elpatron
dea33e3f00
Ersetzt die spoofbare X-User-Id-Auth durch signierte HttpOnly-Sessions nach WebAuthn, erzwingt WRITE-only Sync, speichert den Master-Key nur im RAM und ergänzt CORS, Rate-Limits, Helmet sowie Passkey-Reauth für sensible Aktionen. Co-authored-by: Cursor <cursoragent@cursor.com>
18 lines
449 B
TypeScript
18 lines
449 B
TypeScript
import { apiJson } from './api.js'
|
|
|
|
export interface LogbookAccess {
|
|
isOwner: boolean
|
|
role: 'OWNER' | 'READ' | 'WRITE'
|
|
writeCollaboratorCount: number
|
|
}
|
|
|
|
export async function getLogbookAccess(logbookId: string): Promise<LogbookAccess | null> {
|
|
if (!localStorage.getItem('active_userid') || !navigator.onLine) return null
|
|
|
|
try {
|
|
return await apiJson<LogbookAccess>(`/api/logbooks/${logbookId}/access`)
|
|
} catch {
|
|
return null
|
|
}
|
|
}
|