blob: c6a3de50ef0d6ae32103f32ac1422b3d7b1d22a3 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
import { Router, Request, Response } from "express";
import { route } from "@fosscord/api";
import { User } from "@fosscord/util";
const router: Router = Router();
router.post("/", route({}), async (req: Request, res: Response) => {
//TODO: have an "OPERATOR" platform permission implemented for this API route
const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["flags"] });
if(user.flags == '4096') {
console.log("user that POSTed to the API was ALLOWED");
console.log(user.flags);
res.sendStatus(200)
process.kill(process.pid, 'SIGTERM')
}
else {
console.log("operation failed");
console.log(user.flags);
res.sendStatus(403)
}
});
export default router;
//THIS API CAN ONLY BE USED BY USERS WITH THE 'SYSTEM' FLAG ONLY IF ANY OTHER FLAGS ARE ADDED THE REQUEST WILL RETURN 403 'FORBIDDEN'
|