Adding config bool for userhall image upload
This commit is contained in:
@@ -50,6 +50,12 @@ export const handleHallImageUpload = async (req, res) => {
|
||||
return sendJson(res, { success: false, msg: 'Unauthorized' }, 403);
|
||||
}
|
||||
|
||||
// CSRF check
|
||||
const token = req.headers['x-csrf-token'] || req.url?.qs?.csrf_token;
|
||||
if (!token || token !== session.csrf_token) {
|
||||
return sendJson(res, { success: false, msg: 'Invalid CSRF token' }, 403);
|
||||
}
|
||||
|
||||
const hallSlug = req.params && req.params.slug;
|
||||
if (!hallSlug) return sendJson(res, { success: false, msg: 'Missing hall slug' }, 400);
|
||||
|
||||
@@ -118,9 +124,9 @@ export const handleHallImageUpload = async (req, res) => {
|
||||
// DELETE /api/v2/admin/halls/:slug/image — remove custom image
|
||||
export const handleHallImageDelete = async (req, res) => {
|
||||
const session = await lookupSession(req);
|
||||
if (!session || (!session.admin && !session.is_moderator)) {
|
||||
return sendJson(res, { success: false, msg: 'Unauthorized' }, 403);
|
||||
}
|
||||
if (!session || (!session.admin && !session.is_moderator)) return sendJson(res, { success: false, msg: 'Unauthorized' }, 403);
|
||||
const token = req.headers['x-csrf-token'] || req.url?.qs?.csrf_token;
|
||||
if (!token || token !== session.csrf_token) return sendJson(res, { success: false, msg: 'Invalid CSRF token' }, 403);
|
||||
|
||||
const hallSlug = req.params && req.params.slug;
|
||||
if (!hallSlug) return sendJson(res, { success: false, msg: 'Missing hall slug' }, 400);
|
||||
@@ -156,9 +162,9 @@ export const handleHallImageDelete = async (req, res) => {
|
||||
// DELETE /api/v2/admin/halls/:slug — delete a hall entirely
|
||||
export const handleHallDelete = async (req, res) => {
|
||||
const session = await lookupSession(req);
|
||||
if (!session || (!session.admin && !session.is_moderator)) {
|
||||
return sendJson(res, { success: false, msg: 'Unauthorized' }, 403);
|
||||
}
|
||||
if (!session || (!session.admin && !session.is_moderator)) return sendJson(res, { success: false, msg: 'Unauthorized' }, 403);
|
||||
const token = req.headers['x-csrf-token'] || req.url?.qs?.csrf_token;
|
||||
if (!token || token !== session.csrf_token) return sendJson(res, { success: false, msg: 'Invalid CSRF token' }, 403);
|
||||
|
||||
const hallSlug = req.params && req.params.slug;
|
||||
if (!hallSlug) return sendJson(res, { success: false, msg: 'Missing hall slug' }, 400);
|
||||
@@ -176,9 +182,9 @@ export const handleHallDelete = async (req, res) => {
|
||||
// PATCH /api/v2/admin/halls/:slug — update name/description/slug
|
||||
export const handleHallUpdate = async (req, res) => {
|
||||
const session = await lookupSession(req);
|
||||
if (!session || (!session.admin && !session.is_moderator)) {
|
||||
return sendJson(res, { success: false, msg: 'Unauthorized' }, 403);
|
||||
}
|
||||
if (!session || (!session.admin && !session.is_moderator)) return sendJson(res, { success: false, msg: 'Unauthorized' }, 403);
|
||||
const token = req.headers['x-csrf-token'] || req.url?.qs?.csrf_token;
|
||||
if (!token || token !== session.csrf_token) return sendJson(res, { success: false, msg: 'Invalid CSRF token' }, 403);
|
||||
|
||||
const hallSlug = req.params && req.params.slug;
|
||||
if (!hallSlug) return sendJson(res, { success: false, msg: 'Missing slug' }, 400);
|
||||
@@ -263,9 +269,10 @@ export const handleHallUpdate = async (req, res) => {
|
||||
|
||||
// POST /api/v2/admin/halls — create a new hall
|
||||
export const handleHallCreate = async (req, res) => {
|
||||
const session = await lookupSession(req);
|
||||
if (!session || (!session.admin && !session.is_moderator)) {
|
||||
return sendJson(res, { success: false, msg: 'Unauthorized' }, 403);
|
||||
// CSRF check
|
||||
const token = req.headers['x-csrf-token'] || req.url?.qs?.csrf_token;
|
||||
if (!token || token !== session.csrf_token) {
|
||||
return sendJson(res, { success: false, msg: 'Invalid CSRF token' }, 403);
|
||||
}
|
||||
|
||||
let body = {};
|
||||
|
||||
Reference in New Issue
Block a user