From 2a81de5bb8568dac24abb764b9ff4a09a37f9df6 Mon Sep 17 00:00:00 2001
From: James Shiffer <basedvioletfag@waifu.club>
Date: Fri, 12 Jun 2020 08:41:44 -0700
Subject: [PATCH] protect article delete route

---
 src/routes/a/[slug].json.js | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/src/routes/a/[slug].json.js b/src/routes/a/[slug].json.js
index 90c88ae..b6a3990 100644
--- a/src/routes/a/[slug].json.js
+++ b/src/routes/a/[slug].json.js
@@ -27,6 +27,25 @@ export async function get(req, res, next) {
 }
 
 export async function del(req, res, next) {
+    if (!req.user) {
+        res.writeHead(401, {
+            'Content-Type': 'application/json'
+        });
+        res.end(JSON.stringify({
+            message: `You are not logged in`
+        }));
+        return;
+    }
+    if (!req.user.author) {
+        res.writeHead(401, {
+            'Content-Type': 'application/json'
+        });
+        res.end(JSON.stringify({
+            message: `You are not designated as an author.`
+        }));
+        return;
+    }
+
     const { slug } = req.params;
     const article = await Article.findOneAndDelete({ slug });