35 lines
825 B
TypeScript
35 lines
825 B
TypeScript
import san from "sanitize-html";
|
|
import { messages } from "~/lib/server/constants";
|
|
import isLoggedIn from "~/lib/server/middlewareButNotReally/isLoggedIn";
|
|
import { Review } from "~/models/stories/review";
|
|
|
|
export default eventHandler(async (ev) => {
|
|
isLoggedIn(ev);
|
|
const revid = parseInt(getRouterParam(ev, "revid")!);
|
|
let c = await Review.findById(revid);
|
|
if (!c) {
|
|
throw createError({
|
|
statusCode: 404,
|
|
message: messages[404],
|
|
});
|
|
}
|
|
if (c?.author != ev.context.currentUser?._id) {
|
|
throw createError({
|
|
message: messages[403],
|
|
statusCode: 403,
|
|
});
|
|
}
|
|
const body = await readBody(ev);
|
|
await Review.findByIdAndUpdate(revid, {
|
|
$set: {
|
|
text: san(body.content),
|
|
},
|
|
});
|
|
return {
|
|
success: true,
|
|
data: await Review.findById(revid)
|
|
.populate("author", "username _id")
|
|
.exec(),
|
|
};
|
|
});
|