k1nq/TREK
1
0
Fork 0
mirror of https://github.com/mauriceboe/TREK.git synced 2026-06-21 06:11:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

Block uploads for demo user, restore PDF preview modal (v2.2.3)

Browse Source 
- Demo user gets 403 on all upload endpoints (files, photos, cover, avatar)
- Admin uploads still work normally
- PDF export back in modal popup using srcdoc iframe
- Zero behavior change when DEMO_MODE is not set
This commit is contained in:
Maurice
2026-03-19 15:09:20 +01:00
parent 1a5c8cd385
commit c582a7b6c8
7 changed files with 50 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/routes/auth.js
+2 -2
View File
@@ -7,7 +7,7 @@ const fs = require('fs');
const { v4: uuid } = require('uuid');
const fetch = require('node-fetch');
const { db } = require('../db/database');
const { authenticate } = require('../middleware/auth');
const { authenticate, demoUploadBlock } = require('../middleware/auth');
const router = express.Router();
const { JWT_SECRET } = require('../config');
@@ -243,7 +243,7 @@ router.get('/me/settings', authenticate, (req, res) => {
});
// POST /api/auth/avatar — upload avatar
router.post('/avatar', authenticate, avatarUpload.single('avatar'), (req, res) => {
router.post('/avatar', authenticate, demoUploadBlock, avatarUpload.single('avatar'), (req, res) => {
if (!req.file) return res.status(400).json({ error: 'No image uploaded' });
const current = db.prepare('SELECT avatar FROM users WHERE id = ?').get(req.user.id);