const storage = require('../storage');

module.exports = async function(req, res, next) {
  const id = req.params.id;
  const ownerToken = req.body.owner_token;
  if (id && ownerToken) {
    try {
      req.meta = await storage.metadata(id);
      if (!req.meta) {
        return res.sendStatus(404);
      }
      req.authorized = req.meta.owner === ownerToken;
    } catch (e) {
      req.authorized = false;
    }
  }
  if (req.authorized) {
    next();
  } else {
    res.sendStatus(401);
  }
};