25 lines
949 B
JavaScript
25 lines
949 B
JavaScript
const GrantedPermission = require("../models/GrantedPermission");
|
|
const Session = require("../models/Session");
|
|
|
|
module.exports = function(permissionNode) {
|
|
return async function(req, res, next) {
|
|
|
|
// Set the token
|
|
let token = req.token;
|
|
if (req.tokenType === "client") token = req.clientId;
|
|
|
|
// Get permissions from client
|
|
const clientPermissions = await GrantedPermission.findAll({where: {token: token}});
|
|
|
|
// Check permission
|
|
for (let permission in clientPermissions) {
|
|
if (clientPermissions[permission].permissionNode === "*") return next();
|
|
try {
|
|
if (new RegExp(clientPermissions[permission].permissionNode).test(permissionNode)) return next();
|
|
} catch {}
|
|
}
|
|
|
|
// Return if client has no permission
|
|
res.status(403).json({message: `You need the permission '${permissionNode}' to perform this action.`});
|
|
}
|
|
} |