From b22f64eb1710355c03ad803abfb55102e9b4b413 Mon Sep 17 00:00:00 2001
From: Regalijan <r@regalijan.com>
Date: Tue, 20 Feb 2024 16:44:08 -0500
Subject: [PATCH] Create yet another layer of events middleware

---
 .../events-team/events/[id]/_middleware.ts    | 26 +++++++++++++++++++
 1 file changed, 26 insertions(+)
 create mode 100644 functions/api/events-team/events/[id]/_middleware.ts

diff --git a/functions/api/events-team/events/[id]/_middleware.ts b/functions/api/events-team/events/[id]/_middleware.ts
new file mode 100644
index 0000000..ab054c2
--- /dev/null
+++ b/functions/api/events-team/events/[id]/_middleware.ts
@@ -0,0 +1,26 @@
+import { jsonError } from "../../../../common.js";
+
+export async function onRequest(context: RequestContext) {
+  const pathSegments = new URL(context.request.url).pathname.split("/");
+
+  // Skip checks for the by-id endpoint
+  if (pathSegments.length > 5) return await context.next();
+
+  const eventInfo = await context.env.D1.prepare(
+    "SELECT * FROM events WHERE id = ?;",
+  )
+    .bind(context.params.id)
+    .first();
+
+  if (!eventInfo) return jsonError("This event does not exist.", 404);
+
+  if (
+    eventInfo.created_by !== context.data.current_user.id &&
+    ![1 << 4, 1 << 12].find((p) => context.data.current_user.permissions & p)
+  )
+    return jsonError("You cannot manage this event.", 403);
+
+  context.data.event = eventInfo;
+
+  return await context.next();
+}