From 73c1ea92f345f24341ea88bcdf634e9ef97e86ca Mon Sep 17 00:00:00 2001
From: advplyr <advplyr@protonmail.com>
Date: Sat, 29 Mar 2025 17:37:13 -0500
Subject: [PATCH] Add admin middleware for StatsController

---
 server/controllers/StatsController.js | 2 +-
 server/routers/ApiRouter.js           | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/controllers/StatsController.js b/server/controllers/StatsController.js
index 36df4330..32ed1973 100644
--- a/server/controllers/StatsController.js
+++ b/server/controllers/StatsController.js
@@ -65,7 +65,7 @@ class StatsController {
    */
   async middleware(req, res, next) {
     if (!req.user.isAdminOrUp) {
-      Logger.error(`[StatsController] Non-root user "${req.user.username}" attempted to access stats route`)
+      Logger.error(`[StatsController] Non-admin user "${req.user.username}" attempted to access stats route`)
       return res.sendStatus(403)
     }
 
diff --git a/server/routers/ApiRouter.js b/server/routers/ApiRouter.js
index 67a2ffbc..ecb1555f 100644
--- a/server/routers/ApiRouter.js
+++ b/server/routers/ApiRouter.js
@@ -322,8 +322,8 @@ class ApiRouter {
     //
     // Stats Routes
     //
-    this.router.get('/stats/year/:year', StatsController.getAdminStatsForYear.bind(this))
-    this.router.get('/stats/server', StatsController.getServerStats.bind(this))
+    this.router.get('/stats/year/:year', StatsController.middleware.bind(this), StatsController.getAdminStatsForYear.bind(this))
+    this.router.get('/stats/server', StatsController.middleware.bind(this), StatsController.getServerStats.bind(this))
 
     //
     // Misc Routes