Diff

mod_invites_api/mod_invites_api.lua @ 4216:35b678609b79

mod_invites_api: Allow restricting HTTP methods per key (once implemented)
author Matthew Wild <mwild1@gmail.com>
date Fri, 16 Oct 2020 14:26:53 +0100
parent 4115:165ade4ce97b
child 5142:410d7c8d210d
line wrap: on
line diff
--- a/mod_invites_api/mod_invites_api.lua	Fri Oct 16 14:25:44 2020 +0100
+++ b/mod_invites_api/mod_invites_api.lua	Fri Oct 16 14:26:53 2020 +0100
@@ -54,6 +54,10 @@
 		return 403;
 	end
 
+	if api_user.allowed_methods and not api_user.allowed_methods[event.request.method] then
+		return 405;
+	end
+
 	local invite = invites.create_account(nil, { source = "api/token/"..api_user.id });
 	if not invite then
 		return 500;
@@ -104,6 +108,7 @@
 			token = token;
 			name = arg[1];
 			created_at = os.time();
+			allowed_methods = { GET = true, POST = true };
 		});
 		print(id.."/"..token);
 	elseif command == "delete" then