add auth to form actions

This commit is contained in:
Akis 2023-01-05 22:48:20 +02:00
parent a95b761ce4
commit 061961e26f
Signed by untrusted user: akis
GPG Key ID: 267BF5C6677944ED

View File

@ -4,43 +4,52 @@ import { fail } from "@sveltejs/kit";
import db from "$lib/db"; import db from "$lib/db";
export const actions: Actions = { export const actions: Actions = {
add: async ({ request }) => { add: async ({ request, locals }) => {
const Announcements = db.model("Announcements"); if (!await locals.getSession()) {
return fail(401, { addError: true, addMessage: "You must be logged in to post an announcement." });
const formData = await request.formData();
const BodyTypeSchema = Joi.object({
title: Joi.string().required(),
severity: Joi.string().required(),
author: Joi.string().required(),
link: Joi.string().optional().allow("")
});
if (BodyTypeSchema.validate(Object.fromEntries(formData.entries())).error) {
return fail(400, { addError: true, addMessage: String(BodyTypeSchema.validate(Object.fromEntries(formData.entries())).error) });
} else { } else {
const now = Math.floor(Date.now() / 1000); const Announcements = db.model("Announcements");
const data = {
...Object.fromEntries(formData.entries()), const formData = await request.formData();
created: now
}; const BodyTypeSchema = Joi.object({
title: Joi.string().required(),
severity: Joi.string().required(),
author: Joi.string().required(),
link: Joi.string().optional().allow("")
});
if (BodyTypeSchema.validate(Object.fromEntries(formData.entries())).error) {
return fail(400, { addError: true, addMessage: String(BodyTypeSchema.validate(Object.fromEntries(formData.entries())).error) });
} else {
const now = Math.floor(Date.now() / 1000);
const data = {
...Object.fromEntries(formData.entries()),
created: now
};
await Announcements.sync();
await Announcements.destroy({ where: {} });
await Announcements.create(data);
return { addSuccess: true, addMessage: "Your announcement has been posted." };
}
}
},
delete: async ({ locals }) => {
if (!await locals.getSession()) {
return fail(401, { deleteError: true, deleteMessage: "You must be logged in to delete an announcement." });
} else {
const Announcements = db.model("Announcements");
await Announcements.sync(); await Announcements.sync();
await Announcements.destroy({ where: {} }); await Announcements.destroy({ where: {} });
await Announcements.create(data); return { deleteSuccess: true, deleteMessage: "Your announcement has been deleted." };
return { addSuccess: true, addMessage: "Your announcement has been posted." };
} }
},
delete: async () => {
const Announcements = db.model("Announcements");
await Announcements.sync();
await Announcements.destroy({ where: {} });
return { deleteSuccess: true, deleteMessage: "Your announcement has been deleted." };
} }
} }