From 18e63c22dde2ff4f3786b9288907f80442f11a10 Mon Sep 17 00:00:00 2001
From: Regalijan <r@regalijan.com>
Date: Mon, 26 Feb 2024 14:05:43 -0500
Subject: [PATCH] Add auth checks to et pages

---
 app/routes/book-event.tsx  | 21 +++++++++++++++++++++
 app/routes/et-members.tsx  | 14 ++++++++++++++
 app/routes/events-team.tsx |  9 +++++++++
 3 files changed, 44 insertions(+)

diff --git a/app/routes/book-event.tsx b/app/routes/book-event.tsx
index 4c78456..33eafa9 100644
--- a/app/routes/book-event.tsx
+++ b/app/routes/book-event.tsx
@@ -11,8 +11,29 @@ import {
 } from "@chakra-ui/react";
 import { useEffect, useState } from "react";
 import Success from "../../components/Success.js";
+import { useLoaderData } from "@remix-run/react";
+
+export async function loader({ context }: { context: RequestContext }) {
+  if (!context.data.current_user)
+    throw new Response(null, {
+      status: 401,
+    });
+
+  if (
+    ![1 << 3, 1 << 4, 1 << 12].find(
+      (p) => context.data.current_user.permissions & p,
+    )
+  )
+    throw new Response(null, {
+      status: 403,
+    });
+
+  return null;
+}
 
 export default function () {
+  useLoaderData<typeof loader>();
+
   const toast = useToast();
   const currentDate = new Date();
   const currentMonth = currentDate.getUTCMonth() + 1;
diff --git a/app/routes/et-members.tsx b/app/routes/et-members.tsx
index 381c0e0..0714420 100644
--- a/app/routes/et-members.tsx
+++ b/app/routes/et-members.tsx
@@ -14,6 +14,20 @@ import {
 } from "@chakra-ui/react";
 
 export async function loader({ context }: { context: RequestContext }) {
+  if (!context.data.current_user)
+    throw new Response(null, {
+      status: 401,
+    });
+
+  if (
+    ![1 << 3, 1 << 4, 1 << 12].find(
+      (p) => context.data.current_user.permissions & p,
+    )
+  )
+    throw new Response(null, {
+      status: 403,
+    });
+
   const etData = await context.env.D1.prepare(
     "SELECT id, name, points, roblox_id FROM et_members;",
   ).all();
diff --git a/app/routes/events-team.tsx b/app/routes/events-team.tsx
index f2564e3..557a62c 100644
--- a/app/routes/events-team.tsx
+++ b/app/routes/events-team.tsx
@@ -31,6 +31,15 @@ export async function loader({ context }: { context: RequestContext }) {
       status: 401,
     });
 
+  if (
+    ![1 << 3, 1 << 4, 1 << 12].find(
+      (p) => context.data.current_user.permissions & p,
+    )
+  )
+    throw new Response(null, {
+      status: 403,
+    });
+
   const now = new Date();
   const monthEventList = await context.env.D1.prepare(
     "SELECT answer, approved, created_by, day, details, id, month, pending, type, year FROM events WHERE month = ? AND year = ?;",