diff --git a/functions/api/appeals/[id]/_middleware.ts b/functions/api/appeals/[id]/_middleware.ts
new file mode 100644
index 0000000..98a6df2
--- /dev/null
+++ b/functions/api/appeals/[id]/_middleware.ts
@@ -0,0 +1,32 @@
+export async function onRequestPost(context: RequestContext) {
+  const { permissions } = context.data.current_user;
+
+  if (!(permissions & (1 << 0)) || !(permissions & (1 << 11)))
+    return new Response('{"error":"Forbidden"}', {
+      headers: {
+        "content-type": "application/json",
+      },
+      status: 403,
+    });
+
+  const { body } = context.data;
+
+  if (typeof body.accept !== "boolean")
+    return new Response('{"error":"Invalid acceptance status"}', {
+      headers: {
+        "content-type": "application/json",
+      },
+      status: 400,
+    });
+
+  if (
+    body.feedback &&
+    (typeof body.feedback !== "string" || body.feedback.length > 512)
+  )
+    return new Response('{"error":"Invalid feedback"}', {
+      headers: {
+        "content-type": "application/json",
+      },
+      status: 400,
+    });
+}