1 // AJAX methods to get, create, update or delete a problem
3 let router
= require("express").Router();
4 const access
= require("../utils/access");
5 const NewsModel
= require("../models/News");
6 const sanitizeHtml
= require('sanitize-html');
7 const devs
= [1]; //hard-coded list of developers, allowed to post news
9 router
.get("/news", (req
,res
) => {
10 const cursor
= req
.query
["cursor"];
11 if (!cursor
.match(/^[0-9]+$/))
12 return res
.json({errmsg: "Bad cursor value"});
13 NewsModel
.getNext(cursor
, (err
,newsList
) => {
14 res
.json(err
|| {newsList:newsList
});
18 router
.post("/news", access
.logged
, access
.ajax
, (req
,res
) => {
19 if (!devs
.includes(req
.userId
))
20 return res
.json({errmsg: "Not allowed to post"});
21 const content
= sanitizeHtml(req
.body
.news
.content
);
22 NewsModel
.create(content
, req
.userId
, (err
,ret
) => {
23 return res
.json(err
|| {nid:ret
.nid
});
27 router
.put("/news", access
.logged
, access
.ajax
, (req
,res
) => {
28 if (!devs
.includes(req
.userId
))
29 return res
.json({errmsg: "Not allowed to edit"});
30 let news
= req
.body
.news
;
31 if (!news
.id
.toString().match(/^[0-9]+$/))
32 res
.json({errmsg: "Bad news ID"});
33 news
.content
= sanitizeHtml(news
.content
);
34 NewsModel
.update(news
, (err
) => {
39 router
.delete("/news", access
.logged
, access
.ajax
, (req
,res
) => {
40 if (!devs
.includes(req
.userId
))
41 return res
.json({errmsg: "Not allowed to delete"});
42 const nid
= req
.query
.id
;
43 if (!nid
.toString().match(/^[0-9]+$/))
44 res
.json({errmsg: "Bad news ID"});
45 NewsModel
.remove(nid
, err
=> {
50 module
.exports
= router
;