'use strict' import domainsService from '../../src/data/users/domains' import { isAuthEnabled, initAllowedUsers, authenticate, checkRole } from '../../auth' import { Operation } from 'express-openapi' export default function() { const GET: Operation = async (req, res, next) => { const { isAllowedUser, role } = req.user if (!isAllowedUser && !checkRole(role, 'admin')) { const msg = 'No permission to get user domain' console.error(msg) res.status(401).send(msg) } else { try { res.status(200).json(await domainsService.getDomains(req)) if (isAuthEnabled()) { await initAllowedUsers() } } catch (error) { console.error(error) res.status(error.code || 500).json(error.message) } } } const POST: Operation = async (req, res, next) => { const { isAllowedUser, role } = req.user if (!isAllowedUser && !checkRole(role, 'admin')) { const msg = 'No permission to post user domain' console.error(msg) res.status(401).send(msg) } else { try { res.status(200).json(await domainsService.postUser(req)) if (isAuthEnabled()) { await initAllowedUsers() } } catch (error) { console.error(error) res.status(error.code || 500).json(error.message) } } } return { POST: [authenticate(['allowed-users', 'bot-token']), POST], GET: [authenticate(['allowed-users', 'bot-token']), GET] } }