Mercurial > prosody-modules

changeset 4216:35b678609b79

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_invites_api: Allow restricting HTTP methods per key (once implemented)
author Matthew Wild <mwild1@gmail.com>
date Fri, 16 Oct 2020 14:26:53 +0100
parents 86f8ece24029
children 983565f42063
files mod_invites_api/mod_invites_api.lua
diffstat 1 files changed, 5 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mod_invites_api/mod_invites_api.lua	Fri Oct 16 14:25:44 2020 +0100
+++ b/mod_invites_api/mod_invites_api.lua	Fri Oct 16 14:26:53 2020 +0100
@@ -54,6 +54,10 @@
 		return 403;
 	end
 
+	if api_user.allowed_methods and not api_user.allowed_methods[event.request.method] then
+		return 405;
+	end
+
 	local invite = invites.create_account(nil, { source = "api/token/"..api_user.id });
 	if not invite then
 		return 500;
@@ -104,6 +108,7 @@
 			token = token;
 			name = arg[1];
 			created_at = os.time();
+			allowed_methods = { GET = true, POST = true };
 		});
 		print(id.."/"..token);
 	elseif command == "delete" then