Create yet another layer of events middleware

2024-02-20 16:44:08 -05:00 · 2024-02-20 16:44:08 -05:00 · b22f64eb17
commit b22f64eb17
parent 9bdaa4afe9
1 changed files with 26 additions and 0 deletions
--- a/functions/api/events-team/events/[id]/_middleware.ts
+++ b/functions/api/events-team/events/[id]/_middleware.ts
@ -0,0 +1,26 @@
+import { jsonError } from "../../../../common.js";
+
+export async function onRequest(context: RequestContext) {
+  const pathSegments = new URL(context.request.url).pathname.split("/");
+
+  // Skip checks for the by-id endpoint
+  if (pathSegments.length > 5) return await context.next();
+
+  const eventInfo = await context.env.D1.prepare(
+    "SELECT * FROM events WHERE id = ?;",
+  )
+    .bind(context.params.id)
+    .first();
+
+  if (!eventInfo) return jsonError("This event does not exist.", 404);
+
+  if (
+    eventInfo.created_by !== context.data.current_user.id &&
+    ![1 << 4, 1 << 12].find((p) => context.data.current_user.permissions & p)
+  )
+    return jsonError("You cannot manage this event.", 403);
+
+  context.data.event = eventInfo;
+
+  return await context.next();
+}