allow channels other than one
This commit is contained in:
parent
ead0187934
commit
17bdacce0f
|
@ -5,23 +5,23 @@ const overlay = require('../../lib.overlay');
|
|||
const allowedEndpoints = {
|
||||
get: [
|
||||
// '/token', // used for ??
|
||||
'/channels/1',
|
||||
'/channels/1/messages',
|
||||
//'/channels/1',
|
||||
//'/channels/1/messages',
|
||||
],
|
||||
post: [
|
||||
'/files',
|
||||
'/channels/1/messages',
|
||||
'/channels/1/subscribe',
|
||||
//'/channels/1/messages',
|
||||
//'/channels/1/subscribe',
|
||||
],
|
||||
put: [
|
||||
'/users/me',
|
||||
'/channels/1',
|
||||
//'/channels/1',
|
||||
],
|
||||
patch: [
|
||||
'/users/me'
|
||||
],
|
||||
delete: [
|
||||
'/channels/1/subscribe',
|
||||
//'/channels/1/subscribe',
|
||||
],
|
||||
}
|
||||
|
||||
|
@ -122,11 +122,39 @@ module.exports = (app, prefix) => {
|
|||
}));
|
||||
}
|
||||
let ok = true;
|
||||
|
||||
// check non-dynamic
|
||||
if (!allowedEndpoints[req.method.toLowerCase()].includes(req.path.toLowerCase())) {
|
||||
ok = false;
|
||||
}
|
||||
|
||||
// need this for create_message unit tests
|
||||
// get channels/X
|
||||
// get channels/X/messages
|
||||
if (req.method.toLowerCase() === 'get' && req.path.match(/^\/channels\//i)) {
|
||||
ok = true;
|
||||
}
|
||||
// allow users to delete their own messages
|
||||
// delete channels/X/messages/1
|
||||
// delete channels/X/subscribe
|
||||
if (req.method.toLowerCase() === 'delete' && req.path.match(/^\/channels\//i) &&
|
||||
(req.path.match(/\/messages\//i) || req.path.match(/\/subscribe/i))) {
|
||||
ok = true;
|
||||
}
|
||||
|
||||
// update meta data
|
||||
// put channels/X
|
||||
if (req.method.toLowerCase() === 'put' && req.path.match(/^\/channels\//i)) {
|
||||
ok = true;
|
||||
}
|
||||
// post sub/msgs
|
||||
// post channels/X/messages
|
||||
// post channels/X/subscribe
|
||||
if (req.method.toLowerCase() === 'post' && req.path.match(/^\/channels\//i) &&
|
||||
(req.path.match(/\/messages/i) || req.path.match(/\/subscribe/i))) {
|
||||
ok = true;
|
||||
}
|
||||
|
||||
// allow user look ups (but with a token, that check is done later)
|
||||
if (req.method.toLowerCase() === 'get' && req.path.match(/^\/users\//i)) {
|
||||
ok = true;
|
||||
|
@ -137,16 +165,6 @@ module.exports = (app, prefix) => {
|
|||
ok = true;
|
||||
}
|
||||
|
||||
// need this for create_message unit tests
|
||||
if (req.method.toLowerCase() === 'get' && req.path.match(/^\/channels\//i) && req.path.match(/\/messages\//i)) {
|
||||
ok = true;
|
||||
}
|
||||
|
||||
// allow users to delete their own messages
|
||||
if (req.method.toLowerCase() === 'delete' && req.path.match(/^\/channels\//i) && req.path.match(/\/messages\//i)) {
|
||||
ok = true;
|
||||
}
|
||||
|
||||
// GET /token is valid, if you're passing a token...
|
||||
if (req.method.toLowerCase() === 'get' && req.path.match(/^\/token/i)) {
|
||||
ok = true;
|
||||
|
|
Loading…
Reference in New Issue