From e199112e648eb7da819e4c68cb1dc5c176aa2957 Mon Sep 17 00:00:00 2001 From: MohamedBassem Date: Tue, 26 Mar 2024 11:28:20 +0000 Subject: [PATCH] fix: Reject asset uploads in demo mode --- apps/web/app/api/assets/route.ts | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/apps/web/app/api/assets/route.ts b/apps/web/app/api/assets/route.ts index 4e1746b3..f1c5ff6a 100644 --- a/apps/web/app/api/assets/route.ts +++ b/apps/web/app/api/assets/route.ts @@ -1,7 +1,9 @@ import { createContextFromRequest } from "@/server/api/client"; +import { TRPCError } from "@trpc/server"; import type { ZUploadResponse } from "@hoarder/trpc/types/uploads"; import { saveAsset } from "@hoarder/shared/assetdb"; +import serverConfig from "@hoarder/shared/config"; const SUPPORTED_ASSET_TYPES = new Set(["image/jpeg", "image/png"]); @@ -13,6 +15,12 @@ export async function POST(request: Request) { if (!ctx.user) { return Response.json({ error: "Unauthorized" }, { status: 401 }); } + if (serverConfig.demoMode) { + throw new TRPCError({ + message: "Mutations are not allowed in demo mode", + code: "FORBIDDEN", + }); + } const formData = await request.formData(); const data = formData.get("image"); let buffer;