feature: rooms and events implemented on the backend
This commit is contained in:
parent
df00324e24
commit
85024c6e62
29 changed files with 1659 additions and 115 deletions
|
|
@ -1,6 +1,5 @@
|
|||
import { PASSWORD_ENTRIES, PASSWORD_ENTRY } from '../../../models/password_entry.ts';
|
||||
import { USER, USERS } from '../../../models/user.ts';
|
||||
import { PERMISSIONS_STORE, USER_PERMISSIONS } from '../../../models/user_permissions.ts';
|
||||
import { generateSecret } from 'jsr:@stdext/crypto/utils';
|
||||
import { hash } from 'jsr:@stdext/crypto/hash';
|
||||
import lurid from 'jsr:@andyburke/lurid';
|
||||
|
|
@ -9,19 +8,20 @@ import parse_body from '../../../utils/bodyparser.ts';
|
|||
import { create_new_session, SESSION_RESULT } from '../auth/index.ts';
|
||||
import { PRECHECKS } from './me/index.ts';
|
||||
import { get_session, get_user, require_user } from '../../../utils/prechecks.ts';
|
||||
import { CANNED_RESPONSES } from '../../../utils/canned_responses.ts';
|
||||
import * as CANNED_RESPONSES from '../../../utils/canned_responses.ts';
|
||||
|
||||
// TODO: figure out a better solution for doling out permissions
|
||||
const DEFAULT_USER_PERMISSIONS: string[] = [
|
||||
'self.read',
|
||||
'self.write'
|
||||
'self.write',
|
||||
'rooms.read'
|
||||
];
|
||||
|
||||
// GET /api/users - get users
|
||||
// query parameters:
|
||||
// partial_id: the partial id subset you would like to match (remember, lurids are lexigraphically sorted)
|
||||
PRECHECKS.GET = [get_session, get_user, require_user, (_req: Request, meta: Record<string, any>): Response | undefined => {
|
||||
const can_read_others = meta.user_permissions?.permissions?.includes('users.read');
|
||||
const can_read_others = meta.user?.permissions?.includes('users.read');
|
||||
|
||||
if (!can_read_others) {
|
||||
return CANNED_RESPONSES.permission_denied();
|
||||
|
|
@ -97,6 +97,7 @@ export async function POST(req: Request, meta: Record<string, any>): Promise<Res
|
|||
const user: USER = {
|
||||
id: lurid(),
|
||||
username,
|
||||
permissions: DEFAULT_USER_PERMISSIONS,
|
||||
timestamps: {
|
||||
created: now,
|
||||
updated: now
|
||||
|
|
@ -120,17 +121,6 @@ export async function POST(req: Request, meta: Record<string, any>): Promise<Res
|
|||
|
||||
await PASSWORD_ENTRIES.create(password_entry);
|
||||
|
||||
const user_permissions: USER_PERMISSIONS = {
|
||||
user_id: user.id,
|
||||
permissions: DEFAULT_USER_PERMISSIONS,
|
||||
timestamps: {
|
||||
created: now,
|
||||
updated: now
|
||||
}
|
||||
};
|
||||
|
||||
await PERMISSIONS_STORE.create(user_permissions);
|
||||
|
||||
const session_result: SESSION_RESULT = await create_new_session({
|
||||
user,
|
||||
expires: undefined
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue