torsten/harheimertc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
30674c1f492c9de733e86a26a1173708155a1926
harheimertc/server/api/news.delete.js
Torsten Schulz (local) ed2d184d5c Use query params instead of body for DELETE request
2025-10-21 15:09:32 +02:00

57 lines
1.2 KiB
JavaScript
Raw Blame History

import { verifyToken, getUserById } from '../utils/auth.js'
import { deleteNews } from '../utils/news.js'
export default defineEventHandler(async (event) => {
try {
const token = getCookie(event, 'auth_token')
if (!token) {
throw createError({
statusCode: 401,
message: 'Nicht authentifiziert.'
})
}
const decoded = verifyToken(token)
if (!decoded) {
throw createError({
statusCode: 401,
message: 'Ungültiges Token.'
})
}
const user = await getUserById(decoded.id)
// Only admin and vorstand can delete news
if (!user || (user.role !== 'admin' && user.role !== 'vorstand')) {
throw createError({
statusCode: 403,
message: 'Keine Berechtigung zum Löschen von News.'
})
}
// Get ID from query params for DELETE requests
const query = getQuery(event)
const id = query.id
if (!id) {
throw createError({
statusCode: 400,
message: 'News-ID ist erforderlich.'
})
}
await deleteNews(id)
return {
success: true,
message: 'News erfolgreich gelöscht.'
}
} catch (error) {
console.error('Fehler beim Löschen der News:', error)
throw error
}
})
Reference in New Issue View Git Blame Copy Permalink