versia-pub/server
2
0
Fork 0
mirror of https://github.com/versia-pub/server.git synced 2026-01-26 12:16:01 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(api): 🐛 Add safeguards to emoji upload routes

Browse source
This commit is contained in:
Jesse Wierzbinski 2024-05-12 13:43:58 -10:00
parent 67bee695e6
commit 14d3a243a2
No known key found for this signature in database
2 changed files with 11 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
server/api/api/v1/emojis/:id/index.ts
View file

@ -70,8 +70,12 @@ export default (app: Hono) =>
const { id } = context.req.valid("param");
const { user } = context.req.valid("header");
if (!user) {
return errorResponse("Unauthorized", 401);
}
// Check if user is admin
if (!user?.getUser().isAdmin) {
if (!user.getUser().isAdmin) {
return jsonResponse(
{
error: "You do not have permission to modify emojis (must be an administrator)",

8
server/api/api/v1/emojis/index.ts
View file

@ -7,7 +7,7 @@ import {
} from "@api";
import { mimeLookup } from "@content_types";
import { zValidator } from "@hono/zod-validator";
import { jsonResponse } from "@response";
import { errorResponse, jsonResponse } from "@response";
import type { Hono } from "hono";
import { z } from "zod";
import { getUrl } from "~database/entities/Attachment";
@ -62,8 +62,12 @@ export default (app: Hono) =>
const { shortcode, element, alt } = context.req.valid("form");
const { user } = context.req.valid("header");
if (!user) {
return errorResponse("Unauthorized", 401);
}
// Check if user is admin
if (!user?.getUser().isAdmin) {
if (!user.getUser().isAdmin) {
return jsonResponse(
{
error: "You do not have permission to add emojis (must be an administrator)",