From 18e63c22dde2ff4f3786b9288907f80442f11a10 Mon Sep 17 00:00:00 2001 From: Regalijan Date: Mon, 26 Feb 2024 14:05:43 -0500 Subject: [PATCH] Add auth checks to et pages --- app/routes/book-event.tsx | 21 +++++++++++++++++++++ app/routes/et-members.tsx | 14 ++++++++++++++ app/routes/events-team.tsx | 9 +++++++++ 3 files changed, 44 insertions(+) diff --git a/app/routes/book-event.tsx b/app/routes/book-event.tsx index 4c78456..33eafa9 100644 --- a/app/routes/book-event.tsx +++ b/app/routes/book-event.tsx @@ -11,8 +11,29 @@ import { } from "@chakra-ui/react"; import { useEffect, useState } from "react"; import Success from "../../components/Success.js"; +import { useLoaderData } from "@remix-run/react"; + +export async function loader({ context }: { context: RequestContext }) { + if (!context.data.current_user) + throw new Response(null, { + status: 401, + }); + + if ( + ![1 << 3, 1 << 4, 1 << 12].find( + (p) => context.data.current_user.permissions & p, + ) + ) + throw new Response(null, { + status: 403, + }); + + return null; +} export default function () { + useLoaderData(); + const toast = useToast(); const currentDate = new Date(); const currentMonth = currentDate.getUTCMonth() + 1; diff --git a/app/routes/et-members.tsx b/app/routes/et-members.tsx index 381c0e0..0714420 100644 --- a/app/routes/et-members.tsx +++ b/app/routes/et-members.tsx @@ -14,6 +14,20 @@ import { } from "@chakra-ui/react"; export async function loader({ context }: { context: RequestContext }) { + if (!context.data.current_user) + throw new Response(null, { + status: 401, + }); + + if ( + ![1 << 3, 1 << 4, 1 << 12].find( + (p) => context.data.current_user.permissions & p, + ) + ) + throw new Response(null, { + status: 403, + }); + const etData = await context.env.D1.prepare( "SELECT id, name, points, roblox_id FROM et_members;", ).all(); diff --git a/app/routes/events-team.tsx b/app/routes/events-team.tsx index f2564e3..557a62c 100644 --- a/app/routes/events-team.tsx +++ b/app/routes/events-team.tsx @@ -31,6 +31,15 @@ export async function loader({ context }: { context: RequestContext }) { status: 401, }); + if ( + ![1 << 3, 1 << 4, 1 << 12].find( + (p) => context.data.current_user.permissions & p, + ) + ) + throw new Response(null, { + status: 403, + }); + const now = new Date(); const monthEventList = await context.env.D1.prepare( "SELECT answer, approved, created_by, day, details, id, month, pending, type, year FROM events WHERE month = ? AND year = ?;",