token-permissions: update middleware further

2024-10-06 12:06:26 -07:00 · 2023-10-02 18:27:48 -07:00 · 2023-10-02 18:27:48 -07:00 · fad320d7fb
parent a04cc9a376
commit fad320d7fb
1 changed files with 26 additions and 30 deletions
--- a/src/server/lib/middleware.ts
+++ b/src/server/lib/middleware.ts
@ -32,45 +32,41 @@ export const requiresAdmin: RequestHandler = function(_req, res, next) {
    next()
 }

-export namespace apiBlockers {
-
-    /**
+/**
     * @description Blocks requests based on the permissions which a token has. Does not apply to routes being accessed with a token of type `User`
     * @param tokenPermissions Permissions which your route requires.
     * @returns Express middleware
     */

-    export const requiresPermissions = function(...tokenPermissions: auth.TokenPermission[]): RequestHandler {
-        return function(req, res, next) {
-            let token = tokenFor(req)
-            let type = auth.getType(token)
+export const requiresPermissions = function(...tokenPermissions: auth.TokenPermission[]): RequestHandler {
+    return function(req, res, next) {
+        let token = tokenFor(req)
+        let type = auth.getType(token)
+        
+        if (type == "App") {
+            let permissions = auth.getPermissions(token)
            
-            if (type == "App") {
-                let permissions = auth.getPermissions(token)
+            if (!permissions) ServeError(res, 403, "insufficient permissions")
+            else {
+
+                for (let v in tokenPermissions) 
+                    if (!permissions.includes(v as auth.TokenPermission)) {
+                        ServeError(res,403,"insufficient permissions")
+                        return
+                    }
                
-                if (!permissions) ServeError(res, 403, "insufficient permissions")
-                else {
+                next()

-                    for (let v in tokenPermissions) 
-                        if (!permissions.includes(v as auth.TokenPermission)) {
-                            ServeError(res,403,"insufficient permissions")
-                            return
-                        }
-                    
-                    next()
-
-                }
-            } else next()
-        }
+            }
+        } else next()
    }
+}

-    /**
-     * @description Blocks requests based on whether or not the token being used to access the route is of type `User`.  
-     */
-
-    export const noAPIAccess: RequestHandler = function(req, res, next) {
-        if (auth.getType(tokenFor(req)) == "App") ServeError(res, 403, "apps are not allowed to access this endpoint")
-        else next()
-    }
+/**
+ * @description Blocks requests based on whether or not the token being used to access the route is of type `User`.  
+ */

+export const noAPIAccess: RequestHandler = function(req, res, next) {
+    if (auth.getType(tokenFor(req)) == "App") ServeError(res, 403, "apps are not allowed to access this endpoint")
+    else next()
 }