5142c0e542
* initial commit
* delete comment
* env name fix
* Update README.md
* remove hapi-boom
* use next-image
* fix alt attr
* date fix for blog posts
* reset gitignore
* fix react best-practices
* prettier
* mdx to md
* fix prettier config. lint 👍
* Update examples/blog-with-comment/components/comment/list.js
Co-authored-by: Lee Robinson <me@leerob.io>
* refactor api methods
* fix: blog title
* fix: html lang
* next-mdx to gray-matter
Co-authored-by: Noah Fischer <78238464+noahfschr@users.noreply.github.com>
Co-authored-by: Lee Robinson <me@leerob.io>
Co-authored-by: Enes Akar <enesakar@gmail.com>
32 lines
894 B
JavaScript
32 lines
894 B
JavaScript
import redis from './redis'
|
|
import getUser from './getUser'
|
|
|
|
export default async function deleteComments(req, res) {
|
|
const { url, comment } = req.body
|
|
const { authorization } = req.headers
|
|
|
|
if (!url || !comment || !authorization) {
|
|
return res.status(400).json({ message: 'Missing parameter.' })
|
|
}
|
|
|
|
try {
|
|
// verify user token
|
|
const user = await getUser(authorization)
|
|
if (!user) return res.status(400).json({ message: 'Invalid token.' })
|
|
comment.user.email = user.email
|
|
|
|
const isAdmin = process.env.NEXT_PUBLIC_AUTH0_ADMIN_EMAIL === user.email
|
|
const isAuthor = user.sub === comment.user.sub
|
|
|
|
if (!isAdmin && !isAuthor) {
|
|
return res.status(400).json({ message: 'Need authorization.' })
|
|
}
|
|
|
|
// delete
|
|
await redis.lrem(url, 0, JSON.stringify(comment))
|
|
|
|
return res.status(200).json()
|
|
} catch (err) {
|
|
return res.status(400)
|
|
}
|
|
}
|