kontextwerk/api/hooks/orderRevokeRequest/get_read.js

const { withAccount } = require("../lib/utils")
;(function () {
    const queryParam = context.request().query("orderId")
    if (!queryParam) {
        if (context.user.auth()) return
        throw {
            message: "orderId is required",
            code: 400,
        }
    }

    withAccount((login) => {
        const order = context.db.find("bigCommerceOrder", {
            filter: {
                bigCommerceId: Number(queryParam),
            },
        })[0]
        if (!order) {
            throw {
                message: "Order not found",
                code: 404,
            }
        }
        if (order.customerBigCommerceId !== login.bigCommerceId) {
            throw {
                message: "You don't have permission to access this order",
                code: 403,
            }
        }
        context.filter = {
            bigCommerceId: order.bigCommerceId,
        }
    })
    return context
})()