From 85b3cc20e8f453868d06d55a688ee8dfe90b80d4 Mon Sep 17 00:00:00 2001
From: eug-vs <eug-vs@keemail.me>
Date: Sun, 5 Jul 2020 13:33:00 +0300
Subject: feat: protect all services

---
 services/feedback/feedback.hooks.ts | 7 +++++--
 services/polls/polls.hooks.ts       | 6 +++++-
 services/votes/votes.hooks.ts       | 6 +++++-
 3 files changed, 15 insertions(+), 4 deletions(-)

(limited to 'services')

diff --git a/services/feedback/feedback.hooks.ts b/services/feedback/feedback.hooks.ts
index 7ae6c5d..5bc2552 100644
--- a/services/feedback/feedback.hooks.ts
+++ b/services/feedback/feedback.hooks.ts
@@ -1,4 +1,4 @@
-import { populate, discard } from 'feathers-hooks-common';
+import { populate, discard, disallow } from 'feathers-hooks-common';
 import requireAuth from '../../hooks/requireAuth';
 import signAuthority from '../../hooks/signAuthority';
 import sortByDate from '../../hooks/sortByDate';
@@ -18,7 +18,10 @@ const populateAuthor = populate({
 export default {
   before: {
     create: [requireAuth, signAuthority],
-    find: sortByDate
+    find: sortByDate,
+    remove: disallow('external'),
+    patch: disallow('external'),
+    update: disallow('external')
   },
   after: {
     all: [populateAuthor, discard('authorId')]
diff --git a/services/polls/polls.hooks.ts b/services/polls/polls.hooks.ts
index e3d04e7..35eae29 100644
--- a/services/polls/polls.hooks.ts
+++ b/services/polls/polls.hooks.ts
@@ -1,4 +1,5 @@
 import { HookContext } from '@feathersjs/feathers';
+import { disallow } from 'feathers-hooks-common';
 import { Types } from 'mongoose';
 import bluebird from 'bluebird'; import _ from 'lodash';
 import { Poll } from 'which-types';
@@ -46,7 +47,10 @@ const convertPoll = async (context: HookContext): Promise<HookContext> => {
 export default {
   before: {
     find: sortByDate,
-    create: signAuthority
+    create: signAuthority,
+    remove: disallow('external'),
+    update: disallow('external'),
+    patch: disallow('external')
   },
   after: {
     all: convertPoll
diff --git a/services/votes/votes.hooks.ts b/services/votes/votes.hooks.ts
index 56e9000..923e897 100644
--- a/services/votes/votes.hooks.ts
+++ b/services/votes/votes.hooks.ts
@@ -1,9 +1,13 @@
+import { disallow } from 'feathers-hooks-common';
 import requireAuth from '../../hooks/requireAuth';
 import signAuthority from '../../hooks/signAuthority';
 
 export default {
   before: {
-    create: [requireAuth, signAuthority]
+    create: [requireAuth, signAuthority],
+    remove: disallow('external'),
+    update: disallow('external'),
+    patch: disallow('external')
   }
 };
 
-- 
cgit v1.2.3