1
0
mirror of https://github.com/Foltik/Shimapan synced 2024-11-30 14:31:42 -05:00

Add scope requirements to API creation

This commit is contained in:
Jack Foltz 2018-01-15 11:48:36 -05:00
parent 0e18787f62
commit 6c89cdd29e
Signed by: foltik
GPG Key ID: 303F88F996E95541

View File

@ -2,9 +2,22 @@ var express = require('express');
var router = express.Router();
var crypto = require('crypto');
var User = require('../models/User.js');
var Key = require('../models/Key.js');
router.post('/create', function (req, res) {
var requireScope = function (perm) {
return function(req, res, next) {
User.findOne({username: req.session.passport.user}, function(err, user) {
if (err) throw err;
if (user.scope.indexOf(perm) === -1)
res.status(400).json({'message': 'No permission.'});
else
next();
});
}
};
router.post('/create', requireScope('api.create'), function (req, res) {
if (!req.body.identifier || !req.body.scope) {
res.status(400).json({'message': 'Bad request.'});
return;
@ -64,7 +77,7 @@ router.get('/get', function (req, res, next) {
})
});
router.post('/delete', function(req, res, next) {
router.post('/delete', requireScope('api.delete'), function(req, res, next) {
Key.deleteOne({key: req.body.key}, function(err) {
if (err) next(err);
else res.status(200).json({'message': 'Successfully deleted.'});