diff options
| author | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-08-22 22:08:22 +1000 |
|---|---|---|
| committer | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2022-08-22 22:08:22 +1000 |
| commit | 975c414434ee08622126bdeb4060532029413c18 (patch) | |
| tree | a46b7f33a150963f6b8d3515225574610325713f /src/api/routes/stop.ts | |
| parent | Merge branch 'master' into fix/claim_accounts (diff) | |
| parent | Merge remote-tracking branch 'Puyodead1/patch/prettier-config' into staging (diff) | |
| download | server-975c414434ee08622126bdeb4060532029413c18.tar.xz | |
Merge remote-tracking branch 'upstream/staging' into fix/claim_accounts
Diffstat (limited to 'src/api/routes/stop.ts')
| -rw-r--r-- | src/api/routes/stop.ts | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/src/api/routes/stop.ts b/src/api/routes/stop.ts new file mode 100644 index 00000000..7f8b78ba --- /dev/null +++ b/src/api/routes/stop.ts @@ -0,0 +1,26 @@ +import { Router, Request, Response } from "express"; +import { route } from "@fosscord/api"; +import { User } from "@fosscord/util"; + +const router: Router = Router(); + +router.post("/", route({}), async (req: Request, res: Response) => { + //EXPERIMENTAL: have an "OPERATOR" platform permission implemented for this API route + const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["rights"] }); + if((Number(user.rights) << Number(0))%Number(2)==Number(1)) { + console.log("user that POSTed to the API was ALLOWED"); + console.log(user.rights); + res.sendStatus(200) + process.kill(process.pid, 'SIGTERM') + } + else { + console.log("operation failed"); + console.log(user.rights); + res.sendStatus(403) + } +}); + +export default router; + +//THIS API CAN ONLY BE USED BY USERS WITH THE 'OPERATOR' RIGHT (which is the value of 1) ONLY IF ANY OTHER RIGHTS ARE ADDED OR IF THE USER DOESNT HAVE PERMISSION, +//THE REQUEST WILL RETURN 403 'FORBIDDEN' |