Ehrenamt/ff-admin-server
2
0
Fork 0
Code Issues 17 Pull requests Projects Releases 38 Packages Wiki Activity Actions

permissions & routes with middleware

Browse source
This commit is contained in:
Julian Krauser 2025-01-22 09:27:15 +01:00
parent 4568bef10e
commit 0b40b9d92c
10 changed files with 92 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

1
src/middleware/authenticate.ts
View file

@ -37,6 +37,7 @@ export default async function authenticate(req: Request, res: Response, next: Fu
req.username = decoded.username;
req.isOwner = decoded.isOwner;
req.permissions = decoded.permissions;
req.isWebApiRequest = decoded?.sub == "webapi_access_token";
next();
}

10
src/middleware/preventWebApiAccess.ts Normal file
View file

@ -0,0 +1,10 @@
import { Request, Response } from "express";
import ForbiddenRequestException from "../exceptions/forbiddenRequestException";
export default async function preventApiAccess(req: Request, res: Response, next: Function) {
if (req.isWebApiRequest) {
throw new ForbiddenRequestException("This route cannot be accessed via webapi");
} else {
next();
}
}