Association Context Middleware - Likepersonsapp – Peer Mentor Activity Platform

Infrastructure low complexity backend

Dependencies

Dependents

Entities

Integrations

Description

Backend middleware (Next.js API route middleware) that intercepts all write requests and validates that the association_id in the request body or header belongs to the authenticated user's list of memberships. Rejects requests with a 403 if the user attempts to write data to an association they are not a member of, preventing unauthorized data attribution.

Feature: Member Multi-Association Membership

association-context-middleware

Responsibilities

Extract association_id from incoming API requests
Verify the authenticated user has a valid membership in the specified association
Reject unauthorized association access with a structured 403 error
Pass validated context to downstream API handlers

Interfaces

validateAssociationAccess(req: NextApiRequest, res: NextApiResponse, next: Function): Promise<void>

extractAssociationId(req: NextApiRequest): String?

checkUserMembership(userId: String, associationId: String): Promise<bool>

buildUnauthorizedResponse(reason: String): ErrorResponse

Relationships

Dependencies (1)

Components this component depends on

data Association Membership Repository

Related Data Entities (6)

Data entities managed by this component

Activity 20 fields core Event 19 fields core Local Association 17 fields core Organization 14 fields core Role 11 fields configuration User Organization Role 12 fields core