// this should actually just email the link and return some text
// about what a great person you are.
- return {
- login: login_link
- }
+ return `Your login code has been emailed to you.`;
});
apiGet('/app', {auth: false}, async (req, res) => {
return;
}, data => {
- return data.html.replace(/{ACCOUNT_ID}/g, data.account_id);
+ if(data) {
+ return data.html.replace(/{ACCOUNT_ID}/g, data.account_id);
+ }
+ else {
+ return data;
+ }
});
apiPost('/accounts/:account_id/feeds', {auth: true}, async (req, res): Promise<any> => {
`;
});
-apiDelete('/feeds/:feed_id',{auth: true}, async (req, res) => {
- const id = req.params.feed_id;
+apiDelete('/accounts/:account_id/feeds/:feed_id',{auth: true}, async (req, res) => {
+ const { feed_id, account_id } = req.params;
+ if(!query.isFeedOwnedBy(account_id, feed_id)) {
+ throw new Error('Invalid feed');
+ }
- query.deleteFeed.run(id);
+ query.deleteFeed.run(feed_id);
+ console.log(`Deleting feed ${feed_id}`);
res.setHeader('HX-Trigger', 'newFeed');
return;
});