Mirrors/audiobookshelf
Mirrors/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-02-01 00:18:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update:API endpoints /podcasts/feed and /podcasts/opml restricted to admin users

Browse Source
This commit is contained in:
advplyr 2023-12-17 11:17:35 -06:00
parent 8966dbbcd1
commit 05820aa820
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
server/controllers/PodcastController.js
View File

@ -16,7 +16,7 @@ class PodcastController {
async create(req, res) {
if (!req.user.isAdminOrUp) {
Logger.error(`[PodcastController] Non-admin user attempted to create podcast`, req.user)
Logger.error(`[PodcastController] Non-admin user "${req.user.username}" attempted to create podcast`)
return res.sendStatus(403)
}
const payload = req.body
@ -103,6 +103,11 @@ class PodcastController {
}
async getPodcastFeed(req, res) {
if (!req.user.isAdminOrUp) {
Logger.error(`[PodcastController] Non-admin user "${req.user.username}" attempted to get podcast feed`)
return res.sendStatus(403)
}
var url = req.body.rssFeed
if (!url) {
return res.status(400).send('Bad request')
@ -116,6 +121,11 @@ class PodcastController {
}
async getFeedsFromOPMLText(req, res) {
if (!req.user.isAdminOrUp) {
Logger.error(`[PodcastController] Non-admin user "${req.user.username}" attempted to get feeds from opml`)
return res.sendStatus(403)
}
if (!req.body.opmlText) {
return res.sendStatus(400)
}