diff options
| author | Zephyrrus <[email protected]> | 2020-07-09 02:22:08 +0300 |
|---|---|---|
| committer | Zephyrrus <[email protected]> | 2020-07-09 02:22:08 +0300 |
| commit | 746a4546122be2ed79ad5858de6ce2c686f78ef0 (patch) | |
| tree | abe4c6dd4d3537689d710bcf37290580d04f0005 /src/api/structures | |
| parent | feat: add notifier plugin for 🐍 and 🍞 (diff) | |
| download | host.fuwn.me-746a4546122be2ed79ad5858de6ce2c686f78ef0.tar.xz host.fuwn.me-746a4546122be2ed79ad5858de6ce2c686f78ef0.zip | |
fix: stop leaking user's password and their apikey to admins
Diffstat (limited to 'src/api/structures')
| -rw-r--r-- | src/api/structures/Route.js | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/api/structures/Route.js b/src/api/structures/Route.js index 400ae3d..6be0dc7 100644 --- a/src/api/structures/Route.js +++ b/src/api/structures/Route.js @@ -77,7 +77,9 @@ class Route { .where({ id }) .first(); if (!user) return res.status(401).json({ message: 'Invalid authorization' }); - if (iat && iat < moment(user.passwordEditedAt).format('x')) { return res.status(401).json({ message: 'Token expired' }); } + if (iat && iat < moment(user.passwordEditedAt).format('x')) { + return res.status(401).json({ message: 'Token expired' }); + } if (!user.enabled) return res.status(401).json({ message: 'This account has been disabled' }); if (this.options.adminOnly && !user.isAdmin) { return res.status(401).json({ message: 'Invalid authorization' }); } |