Fix auth check for short links

regalijan · Nov 1, 2024 · abedaa8 · abedaa8
1 parent 3b86510
commit abedaa8
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 5 deletions.
diff --git a/app/routes/short-links.tsx b/app/routes/short-links.tsx
@@ -32,9 +32,9 @@ export async function loader({ context }: { context: RequestContext }) {
     });
 
   if (
-    ![0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find(
+    typeof [0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find(
       (i) => context.data.current_user.permissions & (1 << i),
-    )
+    ) === "undefined"
   )
     throw new Response(null, {
       status: 403,

diff --git a/app/routes/short-links_.create.tsx b/app/routes/short-links_.create.tsx
@@ -27,9 +27,9 @@ export async function loader({ context }: { context: RequestContext }) {
     });
 
   if (
-    ![0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find(
+    typeof [0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find(
       (i) => context.data.current_user.permissions & (1 << i),
-    )
+    ) === "undefined"
   )
     throw new Response(null, {
       status: 403,

diff --git a/functions/api/short-links/_middleware.ts b/functions/api/short-links/_middleware.ts
@@ -6,7 +6,9 @@ export async function onRequest(context: RequestContext) {
   if (!user) return jsonError("Unauthorized", 401);
 
   if (
-    ![0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find((i) => user.permissions & (1 << i))
+    typeof [0, 2, 4, 5, 6, 7, 9, 10, 11, 12].find(
+      (i) => user.permissions & (1 << i),
+    ) === "undefined"
   )
     return jsonError("Forbidden", 403);