mirror of
https://github.com/mauriceboe/TREK.git
synced 2026-06-20 13:51:45 +00:00
Maurice
38 lines
1.2 KiB
TypeScript
38 lines
1.2 KiB
TypeScript
import { Request, Response, NextFunction } from 'express';
|
|
import { canAccessTrip, isOwner } from '../db/database';
|
|
import { AuthRequest } from '../types';
|
|
|
|
/** Middleware: verifies the authenticated user is an owner or member of the trip, then attaches trip to req. */
|
|
function requireTripAccess(req: Request, res: Response, next: NextFunction): void {
|
|
const authReq = req as AuthRequest;
|
|
const tripId = req.params.tripId || req.params.id;
|
|
if (!tripId) {
|
|
res.status(400).json({ error: 'Trip ID required' });
|
|
return;
|
|
}
|
|
const trip = canAccessTrip(Number(tripId), authReq.user.id);
|
|
if (!trip) {
|
|
res.status(404).json({ error: 'Trip not found' });
|
|
return;
|
|
}
|
|
authReq.trip = trip;
|
|
next();
|
|
}
|
|
|
|
/** Middleware: verifies the authenticated user is the trip owner (not just a member). */
|
|
function requireTripOwner(req: Request, res: Response, next: NextFunction): void {
|
|
const authReq = req as AuthRequest;
|
|
const tripId = req.params.tripId || req.params.id;
|
|
if (!tripId) {
|
|
res.status(400).json({ error: 'Trip ID required' });
|
|
return;
|
|
}
|
|
if (!isOwner(Number(tripId), authReq.user.id)) {
|
|
res.status(403).json({ error: 'Only the trip owner can do this' });
|
|
return;
|
|
}
|
|
next();
|
|
}
|
|
|
|
export { requireTripAccess, requireTripOwner };
|