k1nq/TREK
1
0
Fork 0
mirror of https://github.com/mauriceboe/TREK.git synced 2026-06-22 06:41:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactoring: TypeScript migration, security fixes,

Browse Source
This commit is contained in:
Maurice
2026-03-27 18:40:18 +01:00
parent 510475a46f
commit 8396a75223
150 changed files with 8116 additions and 8467 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/middleware/tripAccess.ts
+37
View File
@@ -0,0 +1,37 @@
import { Request, Response, NextFunction } from 'express';
import { canAccessTrip, isOwner } from '../db/database';
import { AuthRequest } from '../types';
/** Middleware: verifies the authenticated user is an owner or member of the trip, then attaches trip to req. */
function requireTripAccess(req: Request, res: Response, next: NextFunction): void {
const authReq = req as AuthRequest;
const tripId = req.params.tripId || req.params.id;
if (!tripId) {
res.status(400).json({ error: 'Trip ID required' });
return;
}
const trip = canAccessTrip(Number(tripId), authReq.user.id);
if (!trip) {
res.status(404).json({ error: 'Trip not found' });
return;
}
authReq.trip = trip;
next();
}
/** Middleware: verifies the authenticated user is the trip owner (not just a member). */
function requireTripOwner(req: Request, res: Response, next: NextFunction): void {
const authReq = req as AuthRequest;
const tripId = req.params.tripId || req.params.id;
if (!tripId) {
res.status(400).json({ error: 'Trip ID required' });
return;
}
if (!isOwner(Number(tripId), authReq.user.id)) {
res.status(403).json({ error: 'Only the trip owner can do this' });
return;
}
next();
}
export { requireTripAccess, requireTripOwner };