From 2110217506c21b67ad50891d2192802657aad3fd Mon Sep 17 00:00:00 2001 From: xangelo Date: Thu, 8 Feb 2024 16:24:30 -0500 Subject: [PATCH] only allow admins to mark items as read --- src/public/reader.html | 2 ++ src/server.ts | 19 +++++++++++++------ 2 files changed, 15 insertions(+), 6 deletions(-) diff --git a/src/public/reader.html b/src/public/reader.html index cfb6cc5..c4798eb 100644 --- a/src/public/reader.html +++ b/src/public/reader.html @@ -37,7 +37,9 @@ const headerName = 'last-check'; document.body.addEventListener('htmx:configRequest', evt => { const val = localStorage.getItem(keyName); + const secret = localStorage.getItem('secret'); event.detail.headers[headerName] = val; + event.detail.headers['x-secret'] = secret; if(val) { event.detail.headers['entry-count'] = document.querySelectorAll('.item').length; } diff --git a/src/server.ts b/src/server.ts index e82719a..7ed5556 100644 --- a/src/server.ts +++ b/src/server.ts @@ -234,13 +234,20 @@ app.get('/feeds/:feed_id', async (req, res) => { }); app.post('/feed_entry/:feed_entry_id', async (req, res) => { - const item: FeedWithEntrySchema[] = await db('feed_entry').update({ - is_read: true - }).where({ - id: req.params.feed_entry_id - }).returning('*'); + const authSecret = req.header('x-secret'); - res.send(renderReaderAppFeedEntry(item.pop())); + if(authSecret === process.env.ADMIN_KEY) { + const item: FeedWithEntrySchema[] = await db('feed_entry').update({ + is_read: true + }).where({ + id: req.params.feed_entry_id + }).returning('*'); + + res.send(renderReaderAppFeedEntry(item.pop())); + } + else { + res.sendStatus(204).end(); + } }); app.delete('/feeds/:feed_id', async (req, res) => { -- 2.25.1