m0rph3us1987/hipctf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implemented proper security checks

Browse Source
This commit is contained in:
m0rph3us1987
2026-02-28 13:55:51 +01:00
parent d33a1c6a72
commit e5f7eca98d
1 changed files with 17 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
server.js
View File

@@ -155,6 +155,23 @@ app.use('/files', express.static(uploadDir));
const apiRouter = express.Router(); const apiRouter = express.Router();
apiRouter.use('/admin', async (req, res, next) => {
const authHeader = req.headers.authorization;
const teamId = authHeader ? authHeader.replace('Bearer mock-token-', '') : null;
if (!teamId) return res.status(401).json({ message: 'Unauthorized' });
try {
const team = await dbGet("SELECT isAdmin FROM teams WHERE id = ?", [teamId]);
if (team && team.isAdmin === 1) {
next();
} else {
res.status(403).json({ message: 'Forbidden' });
}
} catch (err) {
res.status(500).json({ message: 'Server error' });
}
});
apiRouter.post('/auth/register', (req, res) => { apiRouter.post('/auth/register', (req, res) => {
const { name, password } = req.body; const { name, password } = req.body;
if (!name || !password) return res.status(400).json({ message: 'Missing credentials' }); if (!name || !password) return res.status(400).json({ message: 'Missing credentials' });