commit 32ff4aed364390290cceddb54fc3070883016af6
parent f2c4247d8462c0549d532eea9205e0cd32f36743
Author: n0tr1v <n0tr1v@protonmail.com>
Date: Fri, 26 May 2023 04:22:36 -0700
enforce room access
Diffstat:
1 file changed, 3 insertions(+), 0 deletions(-)
diff --git a/pkg/web/handlers/handlers.go b/pkg/web/handlers/handlers.go
@@ -5038,6 +5038,9 @@ func ChatStreamMessagesHandler(c echo.Context) error {
if err != nil {
return c.Redirect(http.StatusFound, "/")
}
+ if !room.HasAccess(c) {
+ return c.Redirect(http.StatusForbidden, "/")
+ }
roomKey, err := getRoomKey(c, room)
if err != nil {
return c.Redirect(http.StatusFound, "/")
