torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add internal news system with role-based write permissions

Browse Source
This commit is contained in:
Torsten Schulz (local)
2025-10-21 14:47:00 +02:00
parent d21c96de07
commit cf2855be83
6 changed files with 526 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
server/api/news.delete.js Normal file
View File

@@ -0,0 +1,55 @@
import { verifyToken, getUserById } from '../utils/auth.js'
import { deleteNews } from '../utils/news.js'
export default defineEventHandler(async (event) => {
try {
const token = getCookie(event, 'auth_token')
if (!token) {
throw createError({
statusCode: 401,
message: 'Nicht authentifiziert.'
})
}
const decoded = verifyToken(token)
if (!decoded) {
throw createError({
statusCode: 401,
message: 'Ungültiges Token.'
})
}
const user = await getUserById(decoded.id)
// Only admin and vorstand can delete news
if (!user || (user.role !== 'admin' && user.role !== 'vorstand')) {
throw createError({
statusCode: 403,
message: 'Keine Berechtigung zum Löschen von News.'
})
}
const body = await readBody(event)
const { id } = body
if (!id) {
throw createError({
statusCode: 400,
message: 'News-ID ist erforderlich.'
})
}
await deleteNews(id)
return {
success: true,
message: 'News erfolgreich gelöscht.'
}
} catch (error) {
console.error('Fehler beim Löschen der News:', error)
throw error
}
})

38
server/api/news.get.js Normal file
View File

@@ -0,0 +1,38 @@
import { verifyToken } from '../utils/auth.js'
import { readNews } from '../utils/news.js'
export default defineEventHandler(async (event) => {
try {
const token = getCookie(event, 'auth_token')
if (!token) {
throw createError({
statusCode: 401,
message: 'Nicht authentifiziert.'
})
}
const decoded = verifyToken(token)
if (!decoded) {
throw createError({
statusCode: 401,
message: 'Ungültiges Token.'
})
}
const news = await readNews()
// Sort by created date, newest first
news.sort((a, b) => new Date(b.created) - new Date(a.created))
return {
success: true,
news
}
} catch (error) {
console.error('Fehler beim Abrufen der News:', error)
throw error
}
})

60
server/api/news.post.js Normal file
View File

@@ -0,0 +1,60 @@
import { verifyToken, getUserById } from '../utils/auth.js'
import { saveNews } from '../utils/news.js'
export default defineEventHandler(async (event) => {
try {
const token = getCookie(event, 'auth_token')
if (!token) {
throw createError({
statusCode: 401,
message: 'Nicht authentifiziert.'
})
}
const decoded = verifyToken(token)
if (!decoded) {
throw createError({
statusCode: 401,
message: 'Ungültiges Token.'
})
}
const user = await getUserById(decoded.id)
// Only admin and vorstand can create/edit news
if (!user || (user.role !== 'admin' && user.role !== 'vorstand')) {
throw createError({
statusCode: 403,
message: 'Keine Berechtigung zum Erstellen/Bearbeiten von News.'
})
}
const body = await readBody(event)
const { id, title, content } = body
if (!title || !content) {
throw createError({
statusCode: 400,
message: 'Titel und Inhalt sind erforderlich.'
})
}
await saveNews({
id: id || undefined,
title,
content,
author: user.name
})
return {
success: true,
message: 'News erfolgreich gespeichert.'
}
} catch (error) {
console.error('Fehler beim Speichern der News:', error)
throw error
}
})

11
server/data/news.json Normal file
View File

@@ -0,0 +1,11 @@
[
{
"id": "n1",
"title": "Willkommen im Mitgliederbereich",
"content": "Hier finden Sie ab sofort alle internen Neuigkeiten und Ankündigungen des Harheimer TC.",
"author": "Vorstand",
"created": "2025-01-15T10:00:00.000Z",
"updated": "2025-01-15T10:00:00.000Z"
}
]

88
server/utils/news.js Normal file
View File

@@ -0,0 +1,88 @@
import { promises as fs } from 'fs'
import path from 'path'
// Handle both dev and production paths
const getDataPath = (filename) => {
const cwd = process.cwd()
// In production (.output/server), working dir is .output
if (cwd.endsWith('.output')) {
return path.join(cwd, '../server/data', filename)
}
// In development, working dir is project root
return path.join(cwd, 'server/data', filename)
}
const NEWS_FILE = getDataPath('news.json')
// Read news from file
export async function readNews() {
try {
const data = await fs.readFile(NEWS_FILE, 'utf-8')
return JSON.parse(data)
} catch (error) {
if (error.code === 'ENOENT') {
return []
}
console.error('Fehler beim Lesen der News:', error)
return []
}
}
// Write news to file
export async function writeNews(news) {
try {
await fs.writeFile(NEWS_FILE, JSON.stringify(news, null, 2), 'utf-8')
return true
} catch (error) {
console.error('Fehler beim Schreiben der News:', error)
return false
}
}
// Get news by ID
export async function getNewsById(id) {
const news = await readNews()
return news.find(n => n.id === id)
}
// Add or update news
export async function saveNews(newsData) {
const newsList = await readNews()
if (newsData.id) {
// Update existing
const index = newsList.findIndex(n => n.id === newsData.id)
if (index !== -1) {
newsList[index] = {
...newsList[index],
...newsData,
updated: new Date().toISOString()
}
} else {
throw new Error('News nicht gefunden')
}
} else {
// Add new
const newItem = {
id: `n${Date.now()}`,
...newsData,
created: new Date().toISOString(),
updated: new Date().toISOString()
}
newsList.unshift(newItem) // Add to beginning
}
await writeNews(newsList)
return true
}
// Delete news
export async function deleteNews(id) {
const newsList = await readNews()
const filtered = newsList.filter(n => n.id !== id)
await writeNews(filtered)
return true
}