car-crushers-portal/functions/api/appeals/[id]/_middleware.ts

export async function onRequestPost(context: RequestContext) {
  const { permissions } = context.data.current_user;

  if (!(permissions & (1 << 0)) || !(permissions & (1 << 11)))
    return new Response('{"error":"Forbidden"}', {
      headers: {
        "content-type": "application/json",
      },
      status: 403,
    });

  const { body } = context.data;

  if (typeof body.accept !== "boolean")
    return new Response('{"error":"Invalid acceptance status"}', {
      headers: {
        "content-type": "application/json",
      },
      status: 400,
    });

  if (
    body.feedback &&
    (typeof body.feedback !== "string" || body.feedback.length > 512)
  )
    return new Response('{"error":"Invalid feedback"}', {
      headers: {
        "content-type": "application/json",
      },
      status: 400,
    });
}