From 65737a9b387b9360e1851c44ed183516ee7799fd Mon Sep 17 00:00:00 2001 From: Colin Okay Date: Wed, 16 Feb 2022 15:14:05 -0600 Subject: endpoint for token access revokation --- src/main.lisp | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'src') diff --git a/src/main.lisp b/src/main.lisp index 11be7fd..2b64a57 100644 --- a/src/main.lisp +++ b/src/main.lisp @@ -442,6 +442,20 @@ (t (http-err 401)))) +(defun can-revoke-contributor (requesting-contributor target-contributor) + "A contributor can revoke their own access, or an admin can revoke anybody's." + (or (eq requesting-contributor target-contributor) + (adminp requesting-contributor))) + +(defendpoint* :post "/revoke/:contributor a-user-handle:" () + (:auth t) + "A contributor can revoke their own access (if for some reason their + API key ends up out of their control), or an admin can revoke + anybody's access token, forcing the to re-authenticate." + (if (can-revoke-contributor (request-contributor) contributor) + (revoke-access contributor) + (http-err 403))) + (defun authorized-to-invite () "To make a new invite, a contributor must be authorized and must not have exceeded the invite limit." -- cgit v1.2.3