From f51742e64d64ec848ee6969a8a5cc39072a0b8f5 Mon Sep 17 00:00:00 2001 From: regalijan Date: Thu, 19 Oct 2023 16:51:04 -0400 Subject: [PATCH] Add auth check to game appeal metadata endpoint --- functions/api/game-appeals/metadata.ts | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/functions/api/game-appeals/metadata.ts b/functions/api/game-appeals/metadata.ts index 582c688..83ab196 100644 --- a/functions/api/game-appeals/metadata.ts +++ b/functions/api/game-appeals/metadata.ts @@ -2,6 +2,12 @@ import { jsonError, jsonResponse } from "../../common.js"; import precheck from "./precheck.js"; export async function onRequestPost(context: RequestContext) { + if ( + context.request.headers.get("authorization") !== + `Bearer ${context.env.ROBLOX_APPEALS_TOKEN}` + ) + return jsonError("Unauthorized", 401); + const { id }: { id: any } = context.data.body; if (typeof id !== "number") return jsonError("Invalid user id", 400);