car-crushers-portal/functions/api/game-appeals/[id]/_middleware.ts

import { jsonError } from "../../../common.js";

export async function onRequest(context: RequestContext) {
  const { pathname } = new URL(context.request.url);

  if (pathname.endsWith("/metadata") || pathname.endsWith("/submit"))
    return await context.next();

  if (!(context.data.current_user.permissions & (1 << 5)))
    return jsonError("Forbidden", 403);

  return await context.next();
}