Press n or j to go to the next uncovered block, b, p or k for the previous block.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | 7x 8x 8x 8x 2x 2x 6x | // nextstep-backend/src/middleware/validateUser.ts import { Response, NextFunction } from 'express'; import {CustomRequest} from "types/customRequest"; import {unless} from "express-unless"; /** * Middleware to validate user, to perform action only on his account * We will be able to use it, to bypass it in the future for the admin role, if we'll have one * @param req * @param res * @param next */ const validateUser: any & { unless: typeof unless } = (req: CustomRequest, res: Response, next: NextFunction): void => { const authenticatedUserId = req.user.id; const userIdInParams = req.params.id; if (userIdInParams && authenticatedUserId !== userIdInParams) { res.status(403).json({ message: 'Forbidden: You can only perform this action on your own account' }); return; } next(); }; export default validateUser; |