74 lines
1.9 KiB
JavaScript
74 lines
1.9 KiB
JavaScript
import { verifyToken, getUserById, hasAnyRole } from '../utils/auth.js'
|
|
import { saveNews } from '../utils/news.js'
|
|
import { sendNewNewsPush } from '../utils/push-notifications.js'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
try {
|
|
const token = getCookie(event, 'auth_token') || getHeader(event, 'authorization')?.replace(/^Bearer\s+/i, '')
|
|
|
|
if (!token) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
message: 'Nicht authentifiziert.'
|
|
})
|
|
}
|
|
|
|
const decoded = verifyToken(token)
|
|
|
|
if (!decoded) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
message: 'Ungültiges Token.'
|
|
})
|
|
}
|
|
|
|
const user = await getUserById(decoded.id)
|
|
|
|
// Only admin and vorstand can create/edit news
|
|
if (!user || !hasAnyRole(user, 'admin', 'vorstand')) {
|
|
throw createError({
|
|
statusCode: 403,
|
|
message: 'Keine Berechtigung zum Erstellen/Bearbeiten von News.'
|
|
})
|
|
}
|
|
|
|
const body = await readBody(event)
|
|
const { id, title, content, isPublic, expiresAt, isHidden } = body
|
|
|
|
if (!title || !content) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: 'Titel und Inhalt sind erforderlich.'
|
|
})
|
|
}
|
|
|
|
const newsEntry = {
|
|
id: id || undefined,
|
|
title,
|
|
content,
|
|
isPublic: isPublic || false,
|
|
expiresAt: expiresAt || undefined,
|
|
isHidden: isHidden || false,
|
|
author: user.name
|
|
}
|
|
await saveNews(newsEntry)
|
|
if (!id && !newsEntry.isHidden) {
|
|
sendNewNewsPush(newsEntry)
|
|
.then(result => {
|
|
console.info('News-Push Ergebnis:', { newsId: newsEntry.id, ...result })
|
|
})
|
|
.catch(error => {
|
|
console.error('News-Push konnte nicht gesendet werden:', error)
|
|
})
|
|
}
|
|
|
|
return {
|
|
success: true,
|
|
message: 'News erfolgreich gespeichert.'
|
|
}
|
|
} catch (error) {
|
|
console.error('Fehler beim Speichern der News:', error)
|
|
throw error
|
|
}
|
|
})
|