import san from "sanitize-html"; import { messages } from "@server/constants"; import { log } from "@server/logger"; import { isLoggedIn } from "@server/middlewareButNotReally"; import { Review } from "@models/stories/review"; import { IUser } from "@models/user"; export default eventHandler(async (ev) => { isLoggedIn(ev); const revid = parseInt(getRouterParam(ev, "revid")!); let c = await Review.findById(revid); if (!c) { throw createError({ statusCode: 404, message: messages[404], }); } log.silly(`${ev.context.currentUser!._id!} || ${c.author}`, { label: "what the fuck", }); if ((c?.author as IUser)?._id != ev.context.currentUser?._id) { throw createError({ message: messages[403], statusCode: 403, }); } const body = await readBody(ev); await Review.findByIdAndUpdate(revid, { $set: { text: san(body.content), }, }); return { success: true, data: await Review.findById(revid) .populate("author", "username profile _id") .exec(), }; });