84 lines
1.5 KiB
TypeScript
84 lines
1.5 KiB
TypeScript
import type { NextFunction, Request, Response } from 'express'
|
|
|
|
import { getConfigProperty } from '../helpers/config.helpers.js'
|
|
import {
|
|
apiKeyIsValid,
|
|
userCanUpdate,
|
|
userIsAdmin
|
|
} from '../helpers/functions.user.js'
|
|
|
|
const urlPrefix = getConfigProperty('reverseProxy.urlPrefix')
|
|
|
|
const forbiddenStatus = 403
|
|
|
|
const forbiddenJSON = {
|
|
success: false,
|
|
message: 'Forbidden'
|
|
}
|
|
|
|
const forbiddenRedirectURL = `${urlPrefix}/dashboard/?error=accessDenied`
|
|
|
|
export function adminGetHandler(
|
|
request: Request,
|
|
response: Response,
|
|
next: NextFunction
|
|
): void {
|
|
if (userIsAdmin(request)) {
|
|
next()
|
|
return
|
|
}
|
|
|
|
response.redirect(forbiddenRedirectURL)
|
|
}
|
|
|
|
export function adminPostHandler(
|
|
request: Request,
|
|
response: Response,
|
|
next: NextFunction
|
|
): void {
|
|
if (userIsAdmin(request)) {
|
|
next()
|
|
return
|
|
}
|
|
|
|
response.status(forbiddenStatus).json(forbiddenJSON)
|
|
}
|
|
|
|
export function updateGetHandler(
|
|
request: Request,
|
|
response: Response,
|
|
next: NextFunction
|
|
): void {
|
|
if (userCanUpdate(request)) {
|
|
next()
|
|
return
|
|
}
|
|
|
|
response.redirect(forbiddenRedirectURL)
|
|
}
|
|
|
|
export function updatePostHandler(
|
|
request: Request,
|
|
response: Response,
|
|
next: NextFunction
|
|
): void {
|
|
if (userCanUpdate(request)) {
|
|
next()
|
|
return
|
|
}
|
|
|
|
response.status(forbiddenStatus).json(forbiddenJSON)
|
|
}
|
|
|
|
export async function apiGetHandler(
|
|
request: Request,
|
|
response: Response,
|
|
next: NextFunction
|
|
): Promise<void> {
|
|
if (await apiKeyIsValid(request)) {
|
|
next()
|
|
} else {
|
|
response.redirect(`${urlPrefix}/login`)
|
|
}
|
|
}
|