token-permissions: update middleware further

This commit is contained in:
May 2023-10-02 18:27:48 -07:00
parent a04cc9a376
commit fad320d7fb

View file

@ -32,15 +32,13 @@ export const requiresAdmin: RequestHandler = function(_req, res, next) {
next()
}
export namespace apiBlockers {
/**
/**
* @description Blocks requests based on the permissions which a token has. Does not apply to routes being accessed with a token of type `User`
* @param tokenPermissions Permissions which your route requires.
* @returns Express middleware
*/
export const requiresPermissions = function(...tokenPermissions: auth.TokenPermission[]): RequestHandler {
export const requiresPermissions = function(...tokenPermissions: auth.TokenPermission[]): RequestHandler {
return function(req, res, next) {
let token = tokenFor(req)
let type = auth.getType(token)
@ -62,15 +60,13 @@ export namespace apiBlockers {
}
} else next()
}
}
}
/**
/**
* @description Blocks requests based on whether or not the token being used to access the route is of type `User`.
*/
export const noAPIAccess: RequestHandler = function(req, res, next) {
export const noAPIAccess: RequestHandler = function(req, res, next) {
if (auth.getType(tokenFor(req)) == "App") ServeError(res, 403, "apps are not allowed to access this endpoint")
else next()
}
}