| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 |
- Websites.allow({
- insert: function (userId, doc) {
- // Ensure sane arguments.
- check(doc, {
- url: String,
- title: String,
- description: String
- });
- // Reject anonymous inserts.
- if (!userId) {
- throw new Meteor.Error("logged-out", "User must be logged in to post a site.");
- // return false;
- }
- // Reject non-new inserts.
- const url = doc.url;
- if (Websites.findOne({ url })) {
- throw new Meteor.Error("duplicate", "User may only post new sites.");
- // return false;
- }
- // Reject wrong-looking URLs
- // TODO: find a validation package usable server-side.
- // The popular themeteorchef:jquery-validation appears to be client-only.
- // For now using a very limited check.
- const URL_BOGO_REGEX = /^https?:\/\/.+$/;
- if (!URL_BOGO_REGEX.test(doc.url)) {
- throw new Meteor.Error("bad-url", "Users may only post http(s) URLs.");
- // return false;
- }
- // Reject empty titles and descriptions.
- if (doc.title === "") {
- throw new Meteor.Error("empty-title", "Title may not be empty");
- // return false;
- }
- if (doc.description === "") {
- throw new Meteor.Error("empty-description", "Description may not be empty");
- // return false;
- }
- return true;
- }
- });
|
