const { Middleware } = require('libflitter') class DataInjectionMiddleware extends Middleware { static get services() { return [...super.services, 'models'] } // manage, update, view async test(req, res, next, { access_level = 'view' }) { if ( !req.user ) { return res.status(401) .message('Unauthenticated session.') .api() } if ( !req.form ) req.form = {} // Try to load in the page if ( !req.params.PageId ) return next() const Page = this.models.get('api:Page') const page = await Page.findOne({ UUID: req.params.PageId }) if ( !page ) { return res.status(404) .message('Invalid page ID.') .api() } // Make sure the user has access to the given page if ( !(await page.is_accessible_by(req.user, access_level)) ) { return res.status(401).api() } req.form.page = page // Try to load in the node if ( req.params.NodeId ) { const Node = this.models.get('api:Node') const node = await Node.findOne({ UUID: req.params.NodeId }) if ( !node || !page.NodeIds.includes(node.UUID) ) { return res.status(404) .message('Invalid node ID.') .api() } req.form.node = node } // Try to load in the code snippets if ( req.params.CodiumId ) { const Codium = this.models.get('api:Codium') const codium = await Codium.findOne({ UUID: req.params.CodiumId, Active: true, PageId: req.params.PageId, ...(req.form.node ? {NodeId: req.form.node.UUID} : {}), }) if ( !codium ) { return res.status(404) .message('Invalid code snippet ID.') .api() } req.form.codium = codium } // Try to load in the database if ( req.params.DatabaseId ) { const Database = this.models.get('api:db:Database') const database = await Database.findOne({ UUID: req.params.DatabaseId, Active: true, PageId: req.params.PageId, ...(req.form.node ? {NodeId: req.form.node.UUID} : {}), }) if ( !database ) { return res.status(404) .message('Invalid database ID.') .api() } req.form.database = database } // Try to load in the file group if ( req.params.FilesId ) { const FileGroup = this.models.get('api:FileGroup') const file_group = await FileGroup.findOne({ UUID: req.params.FilesId, PageId: req.params.PageId, ...(req.form.node ? {NodeId: req.form.node.UUID} : {}), }) if ( !file_group ) { return res.status(404) .message('Invalid file group ID.') .api() } req.form.file_group = file_group } return next() } } module.exports = exports = DataInjectionMiddleware