fix(0.0.8.1): fixed security

GalvinPython · GalvinPython · commit dc397d678d49 · 2024-07-11T13:44:42.000+01:00
diff --git a/api/index.ts b/api/index.ts
@@ -142,7 +142,11 @@ async function updateGuildInfo(guild, name, icon, members, callback) {
 
 app.post('/post/:guild/', async (req, res) => {
 	const { guild } = req.params;
-	const { name, icon, members } = req.body;
+	const { name, icon, members, auth } = req.body;
+
+	if (auth !== process.env.AUTH) {
+		return res.status(403).json({ message: 'Access denied. Auth token is missing' });
+	}
 
 	updateGuildInfo(guild, name, icon, members, (err, results) => {
 		if (err) {
diff --git a/bot/utils/requestAPI.ts b/bot/utils/requestAPI.ts
@@ -44,7 +44,7 @@ export async function updateGuildInfo(guild: string, name: string, icon: string,
 			'Content-Type': 'application/json',
 		},
 		method: 'POST',
-		body: JSON.stringify({ name, icon, members }),
+		body: JSON.stringify({ name, icon, members, auth: process.env.AUTH }),
 	}).then(res => {
 		return res.json()
 	}).then(data => {
