mirror of
https://github.com/bluewave-labs/Checkmate.git
synced 2026-01-28 20:59:23 -06:00
36 lines
1011 B
JavaScript
36 lines
1011 B
JavaScript
const logger = require("../utils/logger");
|
|
const SERVICE_NAME = "verifyOwnership";
|
|
|
|
const verifyOwnership = (Model, paramName) => {
|
|
return async (req, res, next) => {
|
|
const userId = req.user._id;
|
|
const documentId = req.params[paramName];
|
|
try {
|
|
const doc = await Model.findById(documentId);
|
|
//If the document is not found, return a 404 error
|
|
if (!doc) {
|
|
logger.error("Document not found", {
|
|
service: SERVICE_NAME,
|
|
});
|
|
const error = new Error("Document not found");
|
|
error.status = 404;
|
|
throw error;
|
|
}
|
|
|
|
// If the userID does not match the document's userID, return a 403 error
|
|
if (userId.toString() !== doc.userId.toString()) {
|
|
console.log("boom");
|
|
const error = new Error("Unauthorized access");
|
|
error.status = 403;
|
|
throw error;
|
|
}
|
|
next();
|
|
} catch (error) {
|
|
error.service = SERVICE_NAME;
|
|
next(error);
|
|
}
|
|
};
|
|
};
|
|
|
|
module.exports = { verifyOwnership };
|