X-Git-Url: https://git.xangelo.ca/?p=rss-reader.git;a=blobdiff_plain;f=src%2Fserver.ts;h=e9915d3947216e6188c5ba58ff4c6c84a85c919b;hp=7add8509c2cbeb6b322eef587862f09fe159d502;hb=HEAD;hpb=200808f1fc03c8669968a77074bc6051d3bf663b

diff --git a/src/server.ts b/src/server.ts
index 7add850..e9915d3 100644
--- a/src/server.ts
+++ b/src/server.ts
@@ -108,9 +108,7 @@ apiPost('/login', {auth: false}, async (req, res): Promise<any> => {
 
   // this should actually just email the link and return some text 
   // about what a great person you are.
-  return {
-    login: login_link
-  }
+  return `Your login code has been emailed to you.`;
 });
 
 apiGet('/app', {auth: false}, async (req, res) => {
@@ -159,7 +157,12 @@ apiGet('/app', {auth: false}, async (req, res) => {
   return;
 
 }, data => {
-  return data.html.replace(/{ACCOUNT_ID}/g, data.account_id);
+  if(data) {
+    return data.html.replace(/{ACCOUNT_ID}/g, data.account_id);
+  }
+  else {
+    return data;
+  }
 });
 
 apiPost('/accounts/:account_id/feeds', {auth: true}, async (req, res): Promise<any> => {
@@ -304,10 +307,14 @@ apiGet('/accounts/:account_id/feeds/:feed_id/items/:item_id',{auth: true},  asyn
   `;
 });
 
-apiDelete('/feeds/:feed_id',{auth: true},  async (req, res) => {
-  const id = req.params.feed_id;
+apiDelete('/accounts/:account_id/feeds/:feed_id',{auth: true},  async (req, res) => {
+  const { feed_id, account_id } = req.params;
+  if(!query.isFeedOwnedBy(account_id, feed_id)) {
+    throw new Error('Invalid feed');
+  }
 
-  query.deleteFeed.run(id);
+  query.deleteFeed.run(feed_id);
+  console.log(`Deleting feed ${feed_id}`);
   res.setHeader('HX-Trigger', 'newFeed');
   return;
 });