commit 07ae140164405cb88e691e3c71b097085abd76fd
parent 022bface834aebfa3c6efe0b5449c7652376a180
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Sat, 17 Jun 2023 13:47:34 -0700
auth for analyze endpoint
Diffstat:
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/pkg/web/handlers/chess.go b/pkg/web/handlers/chess.go
@@ -120,6 +120,10 @@ func ChessHandler(c echo.Context) error {
func ChessGameAnalyzeHandler(c echo.Context) error {
key := c.Param("key")
db := c.Get("database").(*database.DkfDB)
+ authUser := c.Get("authUser").(*database.User)
+ if !authUser.CanUseChessAnalyze {
+ return c.Redirect(http.StatusFound, "/")
+ }
g, err := interceptors.ChessInstance.GetGame(key)
if err != nil {
return c.Redirect(http.StatusFound, "/")
diff --git a/pkg/web/web.go b/pkg/web/web.go
@@ -100,7 +100,7 @@ func getMainServer(db *database.DkfDB, i18nBundle *i18n.Bundle, renderer *tmp.Te
authGroup.POST("/chess", handlers.ChessHandler)
authGroup.GET("/chess/:key", handlers.ChessGameHandler)
authGroup.POST("/chess/:key", handlers.ChessGameHandler)
- authGroup.GET("/chess/:key/analyze", handlers.ChessGameAnalyzeHandler, middlewares.IsAdminMiddleware)
+ authGroup.GET("/chess/:key/analyze", handlers.ChessGameAnalyzeHandler)
authGroup.GET("/chess/:key/form", handlers.ChessGameFormHandler)
authGroup.POST("/chess/:key/form", handlers.ChessGameFormHandler)
authGroup.GET("/chess/:key/stats", handlers.ChessGameStatsHandler)
