.remove(nid);
  46     res.json({});
  47   }
  48 });
  49
  50 module.exports = router;