71 lines
1.8 KiB
TypeScript
71 lines
1.8 KiB
TypeScript
import { getSessionUsername } from '~/server/utils/auth'
|
|
import { getDatabase, getUserByUsername } from '~/server/utils/database'
|
|
|
|
export default defineEventHandler(async (event) => {
|
|
// Check authentication
|
|
const username = await getSessionUsername(event)
|
|
|
|
if (!username) {
|
|
throw createError({
|
|
statusCode: 401,
|
|
message: 'Unauthorized'
|
|
})
|
|
}
|
|
|
|
// Check admin role
|
|
const user = getUserByUsername(username)
|
|
|
|
if (!user || user.is_admin !== 1) {
|
|
throw createError({
|
|
statusCode: 403,
|
|
message: 'Forbidden - Admin access required'
|
|
})
|
|
}
|
|
|
|
const id = getRouterParam(event, 'id')
|
|
|
|
if (!id) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: 'Sermon ID is required'
|
|
})
|
|
}
|
|
|
|
const body = await readBody(event)
|
|
const { slug, title, date, dates, bible_references, personal_appliance, pastors_challenge, worship_songs } = body
|
|
|
|
if (!slug || !title || !date || !bible_references || !personal_appliance || !pastors_challenge) {
|
|
throw createError({
|
|
statusCode: 400,
|
|
message: 'All fields are required'
|
|
})
|
|
}
|
|
|
|
try {
|
|
const db = getDatabase()
|
|
const result = db.prepare(`
|
|
UPDATE sermons
|
|
SET slug = ?, title = ?, date = ?, dates = ?, bible_references = ?,
|
|
personal_appliance = ?, pastors_challenge = ?, worship_songs = ?
|
|
WHERE id = ?
|
|
`).run(slug, title, date, dates || null, bible_references, personal_appliance, pastors_challenge, worship_songs || null, parseInt(id))
|
|
|
|
if (result.changes === 0) {
|
|
throw createError({
|
|
statusCode: 404,
|
|
message: 'Sermon not found'
|
|
})
|
|
}
|
|
|
|
return {
|
|
success: true,
|
|
message: 'Sermon updated successfully'
|
|
}
|
|
} catch (error: any) {
|
|
throw createError({
|
|
statusCode: 500,
|
|
message: error.message || 'Failed to update sermon'
|
|
})
|
|
}
|
|
})
|