split/monofile
1
0
Fork 0
mirror of https://github.com/mollersuite/monofile.git synced 2024-11-25 07:06:25 -08:00
Code Issues Actions Packages Projects Releases 1 Wiki Activity

token-permissions: update middleware further

Browse source
This commit is contained in:
May 2023-10-02 18:27:48 -07:00
parent a04cc9a376
commit fad320d7fb
1 changed files with 26 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
src/server/lib/middleware.ts
View file

@ -32,15 +32,13 @@ export const requiresAdmin: RequestHandler = function(_req, res, next) {
next() next()
} }
export namespace apiBlockers { /**
/**
* @description Blocks requests based on the permissions which a token has. Does not apply to routes being accessed with a token of type `User` * @description Blocks requests based on the permissions which a token has. Does not apply to routes being accessed with a token of type `User`
* @param tokenPermissions Permissions which your route requires. * @param tokenPermissions Permissions which your route requires.
* @returns Express middleware * @returns Express middleware
*/ */
export const requiresPermissions = function(...tokenPermissions: auth.TokenPermission[]): RequestHandler { export const requiresPermissions = function(...tokenPermissions: auth.TokenPermission[]): RequestHandler {
return function(req, res, next) { return function(req, res, next) {
let token = tokenFor(req) let token = tokenFor(req)
let type = auth.getType(token) let type = auth.getType(token)
@ -62,15 +60,13 @@ export namespace apiBlockers {
} }
} else next() } else next()
} }
} }
/** /**
* @description Blocks requests based on whether or not the token being used to access the route is of type `User`. * @description Blocks requests based on whether or not the token being used to access the route is of type `User`.
*/ */
export const noAPIAccess: RequestHandler = function(req, res, next) { export const noAPIAccess: RequestHandler = function(req, res, next) {
if (auth.getType(tokenFor(req)) == "App") ServeError(res, 403, "apps are not allowed to access this endpoint") if (auth.getType(tokenFor(req)) == "App") ServeError(res, 403, "apps are not allowed to access this endpoint")
else next() else next()
}
} }