Closed aral closed 2 years ago
Aren't the push
and fetch
event handlers supposed to do this?
Sorry I see what you're saying, perhaps a comment would be more clear?
// Check these credentials are correct for this user.
Then in the other event handlers:
// Decide if this user is allowed to perform this action against this repo.
yeah I think adding a comment like @willstott101 is suggesting would be a good idea
The authentication code in the example app (and readme) currently allows all requests. This small update demonstrates how to actually perform authentication, including rejection by calling
next()
with an error message string.