[vchess.git] / server / routes / news.js

let router = require("express").Router();
const access = require("../utils/access");
const params = require("../config/parameters");
const NewsModel = require("../models/News");
const sanitizeHtml = require('sanitize-html');

router.post("/news", access.logged, access.ajax, (req,res) => {
  if (params.devs.includes(req.userId)) {
    const content = sanitizeHtml(req.body.news.content);
    NewsModel.create(content, req.userId, (err, ret) => {
      res.json(err || ret);
    });
  }
});

router.get("/news", access.ajax, (req,res) => {
  const cursor = req.query["cursor"];
  if (!!cursor && !!cursor.match(/^[0-9]+$/)) {
    NewsModel.getNext(cursor, (err, newsList) => {
      res.json(err || { newsList: newsList });
    });
  }
});

router.get("/newsts", access.ajax, (req,res) => {
  // Special query for footer: just return timestamp of last news
  NewsModel.getTimestamp((err, ts) => {
    res.json(err || { timestamp: !!ts ? ts.added : 0 });
  });
});

router.put("/news", access.logged, access.ajax, (req,res) => {
  let news = req.body.news;
  if (
    params.devs.includes(req.userId) &&
    news.id.toString().match(/^[0-9]+$/)
  ) {
    news.content = sanitizeHtml(news.content);
    NewsModel.update(news);
    res.json({});
  }
});

router.delete("/news", access.logged, access.ajax, (req,res) => {
  const nid = req.query.id;
  if (
    params.devs.includes(req.userId) &&
    nid.toString().match(/^[0-9]+$/)
  ) {
    NewsModel.remove(nid);
    res.json({});
  }
});

module.exports = router;
Commit	Line	Data
604b951e BA	1	let router = require("express").Router();
604b951e BA	2	const access = require("../utils/access");
a9e79351	3	const params = require("../config/parameters");
604b951e BA	4	const NewsModel = require("../models/News");
604b951e BA	5	const sanitizeHtml = require('sanitize-html');
604b951e	6
866842c3	7	router.post("/news", access.logged, access.ajax, (req,res) => {
a9e79351	8	if (params.devs.includes(req.userId)) {
866842c3	9	const content = sanitizeHtml(req.body.news.content);
0234201f BA	10	NewsModel.create(content, req.userId, (err, ret) => {
0234201f BA	11	res.json(err \|\| ret);
866842c3 BA	12	});
866842c3 BA	13	}
604b951e BA	14	});
604b951e BA	15
866842c3 BA	16	router.get("/news", access.ajax, (req,res) => {
866842c3 BA	17	const cursor = req.query["cursor"];
68e19a44	18	if (!!cursor && !!cursor.match(/^[0-9]+$/)) {
0234201f	19	NewsModel.getNext(cursor, (err, newsList) => {
d9a7a1e4	20	res.json(err \|\| { newsList: newsList });
866842c3 BA	21	});
866842c3 BA	22	}
604b951e BA	23	});
604b951e BA	24
d9a7a1e4 BA	25	router.get("/newsts", access.ajax, (req,res) => {
d9a7a1e4 BA	26	// Special query for footer: just return timestamp of last news
7c8d5dc7 BA	27	NewsModel.getTimestamp((err, ts) => {
7c8d5dc7 BA	28	res.json(err \|\| { timestamp: !!ts ? ts.added : 0 });
d9a7a1e4 BA	29	});
	30	});
	31
604b951e	32	router.put("/news", access.logged, access.ajax, (req,res) => {
604b951e	33	let news = req.body.news;
a9e79351 BA	34	if (
	35	params.devs.includes(req.userId) &&
	36	news.id.toString().match(/^[0-9]+$/)
	37	) {
866842c3 BA	38	news.content = sanitizeHtml(news.content);
	39	NewsModel.update(news);
	40	res.json({});
	41	}
604b951e BA	42	});
	43
	44	router.delete("/news", access.logged, access.ajax, (req,res) => {
604b951e	45	const nid = req.query.id;
a9e79351 BA	46	if (
	47	params.devs.includes(req.userId) &&
	48	nid.toString().match(/^[0-9]+$/)
	49	) {
866842c3 BA	50	NewsModel.remove(nid);
	51	res.json({});
	52	}
604b951e BA	53	});
	54
	55	module.exports = router;