[vchess.git] / server / routes / news.js

let router = require("express").Router();
const access = require("../utils/access");
const NewsModel = require("../models/News");
const sanitizeHtml = require('sanitize-html');
const devs = [1]; //hard-coded list of developers IDs, allowed to post news

router.post("/news", access.logged, access.ajax, (req,res) => {
  if (devs.includes(req.userId)) {
    const content = sanitizeHtml(req.body.news.content);
    NewsModel.create(content, req.userId, (err, ret) => {
      res.json(err || ret);
    });
  }
});

router.get("/news", access.ajax, (req,res) => {
  const cursor = req.query["cursor"];
  if (!!cursor.match(/^[0-9]+$/)) {
    NewsModel.getNext(cursor, (err, newsList) => {
      res.json(err || { newsList: newsList });
    });
  }
});

router.get("/newsts", access.ajax, (req,res) => {
  // Special query for footer: just return timestamp of last news
  NewsModel.getTimestamp((err,ts) => {
    res.json(err || { timestamp: ts.added });
  });
});

router.put("/news", access.logged, access.ajax, (req,res) => {
  let news = req.body.news;
  if (devs.includes(req.userId) && news.id.toString().match(/^[0-9]+$/)) {
    news.content = sanitizeHtml(news.content);
    NewsModel.update(news);
    res.json({});
  }
});

router.delete("/news", access.logged, access.ajax, (req,res) => {
  const nid = req.query.id;
  if (devs.includes(req.userId) && nid.toString().match(/^[0-9]+$/)) {
    NewsModel.remove(nid);
    res.json({});
  }
});

module.exports = router;
Commit	Line	Data
604b951e BA	1	let router = require("express").Router();
	2	const access = require("../utils/access");
	3	const NewsModel = require("../models/News");
	4	const sanitizeHtml = require('sanitize-html');
866842c3	5	const devs = [1]; //hard-coded list of developers IDs, allowed to post news
604b951e	6
866842c3	7	router.post("/news", access.logged, access.ajax, (req,res) => {
0234201f	8	if (devs.includes(req.userId)) {
866842c3	9	const content = sanitizeHtml(req.body.news.content);
0234201f BA	10	NewsModel.create(content, req.userId, (err, ret) => {
0234201f BA	11	res.json(err \|\| ret);
866842c3 BA	12	});
866842c3 BA	13	}
604b951e BA	14	});
604b951e BA	15
866842c3 BA	16	router.get("/news", access.ajax, (req,res) => {
866842c3 BA	17	const cursor = req.query["cursor"];
0234201f BA	18	if (!!cursor.match(/^[0-9]+$/)) {
0234201f BA	19	NewsModel.getNext(cursor, (err, newsList) => {
d9a7a1e4	20	res.json(err \|\| { newsList: newsList });
866842c3 BA	21	});
866842c3 BA	22	}
604b951e BA	23	});
604b951e BA	24
d9a7a1e4 BA	25	router.get("/newsts", access.ajax, (req,res) => {
	26	// Special query for footer: just return timestamp of last news
	27	NewsModel.getTimestamp((err,ts) => {
	28	res.json(err \|\| { timestamp: ts.added });
	29	});
	30	});
	31
604b951e	32	router.put("/news", access.logged, access.ajax, (req,res) => {
604b951e	33	let news = req.body.news;
d9a7a1e4	34	if (devs.includes(req.userId) && news.id.toString().match(/^[0-9]+$/)) {
866842c3 BA	35	news.content = sanitizeHtml(news.content);
	36	NewsModel.update(news);
	37	res.json({});
	38	}
604b951e BA	39	});
	40
	41	router.delete("/news", access.logged, access.ajax, (req,res) => {
604b951e	42	const nid = req.query.id;
d9a7a1e4	43	if (devs.includes(req.userId) && nid.toString().match(/^[0-9]+$/)) {
866842c3 BA	44	NewsModel.remove(nid);
	45	res.json({});
	46	}
604b951e BA	47	});
	48
	49	module.exports = router;