nodebb-plugin-calendar-onekite 10.0.11 → 10.0.13
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/library.js +25 -6
- package/package.json +1 -1
- package/plugin.json +1 -1
package/library.js
CHANGED
|
@@ -12,6 +12,25 @@ const privileges = require.main.require('./src/privileges');
|
|
|
12
12
|
|
|
13
13
|
const plugin = {};
|
|
14
14
|
|
|
15
|
+
function ensureLoggedIn(req, res, next) {
|
|
16
|
+
if (!req.uid) {
|
|
17
|
+
return res.status(401).json({ error: 'not-authenticated' });
|
|
18
|
+
}
|
|
19
|
+
next();
|
|
20
|
+
}
|
|
21
|
+
|
|
22
|
+
async function adminsOnly(req, res, next) {
|
|
23
|
+
try {
|
|
24
|
+
if (!req.uid) return res.status(401).json({ error: 'not-authenticated' });
|
|
25
|
+
const isAdmin = await user.isAdministrator(req.uid);
|
|
26
|
+
if (!isAdmin) return res.status(403).json({ error: 'not-allowed' });
|
|
27
|
+
next();
|
|
28
|
+
} catch (e) {
|
|
29
|
+
res.status(500).json({ error: e.message });
|
|
30
|
+
}
|
|
31
|
+
}
|
|
32
|
+
|
|
33
|
+
|
|
15
34
|
const PLUGIN_NS = 'calendar-onekite';
|
|
16
35
|
const RES_PREFIX = `calendar-onekite:reservation`;
|
|
17
36
|
const RES_ZSET_BY_START = `calendar-onekite:reservations:byStart`;
|
|
@@ -344,7 +363,7 @@ plugin.init = async function (params) {
|
|
|
344
363
|
});
|
|
345
364
|
|
|
346
365
|
// API: create reservation (pending)
|
|
347
|
-
router.post('/api/calendar-onekite/reservations',
|
|
366
|
+
router.post('/api/calendar-onekite/reservations', ensureLoggedIn, async (req, res) => {
|
|
348
367
|
try {
|
|
349
368
|
const s = await getSettings();
|
|
350
369
|
await assertRequesterPrivileges(req, s);
|
|
@@ -424,7 +443,7 @@ plugin.init = async function (params) {
|
|
|
424
443
|
});
|
|
425
444
|
|
|
426
445
|
// API: approve reservation (creates checkout intent, sends payer link)
|
|
427
|
-
router.post('/api/calendar-onekite/reservations/:id/approve',
|
|
446
|
+
router.post('/api/calendar-onekite/reservations/:id/approve', ensureLoggedIn, async (req, res) => {
|
|
428
447
|
try {
|
|
429
448
|
const s = await getSettings();
|
|
430
449
|
await assertApproverPrivileges(req, s);
|
|
@@ -483,7 +502,7 @@ plugin.init = async function (params) {
|
|
|
483
502
|
});
|
|
484
503
|
|
|
485
504
|
// API: reject reservation
|
|
486
|
-
router.post('/api/calendar-onekite/reservations/:id/reject',
|
|
505
|
+
router.post('/api/calendar-onekite/reservations/:id/reject', ensureLoggedIn, async (req, res) => {
|
|
487
506
|
try {
|
|
488
507
|
const s = await getSettings();
|
|
489
508
|
await assertApproverPrivileges(req, s);
|
|
@@ -521,12 +540,12 @@ plugin.init = async function (params) {
|
|
|
521
540
|
});
|
|
522
541
|
|
|
523
542
|
// Admin API: get/save settings
|
|
524
|
-
router.get('/api/admin/plugins/calendar-onekite',
|
|
543
|
+
router.get('/api/admin/plugins/calendar-onekite', ensureLoggedIn, adminsOnly, async (req, res) => {
|
|
525
544
|
const settings = await meta.settings.get(PLUGIN_NS);
|
|
526
545
|
res.json(settings);
|
|
527
546
|
});
|
|
528
547
|
|
|
529
|
-
router.post('/api/admin/plugins/calendar-onekite',
|
|
548
|
+
router.post('/api/admin/plugins/calendar-onekite', ensureLoggedIn, adminsOnly, async (req, res) => {
|
|
530
549
|
await meta.settings.set(PLUGIN_NS, req.body);
|
|
531
550
|
// invalidate caches when settings change
|
|
532
551
|
helloassoTokenCache = { token: null, expiresAt: 0 };
|
|
@@ -535,7 +554,7 @@ plugin.init = async function (params) {
|
|
|
535
554
|
});
|
|
536
555
|
|
|
537
556
|
// Admin API: purge by year
|
|
538
|
-
router.post('/api/admin/plugins/calendar-onekite/purge',
|
|
557
|
+
router.post('/api/admin/plugins/calendar-onekite/purge', ensureLoggedIn, adminsOnly, async (req, res) => {
|
|
539
558
|
const year = parseInt((req.body && req.body.year) || '0', 10);
|
|
540
559
|
if (!year || year < 1970 || year > 3000) return res.status(400).json({ error: 'invalid-year' });
|
|
541
560
|
|
package/package.json
CHANGED