Lock /preview/* routes behind Any-Auth

This commit is contained in:
Mike Schwörer 2024-06-12 00:43:07 +02:00
parent dac268f40b
commit 2ccdb8b238
Signed by: Mikescher
GPG Key ID: D3C7172E0A70F8CF

View File

@ -37,6 +37,10 @@ func (h APIHandler) GetUserPreview(g *gin.Context) ginresp.HTTPResponse {
} }
defer ctx.Cancel() defer ctx.Cancel()
if permResp := ctx.CheckPermissionAny(); permResp != nil {
return *permResp
}
user, err := h.database.GetUser(ctx, u.UserID) user, err := h.database.GetUser(ctx, u.UserID)
if errors.Is(err, sql.ErrNoRows) { if errors.Is(err, sql.ErrNoRows) {
return ginresp.APIError(g, 404, apierr.USER_NOT_FOUND, "User not found", err) return ginresp.APIError(g, 404, apierr.USER_NOT_FOUND, "User not found", err)
@ -76,6 +80,10 @@ func (h APIHandler) GetChannelPreview(g *gin.Context) ginresp.HTTPResponse {
} }
defer ctx.Cancel() defer ctx.Cancel()
if permResp := ctx.CheckPermissionAny(); permResp != nil {
return *permResp
}
channel, err := h.database.GetChannelByID(ctx, u.ChannelID) channel, err := h.database.GetChannelByID(ctx, u.ChannelID)
if errors.Is(err, sql.ErrNoRows) { if errors.Is(err, sql.ErrNoRows) {
return ginresp.APIError(g, 404, apierr.CHANNEL_NOT_FOUND, "Channel not found", err) return ginresp.APIError(g, 404, apierr.CHANNEL_NOT_FOUND, "Channel not found", err)
@ -115,6 +123,10 @@ func (h APIHandler) GetUserKeyPreview(g *gin.Context) ginresp.HTTPResponse {
} }
defer ctx.Cancel() defer ctx.Cancel()
if permResp := ctx.CheckPermissionAny(); permResp != nil {
return *permResp
}
keytoken, err := h.database.GetKeyToken(ctx, u.UserID, u.KeyID) keytoken, err := h.database.GetKeyToken(ctx, u.UserID, u.KeyID)
if errors.Is(err, sql.ErrNoRows) { if errors.Is(err, sql.ErrNoRows) {
return ginresp.APIError(g, 404, apierr.KEY_NOT_FOUND, "Key not found", err) return ginresp.APIError(g, 404, apierr.KEY_NOT_FOUND, "Key not found", err)