vanja/feishin
1
0
Fork 0
mirror of https://github.com/jeffvli/feishin.git synced 2026-05-08 13:00:13 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
449e11c2d4dba817e04e773b75ca1903e2ac31ea
feishin/server/routes/users.route.ts
T
jeffvli c54eea4382 Add server permission management
2022-11-14 01:13:54 -08:00

50 lines
1.5 KiB
TypeScript
Raw Blame History

import express, { Router } from 'express';
import multer from 'multer';
import { controller } from '@controllers/index';
import { service } from '@services/index';
import { ApiError } from '@utils/index';
import { validation } from '@validations/index';
import { validateRequest } from '@validations/shared.validation';
import { authenticateAdmin } from '../middleware/authenticate-admin';
const storage = multer.memoryStorage();
const upload = multer({ storage: storage });
export const router: Router = express.Router({ mergeParams: true });
router
.route('/')
.get(validateRequest(validation.users.list), controller.users.getUserList)
.post(
authenticateAdmin,
validateRequest(validation.users.createUser),
controller.users.createUser
);
router.param('userId', async (req, _res, next, userId) => {
const user = await service.users.findById(req.authUser, { id: userId });
if (req.authUser.id === userId) {
return next();
}
// Only superadmins can modify other admins
if (user.isAdmin && !req.authUser.isSuperAdmin) {
throw ApiError.forbidden('You are not authorized to access this resource');
}
return next();
});
router
.route('/:userId')
.get(validateRequest(validation.users.detail), controller.users.getUserDetail)
.patch(
validateRequest(validation.users.updateUser),
upload.single('image'),
controller.users.updateUser
)
.delete(
validateRequest(validation.users.deleteUser),
controller.users.deleteUser
);
Reference in New Issue View Git Blame Copy Permalink