add ability to delete feed that belongs to a user

[rss-reader.git] / src / server.ts

diff --git a/src/server.ts b/src/server.ts
index e4c2db75e0ac20826f948cacde1433b3b7002162..e9915d3947216e6188c5ba58ff4c6c84a85c919b 100644 (file)
--- a/src/server.ts
+++ b/src/server.ts
@@ -108,9 +108,7 @@ apiPost('/login', {auth: false}, async (req, res): Promise<any> => {
 
   // this should actually just email the link and return some text 
   // about what a great person you are.
-  return {
-    login: login_link
-  }
+  return `Your login code has been emailed to you.`;
 });
 
 apiGet('/app', {auth: false}, async (req, res) => {
@@ -309,10 +307,14 @@ apiGet('/accounts/:account_id/feeds/:feed_id/items/:item_id',{auth: true},  asyn
   `;
 });
 
-apiDelete('/feeds/:feed_id',{auth: true},  async (req, res) => {
-  const id = req.params.feed_id;
+apiDelete('/accounts/:account_id/feeds/:feed_id',{auth: true},  async (req, res) => {
+  const { feed_id, account_id } = req.params;
+  if(!query.isFeedOwnedBy(account_id, feed_id)) {
+    throw new Error('Invalid feed');
+  }
 
-  query.deleteFeed.run(id);
+  query.deleteFeed.run(feed_id);
+  console.log(`Deleting feed ${feed_id}`);
   res.setHeader('HX-Trigger', 'newFeed');
   return;
 });