diff options
author | Colin Okay <okay@toyful.space> | 2022-02-16 15:14:05 -0600 |
---|---|---|
committer | Colin Okay <okay@toyful.space> | 2022-02-16 15:14:05 -0600 |
commit | 65737a9b387b9360e1851c44ed183516ee7799fd (patch) | |
tree | e13fccb46c6b1638f2c1c13f009fdde28d86c6a2 /src | |
parent | 4ac8c491b0dc368ef875ed62a3fea945005fe0e6 (diff) |
endpoint for token access revokation
Diffstat (limited to 'src')
-rw-r--r-- | src/main.lisp | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/src/main.lisp b/src/main.lisp index 11be7fd..2b64a57 100644 --- a/src/main.lisp +++ b/src/main.lisp @@ -442,6 +442,20 @@ (t (http-err 401)))) +(defun can-revoke-contributor (requesting-contributor target-contributor) + "A contributor can revoke their own access, or an admin can revoke anybody's." + (or (eq requesting-contributor target-contributor) + (adminp requesting-contributor))) + +(defendpoint* :post "/revoke/:contributor a-user-handle:" () + (:auth t) + "A contributor can revoke their own access (if for some reason their + API key ends up out of their control), or an admin can revoke + anybody's access token, forcing the to re-authenticate." + (if (can-revoke-contributor (request-contributor) contributor) + (revoke-access contributor) + (http-err 403))) + (defun authorized-to-invite () "To make a new invite, a contributor must be authorized and must not have exceeded the invite limit." |