41 lines
1.3 KiB
JavaScript
41 lines
1.3 KiB
JavaScript
'use strict';
|
|
|
|
const express = require('express');
|
|
const router = express.Router();
|
|
const { getDb, getSetting, setSetting } = require('../db/database');
|
|
|
|
// Keys a regular user is allowed to read and write.
|
|
// Admin/SMTP/backup/auth settings are excluded — they are only readable through
|
|
// their respective admin endpoints and never exposed here.
|
|
const USER_SETTING_KEYS = [
|
|
'currency', 'date_format', 'grace_period_days', 'notify_days_before',
|
|
];
|
|
|
|
// GET /api/settings — returns only user-facing app preferences
|
|
router.get('/', (req, res) => {
|
|
const db = getDb();
|
|
const settings = {};
|
|
for (const key of USER_SETTING_KEYS) {
|
|
const row = db.prepare('SELECT value FROM settings WHERE key = ?').get(key);
|
|
if (row) settings[key] = row.value;
|
|
}
|
|
res.json(settings);
|
|
});
|
|
|
|
// PUT /api/settings — updates only allowed user-facing keys; silently ignores others
|
|
router.put('/', (req, res) => {
|
|
for (const [key, value] of Object.entries(req.body)) {
|
|
if (USER_SETTING_KEYS.includes(key)) setSetting(key, value);
|
|
}
|
|
|
|
const db = getDb();
|
|
const settings = {};
|
|
for (const key of USER_SETTING_KEYS) {
|
|
const row = db.prepare('SELECT value FROM settings WHERE key = ?').get(key);
|
|
if (row) settings[key] = row.value;
|
|
}
|
|
res.json(settings);
|
|
});
|
|
|
|
module.exports = router;
|