function ensureWritePermissions()

in src/server/main.ts [70:91]

• 17 lines of code
• 5 McCabe index (conditional complexity)

function ensureWritePermissions(req: Request, res: Response, next: NextFunction) {
  // For local development, it's easier if we don't have to deal with auth.
  if (process.env.SKIP_AUTH == "true") {
    return next();
  }

  const claimEmail = req.headers["oidc-claim-user-profile-email"] as string;
  if (!claimEmail) {
    return endWithStatusAndBody(res, 401, "unauthorized");
  }

  if (!process.env.MOZLDAP_STATE_ACCESS) {
    logger.error("MOZLDAP_STATE_ACCESS was not set, all authenticated requests will fail!");
    return endWithStatusAndBody(res, 403, "user not allowed");
  }

  if (process.env.MOZLDAP_STATE_ACCESS.split(",").includes(claimEmail)) {
    return next();
  }

  return endWithStatusAndBody(res, 403, "user not allowed");
}