aboutsummaryrefslogtreecommitdiff
path: root/services/users
diff options
context:
space:
mode:
Diffstat (limited to 'services/users')
-rw-r--r--services/users/users.hooks.ts16
1 files changed, 13 insertions, 3 deletions
diff --git a/services/users/users.hooks.ts b/services/users/users.hooks.ts
index 48843be..125f418 100644
--- a/services/users/users.hooks.ts
+++ b/services/users/users.hooks.ts
@@ -1,7 +1,9 @@
import _ from 'lodash';
import { hooks } from '@feathersjs/authentication-local';
-import { discard } from 'feathers-hooks-common';
+import { discard, disallow } from 'feathers-hooks-common';
import { HookContext } from '@feathersjs/feathers';
+import { NotAuthenticated } from '@feathersjs/errors';
+import requireAuth from '../../hooks/requireAuth';
const hashPassword = hooks.hashPassword('password');
@@ -12,6 +14,13 @@ const ignoreCaseRegex = async (context: HookContext): Promise<HookContext> => {
return context;
};
+const compareUser = async (context: HookContext): Promise<HookContext> => {
+ if (context.arguments[0] !== context.params.user._id) {
+ throw new NotAuthenticated('You can only PATCH/UPDATE your own user!');
+ }
+ return context;
+};
+
export default {
after: {
all: hooks.protect('password'),
@@ -20,8 +29,9 @@ export default {
before: {
find: ignoreCaseRegex,
create: hashPassword,
- patch: hashPassword,
- update: hashPassword
+ patch: [hashPassword, requireAuth, compareUser],
+ update: [hashPassword, requireAuth, compareUser],
+ remove: disallow('external')
}
};
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 05:54:31 +0000