Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Secure REST API (in Azure Function App) Using Permissions
if (isValidRequest) {
switch (req.method) {
case 'GET':
if (hasMissionReadScope) {
response = missionId ? getOne(missionId) : getMany();
} else {
response = {
status: HttpStatusCode.Unauthorized,
body: {
message: 'Insufficient permissions to retrieve missions. Missing scope Mission.Read.'
}
}
}
break;
case 'POST':
if (hasMissionWriteScope) {
response = insertOne(req.body);
} else {
response = {
status: HttpStatusCode.Unauthorized,
body: {
message: 'Insufficient permissions to write missions. Missing scope Mission.Write.'
}
}
}
break;
default:
response = {
status: HttpStatusCode.BadRequest,
body: {
error: {
type: 'not_supported',
message: `Method ${req.method} not supported.`
}
}
};
}
}
// ensure:
// - response is of type application/json
// - CORS configured for calling domain
response.headers = {
'Content-Type': 'application/json',
'Access-Control-Allow-Credentials': 'true'
};
context.res = response;
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.