25 lines
800 B
JavaScript
25 lines
800 B
JavaScript
const { Middleware } = require('libflitter')
|
|
|
|
class PermissionMiddleware extends Middleware {
|
|
async test(req, res, next, { check }) {
|
|
// If the request was authorized using an OAuth2 bearer token,
|
|
// make sure the associated client has permission to access this endpoint.
|
|
if ( req?.oauth?.client ) {
|
|
if ( !req.oauth.client.can(check) )
|
|
return res.status(401)
|
|
.message('Insufficient permissions (OAuth2 Client).')
|
|
.api()
|
|
}
|
|
|
|
// Make sure the user has permission
|
|
if ( !req.user.can(check) )
|
|
return res.status(401)
|
|
.message('Insufficient permissions.')
|
|
.api()
|
|
|
|
return next()
|
|
}
|
|
}
|
|
|
|
module.exports = exports = PermissionMiddleware
|