aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorColin Okay <okay@toyful.space>2022-02-16 15:14:05 -0600
committerColin Okay <okay@toyful.space>2022-02-16 15:14:05 -0600
commit65737a9b387b9360e1851c44ed183516ee7799fd (patch)
treee13fccb46c6b1638f2c1c13f009fdde28d86c6a2 /src
parent4ac8c491b0dc368ef875ed62a3fea945005fe0e6 (diff)
endpoint for token access revokation
Diffstat (limited to 'src')
-rw-r--r--src/main.lisp14
1 files changed, 14 insertions, 0 deletions
diff --git a/src/main.lisp b/src/main.lisp
index 11be7fd..2b64a57 100644
--- a/src/main.lisp
+++ b/src/main.lisp
@@ -442,6 +442,20 @@
(t
(http-err 401))))
+(defun can-revoke-contributor (requesting-contributor target-contributor)
+ "A contributor can revoke their own access, or an admin can revoke anybody's."
+ (or (eq requesting-contributor target-contributor)
+ (adminp requesting-contributor)))
+
+(defendpoint* :post "/revoke/:contributor a-user-handle:" ()
+ (:auth t)
+ "A contributor can revoke their own access (if for some reason their
+ API key ends up out of their control), or an admin can revoke
+ anybody's access token, forcing the to re-authenticate."
+ (if (can-revoke-contributor (request-contributor) contributor)
+ (revoke-access contributor)
+ (http-err 403)))
+
(defun authorized-to-invite ()
"To make a new invite, a contributor must be authorized and must not
have exceeded the invite limit."