UNPKG

acebase-server

Version:

AceBase realtime database server (webserver endpoint to allow remote connections)

30 lines 1.13 kB
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.adminOnly = void 0; const error_1 = require("../shared/error"); const admin_1 = require("../shared/admin"); /** * Middleware function that checks if the current user is `admin`. An 403 Forbidden error will be sent in the response if * authentication is enabled on the server and the user is not signed in as admin. * * Can be applied to any route by adding it in the router chain. * @example * app.get('/endpoint', adminOnly(env), (req, res) => { * // If we get here we are either an admin, * // or the server doesn't have authentication enabled. * }) * @param env Middle * @param errorMessage * @returns */ const adminOnly = (env, errorMessage = 'only admin can perform this operation') => { return (req, res, next) => { if (env.config.auth.enabled && !(0, admin_1.isAdmin)(req.user)) { return (0, error_1.sendUnauthorizedError)(res, 'admin_only', errorMessage); } next(); }; }; exports.adminOnly = adminOnly; exports.default = exports.adminOnly; //# sourceMappingURL=admin-only.js.map