lashman/echoboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix admin avatar upload using linked user instead of anonymous cookie

Browse Source
This commit is contained in:
lashman
2026-03-21 22:14:11 +02:00
parent 07c1cf9940
commit 97f66b9748
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
packages/api/src/routes/avatars.ts
View File

@@ -27,9 +27,16 @@ export default async function avatarRoutes(app: FastifyInstance) {
app.post( app.post(
"/me/avatar", "/me/avatar",
{ preHandler: [app.requireUser], config: { rateLimit: { max: 10, timeWindow: "1 hour" } } }, { preHandler: [app.requireUser, app.optionalAdmin], config: { rateLimit: { max: 10, timeWindow: "1 hour" } } },
async (req, reply) => { async (req, reply) => {
const user = await prisma.user.findUnique({ where: { id: req.user!.id } }); // if admin, use their linked user instead of the anonymous cookie user
let userId = req.user!.id;
if (req.adminId) {
const admin = await prisma.adminUser.findUnique({ where: { id: req.adminId }, select: { linkedUserId: true } });
if (admin?.linkedUserId) userId = admin.linkedUserId;
}
const user = await prisma.user.findUnique({ where: { id: userId } });
if (!user) { if (!user) {
reply.status(403).send({ error: "Not authenticated" }); reply.status(403).send({ error: "Not authenticated" });
return; return;