Module Enforcement Middleware - Meander - Peer Mentor Platform

Infrastructure medium complexity backend

Dependencies

Dependents

Entities

Integrations

Description

API middleware that intercepts every request to a module-scoped endpoint and verifies the requesting user's organization has the corresponding module enabled. Returns HTTP 403 for disabled modules, ensuring clients cannot bypass toggle state by calling the API directly.

Feature: Feature Toggles

module-enforcement-middleware

Responsibilities

Extract the area identifier from request route metadata or path convention
Look up the enabled module set for the authenticated tenant via Module Configuration Service
Short-circuit the request with 403 when the module is disabled for the organization
Pass always-on core modules through without a database lookup

Interfaces

enforceModuleAccess(req: ApiRequest, res: ApiResponse, next: NextFunction): Promise<void>

extractAreaFromRoute(route: RouteDefinition): string | null

isAlwaysOn(areaId: string): boolean

Relationships

Dependencies (1)

Components this component depends on

service Module Configuration Service

Related Data Entities (3)

Data entities managed by this component

Event 18 fields core Organization 21 fields core Organization Membership 18 fields core