From 4ed87cd33163c8a135177b85f959f94608f4d413 Mon Sep 17 00:00:00 2001 From: Kibi Kelburton Date: Thu, 28 May 2026 18:33:23 +0200 Subject: [PATCH] fix hall creation --- src/hall_image_handler.mjs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/hall_image_handler.mjs b/src/hall_image_handler.mjs index 9e61c7f..09099e6 100644 --- a/src/hall_image_handler.mjs +++ b/src/hall_image_handler.mjs @@ -269,6 +269,9 @@ export const handleHallUpdate = async (req, res) => { // POST /api/v2/admin/halls — create a new hall export const handleHallCreate = async (req, res) => { + const session = await lookupSession(req); + if (!session || (!session.admin && !session.is_moderator)) return sendJson(res, { success: false, msg: 'Unauthorized' }, 403); + // CSRF check const token = req.headers['x-csrf-token'] || req.url?.qs?.csrf_token; if (!token || token !== session.csrf_token) {