From b6b9aac7c0210ed84bbc7e478411cb9cd23b58fe Mon Sep 17 00:00:00 2001
From: Hannes <hannes-dev@mailbox.org>
Date: Sun, 16 Jun 2024 22:10:40 +0200
Subject: [PATCH] vingo: don't redirect on unauthorized api requests

---
 vingo/handlers/access.go | 8 ++++++++
 vingo/main.go            | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/vingo/handlers/access.go b/vingo/handlers/access.go
index 8f45eb0..cf21b1f 100644
--- a/vingo/handlers/access.go
+++ b/vingo/handlers/access.go
@@ -10,6 +10,14 @@ func IsLoggedIn(c *fiber.Ctx) error {
 	return c.Next()
 }
 
+func IsLoggedInAPI(c *fiber.Ctx) error {
+	if getUserFromStore(c) == nil {
+		return c.Status(401).SendString("Unauthorized")
+	}
+
+	return c.Next()
+}
+
 func IsAdmin(c *fiber.Ctx) error {
 	if !isAdmin(c) {
 		return c.Status(403).SendString("Forbidden")
diff --git a/vingo/main.go b/vingo/main.go
index 9308a04..529df07 100644
--- a/vingo/main.go
+++ b/vingo/main.go
@@ -52,7 +52,7 @@ func main() {
 		logged.Post("/settings", handlers.SettingsUpdate)
 	}
 
-	api := logged.Group("/api", handlers.IsLoggedIn)
+	api := logged.Group("/api", handlers.IsLoggedInAPI)
 	{
 		api.Get("/user", handlers.User)
 		api.Get("/leaderboard", handlers.Leaderboard)