mirror of
https://github.com/mollersuite/monofile.git
synced 2024-11-25 15:06:26 -08:00
api-v1: add new middleware function
This commit is contained in:
parent
ab617461fa
commit
01fe79d050
|
@ -1,4 +1,4 @@
|
|||
import * as Accounts from "./accounts";
|
||||
import { Account } from "./accounts";
|
||||
import express, { type RequestHandler } from "express"
|
||||
import ServeError from "../lib/errors";
|
||||
import * as auth from "./auth";
|
||||
|
@ -70,4 +70,17 @@ export const requiresPermissions = function(...tokenPermissions: auth.TokenPermi
|
|||
export const noAPIAccess: RequestHandler = function(req, res, next) {
|
||||
if (auth.getType(auth.tokenFor(req)) == "App") ServeError(res, 403, "apps are not allowed to access this endpoint")
|
||||
else next()
|
||||
|
||||
/**
|
||||
* @description Blocks requests based on whether or not the token being used to access the route is of type `User` unless a condition is met.
|
||||
* @param tokenPermissions Permissions which your route requires.
|
||||
* @returns Express middleware
|
||||
*/
|
||||
|
||||
export const noAPIAccessIf = function(condition: (acc:Account, token:string) => boolean):RequestHandler {
|
||||
return function(req, res, next) {
|
||||
let reqToken = auth.tokenFor(req)
|
||||
if (auth.getType(reqToken) == "App" && !condition(res.locals.acc, reqToken)) ServeError(res, 403, "apps are not allowed to access this endpoint")
|
||||
else next()
|
||||
}
|
||||
}}
|
Loading…
Reference in a new issue