send/server/middleware/owner.js
2018-02-09 15:03:05 -08:00

22 lines
500 B
JavaScript

const storage = require('../storage');
module.exports = async function(req, res, next) {
const id = req.params.id;
const ownerToken = req.body.owner_token;
if (id && ownerToken) {
try {
req.meta = await storage.metadata(id);
if (!req.meta) {
return res.sendStatus(404);
}
req.authorized = req.meta.owner === ownerToken;
} catch (e) {
req.authorized = false;
}
}
if (req.authorized) {
next();
} else {
res.sendStatus(401);
}
};