harheimertc/.output/server/chunks/routes/api/news.post.mjs

import { d as defineEventHandler, g as getCookie, c as createError, r as readBody } from '../../nitro/nitro.mjs';
import { b as verifyToken, e as getUserById } from '../../_/auth.mjs';
import { s as saveNews } from '../../_/news.mjs';
import 'node:http';
import 'node:https';
import 'node:events';
import 'node:buffer';
import 'node:fs';
import 'node:path';
import 'node:crypto';
import 'node:url';
import 'bcryptjs';
import 'jsonwebtoken';
import 'fs';
import 'path';
import '../../_/encryption.mjs';
import 'crypto';

const news_post = defineEventHandler(async (event) => {
  try {
    const token = getCookie(event, "auth_token");
    if (!token) {
      throw createError({
        statusCode: 401,
        message: "Nicht authentifiziert."
      });
    }
    const decoded = verifyToken(token);
    if (!decoded) {
      throw createError({
        statusCode: 401,
        message: "Ung\xFCltiges Token."
      });
    }
    const user = await getUserById(decoded.id);
    if (!user || user.role !== "admin" && user.role !== "vorstand") {
      throw createError({
        statusCode: 403,
        message: "Keine Berechtigung zum Erstellen/Bearbeiten von News."
      });
    }
    const body = await readBody(event);
    const { id, title, content, isPublic, expiresAt, isHidden } = body;
    if (!title || !content) {
      throw createError({
        statusCode: 400,
        message: "Titel und Inhalt sind erforderlich."
      });
    }
    await saveNews({
      id: id || void 0,
      title,
      content,
      isPublic: isPublic || false,
      expiresAt: expiresAt || void 0,
      isHidden: isHidden || false,
      author: user.name
    });
    return {
      success: true,
      message: "News erfolgreich gespeichert."
    };
  } catch (error) {
    console.error("Fehler beim Speichern der News:", error);
    throw error;
  }
});

export { news_post as default };
//# sourceMappingURL=news.post.mjs.map