dkforest

A forum and chat platform (onion)
git clone https://git.dasho.dev/n0tr1v/dkforest.git
Log | Files | Refs | LICENSE
commit a71dbd2fab78586b6a8ca35d0566a653001aaf10
parent 6a4d7558411c21bf07f05155fd75d06d90a54143
Author: n0tr1v <n0tr1v@protonmail.com>
Date:   Mon, 12 Jun 2023 12:42:07 -0700

auth for resign/send move

Diffstat:

Mpkg/web/handlers/handlers.go | 3+++


1 file changed, 3 insertions(+), 0 deletions(-)

diff --git a/pkg/web/handlers/handlers.go b/pkg/web/handlers/handlers.go
@@ -5008,6 +5008,9 @@ func ChessGameHandler(c echo.Context) error {
 
 	if c.Request().Method == http.MethodPost {
 		msg := c.Request().PostFormValue("message")
+		if authUser.ID != g.Player1.ID && authUser.ID != g.Player2.ID {
+			return c.Redirect(http.StatusFound, c.Request().Referer())
+		}
 		if msg == "resign" {
 			resignColor := utils.Ternary(isFlipped, chess.Black, chess.White)
 			g.Game.Resign(resignColor)