From dc397d678d49e0277e9e5d091c80ccfc6ef22ae7 Mon Sep 17 00:00:00 2001
From: GalvinPython <77013913+GalvinPython@users.noreply.github.com>
Date: Thu, 11 Jul 2024 13:44:42 +0100
Subject: [PATCH] fix(0.0.8.1): fixed security

---
 api/index.ts            | 6 +++++-
 bot/utils/requestAPI.ts | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/api/index.ts b/api/index.ts
index 4a06d03..ef57d6e 100644
--- a/api/index.ts
+++ b/api/index.ts
@@ -142,7 +142,11 @@ async function updateGuildInfo(guild, name, icon, members, callback) {
 
 app.post('/post/:guild/', async (req, res) => {
 	const { guild } = req.params;
-	const { name, icon, members } = req.body;
+	const { name, icon, members, auth } = req.body;
+
+	if (auth !== process.env.AUTH) {
+		return res.status(403).json({ message: 'Access denied. Auth token is missing' });
+	}
 
 	updateGuildInfo(guild, name, icon, members, (err, results) => {
 		if (err) {
diff --git a/bot/utils/requestAPI.ts b/bot/utils/requestAPI.ts
index eaf85b5..5b2fa91 100644
--- a/bot/utils/requestAPI.ts
+++ b/bot/utils/requestAPI.ts
@@ -44,7 +44,7 @@ export async function updateGuildInfo(guild: string, name: string, icon: string,
 			'Content-Type': 'application/json',
 		},
 		method: 'POST',
-		body: JSON.stringify({ name, icon, members }),
+		body: JSON.stringify({ name, icon, members, auth: process.env.AUTH }),
 	}).then(res => {
 		return res.json()
 	}).then(data => {