archetecture security fix
This commit is contained in:
+24
@@ -0,0 +1,24 @@
|
||||
"use strict";
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.requireSubscription = requireSubscription;
|
||||
const authHelpers_1 = require("./authHelpers");
|
||||
const BLOCKED_STATUSES = ['SUSPENDED', 'PENDING'];
|
||||
/**
|
||||
* Blocks requests for companies with lapsed or unactivated subscriptions.
|
||||
* Must be applied after `requireTenant`.
|
||||
*
|
||||
* Guarantees on success:
|
||||
* req.company.status is not SUSPENDED or PENDING
|
||||
*/
|
||||
function requireSubscription(req, res, next) {
|
||||
const company = req.company;
|
||||
if (!company)
|
||||
return (0, authHelpers_1.sendUnauthorized)(res, 'unauthenticated', 'No company context');
|
||||
if (BLOCKED_STATUSES.includes(company.status)) {
|
||||
return (0, authHelpers_1.sendPaymentRequired)(res, `subscription_${company.status.toLowerCase()}`, company.status === 'SUSPENDED'
|
||||
? 'Your account has been suspended. Please contact support or renew your subscription.'
|
||||
: 'Your account is pending activation. Please complete your subscription setup.', { billingUrl: `${process.env.NEXT_PUBLIC_DASHBOARD_URL}/billing` });
|
||||
}
|
||||
next();
|
||||
}
|
||||
//# sourceMappingURL=requireSubscription.js.map
|
||||
Reference in New Issue
Block a user