iridium/neko
2
2
Fork 0
mirror of https://github.com/m1k1o/neko.git synced 2024-07-24 14:40:50 +12:00
Code Issues Packages Projects Releases Wiki Activity

upload middleware: fix permissions issue.

Browse Source
This commit is contained in:
Miroslav Šedivý 2021-01-08 23:42:53 +01:00
parent fc6997d2ac
commit d65ba62bfc
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
internal/api/room/handler.go
View File

@ -1,10 +1,13 @@
package room package room
import ( import (
"net/http"
"github.com/go-chi/chi" "github.com/go-chi/chi"
"demodesk/neko/internal/types" "demodesk/neko/internal/types"
"demodesk/neko/internal/http/auth" "demodesk/neko/internal/http/auth"
"demodesk/neko/internal/utils"
) )
type RoomHandler struct { type RoomHandler struct {
@ -61,7 +64,18 @@ func (h *RoomHandler) Route(r chi.Router) {
r.With(auth.AdminsOnly).Get("/configurations", h.screenConfigurationsList) r.With(auth.AdminsOnly).Get("/configurations", h.screenConfigurationsList)
}) })
r.With(auth.HostsOnly).Route("/upload", func(r chi.Router) { r.With(h.uploadMiddleware).Route("/upload", func(r chi.Router) {
r.Post("/drop", h.uploadDrop) r.Post("/drop", h.uploadDrop)
}) })
} }
func (h *RoomHandler) uploadMiddleware(next http.Handler) http.Handler {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
session := auth.GetSession(r)
if !session.IsHost() && !h.sessions.ImplicitHosting() {
utils.HttpForbidden(w, "Without implicit hosting, only host can upload files.")
} else {
next.ServeHTTP(w, r)
}
})
}