foltik/shimapan
1
0
Fork 0
mirror of https://github.com/Foltik/Shimapan synced 2024-11-28 05:26:44 -05:00
Code Issues Releases Wiki Activity

Clean Invites route

Browse Source
This commit is contained in:
Jack Foltz 2018-08-01 12:20:35 -04:00
parent 49b77c5c03
commit c23c9b345e
Signed by: foltik
GPG Key ID: 303F88F996E95541
1 changed files with 2 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
app/routes/api/invites.js
View File

@ -11,17 +11,10 @@ const requireAuth = require('../../util/auth').requireAuth;
const verifyScope = require('../../util/verifyScope'); const verifyScope = require('../../util/verifyScope');
const verifyBody = require('../../util/verifyBody'); const verifyBody = require('../../util/verifyBody');
const updateInviteCount = async (req, next) =>
User.updateOne({username: req.username}, {$inc: {inviteCount: 1}}).catch(next);
const verifyUserHasScope = userScope =>
scope => verifyScope(userScope, scope);
const createParams = [{name: 'scope', instance: Array}]; const createParams = [{name: 'scope', instance: Array}];
router.post('/create', requireAuth('invite.create'), verifyBody(createParams), wrap(async (req, res, next) => { router.post('/create', requireAuth('invite.create'), verifyBody(createParams), wrap(async (req, res, next) => {
const scope = req.body.scope; const scope = req.body.scope;
const hasPermission = scope.every(verifyUserHasScope(req.scope)); const hasPermission = scope.every(scope => verifyScope(req.scope, scope));
if (!hasPermission) if (!hasPermission)
return res.status(403).json({message: 'Requested scope exceeds own scope.'}); return res.status(403).json({message: 'Requested scope exceeds own scope.'});
@ -35,7 +28,7 @@ router.post('/create', requireAuth('invite.create'), verifyBody(createParams), w
await Promise.all([ await Promise.all([
Invite.create(invite).catch(next), Invite.create(invite).catch(next),
updateInviteCount(req, next) User.updateOne({username: req.username}, {$inc: {inviteCount: 1}})
]); ]);
res.status(200).json({ res.status(200).json({