111 lines
3.3 KiB
JavaScript
111 lines
3.3 KiB
JavaScript
const { Middleware } = require('libflitter')
|
|
|
|
class DataInjectionMiddleware extends Middleware {
|
|
static get services() {
|
|
return [...super.services, 'models']
|
|
}
|
|
|
|
// manage, update, view
|
|
async test(req, res, next, { access_level = 'view' }) {
|
|
if ( !req.user ) {
|
|
return res.status(401)
|
|
.message('Unauthenticated session.')
|
|
.api()
|
|
}
|
|
|
|
if ( !req.form ) req.form = {}
|
|
|
|
// Try to load in the page
|
|
if ( !req.params.PageId ) return next()
|
|
|
|
const Page = this.models.get('api:Page')
|
|
const page = await Page.findOne({ UUID: req.params.PageId })
|
|
if ( !page ) {
|
|
return res.status(404)
|
|
.message('Invalid page ID.')
|
|
.api()
|
|
}
|
|
|
|
// Make sure the user has access to the given page
|
|
if ( !(await page.is_accessible_by(req.user, access_level)) ) {
|
|
return res.status(401).api()
|
|
}
|
|
|
|
req.form.page = page
|
|
|
|
// Try to load in the node
|
|
if ( req.params.NodeId ) {
|
|
const Node = this.models.get('api:Node')
|
|
const node = await Node.findOne({ UUID: req.params.NodeId })
|
|
|
|
if ( !node || !page.NodeIds.includes(node.UUID) ) {
|
|
return res.status(404)
|
|
.message('Invalid node ID.')
|
|
.api()
|
|
}
|
|
|
|
req.form.node = node
|
|
}
|
|
|
|
// Try to load in the code snippets
|
|
if ( req.params.CodiumId ) {
|
|
const Codium = this.models.get('api:Codium')
|
|
const codium = await Codium.findOne({
|
|
UUID: req.params.CodiumId,
|
|
Active: true,
|
|
PageId: req.params.PageId,
|
|
...(req.form.node ? {NodeId: req.form.node.UUID} : {}),
|
|
})
|
|
|
|
if ( !codium ) {
|
|
return res.status(404)
|
|
.message('Invalid code snippet ID.')
|
|
.api()
|
|
}
|
|
|
|
req.form.codium = codium
|
|
}
|
|
|
|
// Try to load in the database
|
|
if ( req.params.DatabaseId ) {
|
|
const Database = this.models.get('api:db:Database')
|
|
const database = await Database.findOne({
|
|
UUID: req.params.DatabaseId,
|
|
Active: true,
|
|
PageId: req.params.PageId,
|
|
...(req.form.node ? {NodeId: req.form.node.UUID} : {}),
|
|
})
|
|
|
|
if ( !database ) {
|
|
return res.status(404)
|
|
.message('Invalid database ID.')
|
|
.api()
|
|
}
|
|
|
|
req.form.database = database
|
|
}
|
|
|
|
// Try to load in the file group
|
|
if ( req.params.FilesId ) {
|
|
const FileGroup = this.models.get('api:FileGroup')
|
|
const file_group = await FileGroup.findOne({
|
|
UUID: req.params.FilesId,
|
|
PageId: req.params.PageId,
|
|
...(req.form.node ? {NodeId: req.form.node.UUID} : {}),
|
|
})
|
|
|
|
if ( !file_group ) {
|
|
return res.status(404)
|
|
.message('Invalid file group ID.')
|
|
.api()
|
|
}
|
|
|
|
req.form.file_group = file_group
|
|
}
|
|
|
|
return next()
|
|
}
|
|
}
|
|
|
|
module.exports = exports = DataInjectionMiddleware
|