foltik/shimapan
1
0
Fork 0
mirror of https://github.com/Foltik/Shimapan synced 2024-12-03 10:59:13 -05:00
Code Issues Releases Wiki Activity

Add scope requirements to API creation

Browse Source
This commit is contained in:
Jack Foltz 2018-01-15 11:48:36 -05:00
parent 0e18787f62
commit 6c89cdd29e
Signed by: foltik
GPG Key ID: 303F88F996E95541
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
app/routes/keys.js
View File

@ -2,9 +2,22 @@ var express = require('express');
var router = express.Router(); var router = express.Router();
var crypto = require('crypto'); var crypto = require('crypto');
var User = require('../models/User.js');
var Key = require('../models/Key.js'); var Key = require('../models/Key.js');
router.post('/create', function (req, res) { var requireScope = function (perm) {
return function(req, res, next) {
User.findOne({username: req.session.passport.user}, function(err, user) {
if (err) throw err;
if (user.scope.indexOf(perm) === -1)
res.status(400).json({'message': 'No permission.'});
else
next();
});
}
};
router.post('/create', requireScope('api.create'), function (req, res) {
if (!req.body.identifier || !req.body.scope) { if (!req.body.identifier || !req.body.scope) {
res.status(400).json({'message': 'Bad request.'}); res.status(400).json({'message': 'Bad request.'});
return; return;
@ -64,7 +77,7 @@ router.get('/get', function (req, res, next) {
}) })
}); });
router.post('/delete', function(req, res, next) { router.post('/delete', requireScope('api.delete'), function(req, res, next) {
Key.deleteOne({key: req.body.key}, function(err) { Key.deleteOne({key: req.body.key}, function(err) {
if (err) next(err); if (err) next(err);
else res.status(200).json({'message': 'Successfully deleted.'}); else res.status(200).json({'message': 'Successfully deleted.'});