Actions: Deny access based on SQL result

Hi,

I’m currently using tedious@1.11.0 to perform SQL query in action.
Based on result of the query, I would like to restrict api access through api.access.deny(‘someError’). Is it possible? I am trying to check result inside of a function callback:

 someFunctionPerformingSqlQuery(email, (error) => {
        if (error) {
	api.access.deny(error);
        }
        return;
      });

This solution unfortunately doesn’t work and loops execution of my action. Is there a way to make it work?

Hi @kacper.czerniak,

Can you explain what you mean by “loops execution of my action”? The `api.access.deny(error)’ should halt the login process and return the error to the user.

Sorry for late response. I’m not sure how it happened, but in logs it looked like this action is being fired over and over again. But that was not a main problem :wink:

Main problem was calling api.access.deny() in callback.

I’ve solved this issue by using Sequelize package. It allows us to perform and await db calls and assign the result to the variable. Something like this:

const Sequelize = require(‘sequelize’);
const {QueryTypes} = require(‘sequelize’);

const db = new Sequelize(event.secrets.db_catalog, event.secrets.db_user, event.secrets.db_password,
{
host:event.secrets.db_server,
port: 1433,
driver: ‘tedious’,
dialect: ‘mssql’,
options: {
encrypt: true,
database: event.secrets.db_catalog
},
dialectOptions: {
encrypt: true
},
pool: {
max: 5,
min: 0,
idle: 10000
}
});

const email = ‘some@email.com’;

const result = await db.query(‘SELECT 1 FROM [User] WHERE Email = :email’, {
replacements: {email: email},
type: QueryTypes.SELECT,
plain: true
});