CoreID/app/routing/middleware/api/Permission.middleware.js

25 lines
800 B
JavaScript
Raw Normal View History

2020-05-12 01:26:09 +00:00
const { Middleware } = require('libflitter')
class PermissionMiddleware extends Middleware {
async test(req, res, next, { check }) {
// If the request was authorized using an OAuth2 bearer token,
// make sure the associated client has permission to access this endpoint.
if ( req?.oauth?.client ) {
if ( !req.oauth.client.can(check) )
return res.status(401)
.message('Insufficient permissions (OAuth2 Client).')
.api()
}
// Make sure the user has permission
2020-05-12 01:26:09 +00:00
if ( !req.user.can(check) )
return res.status(401)
.message('Insufficient permissions.')
.api()
return next()
}
}
module.exports = exports = PermissionMiddleware