| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677 |
- const API = require("../../../lib/API");
- const db = require("../../../plugin/DataBase/db");
- const AccessControl = require("../../../lib/AccessControl");
- const { BaseStdResponse } = require("../../../BaseStdResponse");
- // 发布/修改文章
- class PostArticle extends API {
- constructor() {
- super()
- this.setPath('/Admin/Article')
- this.setMethod('POST')
- }
- async onRequest(req, res) {
- let {
- uuid,
- session,
- id,
- title,
- cover,
- describe,
- content,
- type,
- state
- } = req.body
- if ([uuid, session, title, cover, content, type].some(value => value === '' || value === null || value === undefined))
- return res.json({
- ...BaseStdResponse.MISSING_PARAMETER
- })
- // 检查 session
- if (!await AccessControl.checkSession(uuid, session))
- return res.status(401).json({
- ...BaseStdResponse.ACCESS_DENIED
- })
- // 检查权限
- let permission = await AccessControl.getPermission(uuid)
- if (!permission.includes("admin") && !permission.includes("article"))
- return res.json({
- ...BaseStdResponse.PERMISSION_DENIED
- })
- const time = new Date().getTime()
- let sql, r
- if (!id) {
- sql = 'INSERT INTO article (title, cover, time, content, author, state, \`describe\`, type) VALUES (?, ?, ?, ?, ?, ?, ?, ?)'
- r = await db.query(sql, [title, cover, time, content, uuid, state, describe, type])
- } else {
- sql = 'UPDATE article SET title = ?, cover = ?, content = ?, state = ?, \`describe\` = ?, type = ? WHERE id = ?'
- r = await db.query(sql, [title, cover, content, state, describe, type, id])
- }
- try {
- if (r && r.affectedRows > 0) {
- res.json({
- ...BaseStdResponse.OK,
- id: r.insertId
- })
- } else {
- res.json({ ...BaseStdResponse.ERR, endpoint: 7894378, msg: '发表文章失败!数据库错误' })
- }
- } catch (err) {
- this.logger.error(`发表文章失败!${err.stack}`)
- res.json({
- ...BaseStdResponse.ERR,
- msg: "发表文章失败!",
- });
- }
- }
- }
- module.exports.PostArticle = PostArticle;
|
