From afff310e50f2fa8419bb4242470cbde46ab54463 Mon Sep 17 00:00:00 2001 From: Rigel Kent Date: Thu, 13 Aug 2020 15:07:23 +0200 Subject: allow private syndication feeds via a user feedToken --- server/helpers/middlewares/accounts.ts | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) (limited to 'server/helpers') diff --git a/server/helpers/middlewares/accounts.ts b/server/helpers/middlewares/accounts.ts index 29b4ed1a6..9be80167c 100644 --- a/server/helpers/middlewares/accounts.ts +++ b/server/helpers/middlewares/accounts.ts @@ -2,6 +2,7 @@ import { Response } from 'express' import { AccountModel } from '../../models/account/account' import * as Bluebird from 'bluebird' import { MAccountDefault } from '../../types/models' +import { UserModel } from '@server/models/account/user' function doesAccountIdExist (id: number | string, res: Response, sendNotFound = true) { const promise = AccountModel.load(parseInt(id + '', 10)) @@ -39,11 +40,28 @@ async function doesAccountExist (p: Bluebird, res: Response, se return true } +async function doesUserFeedTokenCorrespond (id: number | string, token: string, res: Response) { + const user = await UserModel.loadById(parseInt(id + '', 10)) + + if (token !== user.feedToken) { + res.status(401) + .send({ error: 'User and token mismatch' }) + .end() + + return false + } + + res.locals.user = user + + return true +} + // --------------------------------------------------------------------------- export { doesAccountIdExist, doesLocalAccountNameExist, doesAccountNameWithHostExist, - doesAccountExist + doesAccountExist, + doesUserFeedTokenCorrespond } -- cgit v1.2.3