From 30c35f21125860a35bb6e642abf0e551179c6ad0 Mon Sep 17 00:00:00 2001 From: Jason Streifling Date: Sat, 1 Mar 2025 09:02:31 +0100 Subject: [PATCH] Verify token before querying index --- cmd/calls/articles.go | 6 +++++- cmd/main.go | 2 +- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/cmd/calls/articles.go b/cmd/calls/articles.go index ceec867..26cd351 100644 --- a/cmd/calls/articles.go +++ b/cmd/calls/articles.go @@ -111,8 +111,12 @@ func ServeClicks(db *b.DB) http.HandlerFunc { } } -func QueryArticles(i *b.Index) http.HandlerFunc { +func QueryArticles(c *b.Config, i *b.Index) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { + if !tokenIsVerified(w, r, c) { + return + } + result, err := i.Query(r.PathValue("query")) if err != nil { log.Println(err) diff --git a/cmd/main.go b/cmd/main.go index 91fb977..100d079 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -60,7 +60,7 @@ func main() { mux.HandleFunc("GET /article/delete/{id}", f.DeleteArticle(config, db, sessions)) mux.HandleFunc("GET /article/edit/{id}", f.EditArticle(config, db, sessions)) mux.HandleFunc("GET /article/publish/{id}", f.PublishArticle(config, db, sessions, index)) - mux.HandleFunc("GET /article/query/{query}", c.QueryArticles(index)) + mux.HandleFunc("GET /article/query/{query}", c.QueryArticles(config, index)) mux.HandleFunc("GET /article/reject/{id}", f.RejectArticle(config, db, sessions)) mux.HandleFunc("GET /article/review-delete/{id}", f.ReviewArticle(config, db, sessions, "delete", "Artikel löschen", "Löschen")) mux.HandleFunc("GET /article/review-edit/{id}", f.ReviewArticle(config, db, sessions, "allow-edit", "Artikel bearbeiten", "Bearbeiten erlauben"))