68 lines
1.7 KiB
JavaScript
68 lines
1.7 KiB
JavaScript
import jwt from "jsonwebtoken";
|
|
import Update from "../../models/update.js";
|
|
import { connectDB } from "../../utils/mongoose.js";
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
await connectDB();
|
|
|
|
const token = getCookie(event, "auth-token");
|
|
|
|
if (!token) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
statusMessage: "Not authenticated",
|
|
});
|
|
}
|
|
|
|
let memberId;
|
|
try {
|
|
const decoded = jwt.verify(token, process.env.JWT_SECRET);
|
|
memberId = decoded.memberId;
|
|
} catch (err) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
statusMessage: "Invalid or expired token",
|
|
});
|
|
}
|
|
|
|
const id = getRouterParam(event, "id");
|
|
const body = await readBody(event);
|
|
|
|
try {
|
|
const update = await Update.findById(id);
|
|
|
|
if (!update) {
|
|
throw createError({
|
|
statusCode: 404,
|
|
statusMessage: "Update not found",
|
|
});
|
|
}
|
|
|
|
// Check if user is the author
|
|
if (update.author.toString() !== memberId) {
|
|
throw createError({
|
|
statusCode: 403,
|
|
statusMessage: "You can only edit your own updates",
|
|
});
|
|
}
|
|
|
|
// Update allowed fields
|
|
if (body.content !== undefined) update.content = body.content;
|
|
if (body.images !== undefined) update.images = body.images;
|
|
if (body.privacy !== undefined) update.privacy = body.privacy;
|
|
if (body.commentsEnabled !== undefined)
|
|
update.commentsEnabled = body.commentsEnabled;
|
|
|
|
await update.save();
|
|
await update.populate("author", "name avatar");
|
|
|
|
return update;
|
|
} catch (error) {
|
|
if (error.statusCode) throw error;
|
|
console.error("Update edit error:", error);
|
|
throw createError({
|
|
statusCode: 500,
|
|
statusMessage: "Failed to update",
|
|
});
|
|
}
|
|
});
|