archetecture security fix
This commit is contained in:
@@ -0,0 +1,47 @@
|
||||
"use strict";
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.requireActiveSubscription = requireActiveSubscription;
|
||||
exports.requireFullAccess = requireFullAccess;
|
||||
const prisma_1 = require("../../lib/prisma");
|
||||
const subscription_policy_1 = require("./subscription.policy");
|
||||
async function requireActiveSubscription(req, res, next) {
|
||||
const companyId = req.companyId;
|
||||
if (!companyId)
|
||||
return res.status(401).json({ error: 'unauthenticated' });
|
||||
const sub = await prisma_1.prisma.subscription.findUnique({ where: { companyId } });
|
||||
const status = sub?.status ?? 'EXPIRED';
|
||||
const accessLevel = (0, subscription_policy_1.getAccessLevel)(status);
|
||||
if (!(0, subscription_policy_1.hasAnyAccess)(status)) {
|
||||
return res.status(403).json({
|
||||
error: 'subscription_required',
|
||||
message: 'Your subscription has ended. Please reactivate to continue.',
|
||||
subscriptionStatus: status,
|
||||
accessLevel,
|
||||
});
|
||||
}
|
||||
;
|
||||
req.subscriptionStatus = status;
|
||||
req.accessLevel = accessLevel;
|
||||
next();
|
||||
}
|
||||
async function requireFullAccess(req, res, next) {
|
||||
const companyId = req.companyId;
|
||||
if (!companyId)
|
||||
return res.status(401).json({ error: 'unauthenticated' });
|
||||
const sub = await prisma_1.prisma.subscription.findUnique({ where: { companyId } });
|
||||
const status = sub?.status ?? 'EXPIRED';
|
||||
const accessLevel = (0, subscription_policy_1.getAccessLevel)(status);
|
||||
if (accessLevel !== 'full') {
|
||||
return res.status(403).json({
|
||||
error: 'insufficient_access',
|
||||
message: 'This action requires an active subscription.',
|
||||
subscriptionStatus: status,
|
||||
accessLevel,
|
||||
});
|
||||
}
|
||||
;
|
||||
req.subscriptionStatus = status;
|
||||
req.accessLevel = accessLevel;
|
||||
next();
|
||||
}
|
||||
//# sourceMappingURL=subscription.entitlement.js.map
|
||||
Reference in New Issue
Block a user