diff --git a/src/corsOptions.ts b/src/corsOptions.ts index 94367f2..65e8fb4 100644 --- a/src/corsOptions.ts +++ b/src/corsOptions.ts @@ -6,7 +6,7 @@ export const corsOptions = { return getOrigin(origin, c.env.stagingHostSuffix); }, allowHeaders: ['content-type', 'authorization'], - allowMethods: ['GET', 'HEAD', 'POST', 'OPTIONS', 'PUT'], + allowMethods: ['GET', 'HEAD', 'POST', 'OPTIONS', 'PUT', 'DELETE'], maxAge: 86400, credentials: true, exposeHeaders: ['X-Origin'] diff --git a/src/deleteEpisode.ts b/src/deleteEpisode.ts new file mode 100644 index 0000000..f805821 --- /dev/null +++ b/src/deleteEpisode.ts @@ -0,0 +1,32 @@ +import { AddResponseHeaders } from "./AddResponseHeaders"; +import { Auth0ActionContext } from "./Auth0ActionContext"; +import { Auth0JwtPayload } from "./Auth0JwtPayload"; +import { buildFetchHeaders } from "./buildFetchHeaders"; + + +export async function deleteEpisode(c: Auth0ActionContext): Promise { + const auth0Payload: Auth0JwtPayload = c.var.auth0('payload'); + const id = c.req.param('id'); + AddResponseHeaders(c, { methods: ["POST", "GET", "OPTIONS", "DELETE"] }); + if (auth0Payload?.permissions && auth0Payload.permissions.includes('admin')) { + const url = `${c.env.secureEpisodeEndpoint}/${id}`; + const resp = await fetch(url, { + headers: buildFetchHeaders(c.req, c.env.secureEpisodeEndpoint), + method: "DELETE" + }); + if (resp.status == 200) { + console.log(`Successfully used secure-episode-endpoint.`); + return new Response(resp.body); + } else if (resp.status == 404) { + console.log(`Failed to use secure-episode-endpoint. Episode not found.`); + return new Response(resp.body, {status: resp.status}); + } else if (resp.status == 300) { + console.log(`Failed to use secure-episode-endpoint. Multple podcast/episodes found.`); + return new Response(resp.body, {status: resp.status}); + } else { + console.log(`Failed to use secure-episode-endpoint. Response code: '${resp.status}'.`); + return c.json({ error: "Error" }, 500); + } + } + return c.json({ error: "Unauthorised" }, 403); +} diff --git a/src/getEpisode.ts b/src/getEpisode.ts index b10f7f4..dcd69bc 100644 --- a/src/getEpisode.ts +++ b/src/getEpisode.ts @@ -6,7 +6,7 @@ import { buildFetchHeaders } from './buildFetchHeaders'; export async function getEpisode(c: Auth0ActionContext): Promise { const auth0Payload: Auth0JwtPayload = c.var.auth0('payload'); const id = c.req.param('id'); - AddResponseHeaders(c, { methods: ["POST", "GET", "OPTIONS"] }); + AddResponseHeaders(c, { methods: ["POST", "GET", "OPTIONS", "DELETE"] }); if (auth0Payload?.permissions && auth0Payload.permissions.includes('curate')) { const authorisation: string = c.req.header("Authorization")!; diff --git a/src/index.ts b/src/index.ts index 63a6c3f..5e815ea 100644 --- a/src/index.ts +++ b/src/index.ts @@ -24,6 +24,7 @@ import { submitDiscovery } from './submitDiscovery'; import { runSearchIndexer } from './runSearchIndexer'; import { publishHomepage } from './publishHomepage'; import { publishTerm } from './publishTerm'; +import { deleteEpisode } from './deleteEpisode'; const app = new Hono<{ Bindings: Env }>(); @@ -35,6 +36,7 @@ app.post("/search", search); app.post("/submit", Auth0Middleware, submit); app.get("/episode/:id", Auth0Middleware, getEpisode); app.post("/episode/:id", Auth0Middleware, updateEpisode); +app.delete("/episode/:id", Auth0Middleware, deleteEpisode); app.post("/episode/publish/:id", Auth0Middleware, publish); app.get("/episodes/outgoing", Auth0Middleware, getOutgoing); app.get("/podcast/:name", Auth0Middleware, getPodcastByName); diff --git a/src/updateEpisode.ts b/src/updateEpisode.ts index 3972e1a..884d733 100644 --- a/src/updateEpisode.ts +++ b/src/updateEpisode.ts @@ -6,7 +6,7 @@ import { buildFetchHeaders } from "./buildFetchHeaders"; export async function updateEpisode(c: Auth0ActionContext): Promise { const auth0Payload: Auth0JwtPayload = c.var.auth0('payload'); const id = c.req.param('id'); - AddResponseHeaders(c, { methods: ["POST", "GET", "OPTIONS"] }); + AddResponseHeaders(c, { methods: ["POST", "GET", "OPTIONS", "DELETE"] }); if (auth0Payload?.permissions && auth0Payload.permissions.includes('curate')) { const url = `${c.env.secureEpisodeEndpoint}/${id}`; const data: any = await c.req.json();