f1b0d552b6
now using bitwise operators and dividing the `rights` value so you can have other rights whilst having the `OPERATOR` right for example: `3` is `1` and `2` combined NOTE: a potential issue has been uncovered while testing; if you have more than 1 thread the server will only stop 1 thread and the rest of the server will continue to run
27 lines
957 B
TypeScript
27 lines
957 B
TypeScript
import { Router, Request, Response } from "express";
|
|
import { route } from "@fosscord/api";
|
|
import { User } from "@fosscord/util";
|
|
|
|
const router: Router = Router();
|
|
|
|
router.post("/", route({}), async (req: Request, res: Response) => {
|
|
//EXPERIMENTAL: have an "OPERATOR" platform permission implemented for this API route
|
|
const user = await User.findOneOrFail({ where: { id: req.user_id }, select: ["rights"] });
|
|
if((Number(user.rights) << Number(0))%Number(2)==Number(1)) {
|
|
console.log("user that POSTed to the API was ALLOWED");
|
|
console.log(user.rights);
|
|
res.sendStatus(200)
|
|
process.kill(process.pid, 'SIGTERM')
|
|
}
|
|
else {
|
|
console.log("operation failed");
|
|
console.log(user.rights);
|
|
res.sendStatus(403)
|
|
}
|
|
});
|
|
|
|
export default router;
|
|
|
|
//THIS API CAN ONLY BE USED BY USERS WITH THE 'OPERATOR' RIGHT (which is the value of 1) ONLY IF ANY OTHER RIGHTS ARE ADDED OR IF THE USER DOESNT HAVE PERMISSION,
|
|
//THE REQUEST WILL RETURN 403 'FORBIDDEN'
|