diff --git a/backend/src/api/routes/configuration.ts b/backend/src/api/routes/configuration.ts index 50af94df1..b0a94c7b0 100644 --- a/backend/src/api/routes/configuration.ts +++ b/backend/src/api/routes/configuration.ts @@ -1,24 +1,39 @@ import joi from "joi"; import { Router } from "express"; -import { asyncHandler, validateRequest } from "../../middlewares/api-utils"; +import { + asyncHandler, + checkUserPermissions, + useInProduction, + validateRequest, +} from "../../middlewares/api-utils"; import * as ConfigurationController from "../controllers/configuration"; +import { authenticateRequest } from "../../middlewares/auth"; const router = Router(); +const checkIfUserIsConfigurationMod = checkUserPermissions({ + criteria: (user) => { + return !!user.configurationMod; + }, +}); + router.get("/", asyncHandler(ConfigurationController.getConfiguration)); -if (process.env.MODE === "dev") { - router.patch( - "/", - validateRequest({ - body: { - configuration: joi.object(), - }, - }), - asyncHandler(ConfigurationController.updateConfiguration) - ); +router.patch( + "/", + useInProduction([authenticateRequest(), checkIfUserIsConfigurationMod]), + validateRequest({ + body: { + configuration: joi.object(), + }, + }), + asyncHandler(ConfigurationController.updateConfiguration) +); - router.get("/schema", asyncHandler(ConfigurationController.getSchema)); -} +router.get( + "/schema", + useInProduction([authenticateRequest(), checkIfUserIsConfigurationMod]), + asyncHandler(ConfigurationController.getSchema) +); export default router; diff --git a/backend/src/middlewares/api-utils.ts b/backend/src/middlewares/api-utils.ts index 1d1e8de7d..ccda2670e 100644 --- a/backend/src/middlewares/api-utils.ts +++ b/backend/src/middlewares/api-utils.ts @@ -10,6 +10,12 @@ interface ValidationOptions { invalidMessage?: string; } +const emptyMiddleware = ( + _req: MonkeyTypes.Request, + _res: Response, + next: NextFunction +): void => next(); + /** * This utility checks that the server's configuration matches * the criteria. @@ -140,9 +146,19 @@ function validateRequest(validationSchema: ValidationSchema): RequestHandler { }; } +/** + * Uses the middlewares only in production. Otherwise, uses an empty middleware. + */ +function useInProduction(middlewares: RequestHandler[]): RequestHandler[] { + return middlewares.map((middleware) => + process.env.MODE === "dev" ? emptyMiddleware : middleware + ); +} + export { validateConfiguration, checkUserPermissions, asyncHandler, validateRequest, + useInProduction, }; diff --git a/backend/src/types/types.d.ts b/backend/src/types/types.d.ts index 2af9cd8c6..352fc14c4 100644 --- a/backend/src/types/types.d.ts +++ b/backend/src/types/types.d.ts @@ -171,6 +171,7 @@ declare namespace MonkeyTypes { timeTyping?: number; uid: string; quoteMod?: boolean; + configurationMod?: boolean; cannotReport?: boolean; banned?: boolean; canManageApeKeys?: boolean;