protect article delete route

2020-06-12 08:41:44 -07:00 · 2020-06-12 08:41:44 -07:00 · 2a81de5bb8
commit 2a81de5bb8
parent 90724027af
1 changed files with 19 additions and 0 deletions
--- a/src/routes/a/[slug].json.js
+++ b/src/routes/a/[slug].json.js
@ -27,6 +27,25 @@ export async function get(req, res, next) {
 }

 export async function del(req, res, next) {
+    if (!req.user) {
+        res.writeHead(401, {
+            'Content-Type': 'application/json'
+        });
+        res.end(JSON.stringify({
+            message: `You are not logged in`
+        }));
+        return;
+    }
+    if (!req.user.author) {
+        res.writeHead(401, {
+            'Content-Type': 'application/json'
+        });
+        res.end(JSON.stringify({
+            message: `You are not designated as an author.`
+        }));
+        return;
+    }
+
    const { slug } = req.params;
    const article = await Article.findOneAndDelete({ slug });