From 1692eeb592b9d7cef526d04ebf046c08390a3924 Mon Sep 17 00:00:00 2001 From: Ilion Beyst Date: Thu, 24 Mar 2022 20:07:03 +0100 Subject: require login for uploading bots --- planetwars-server/src/routes/bots.rs | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) (limited to 'planetwars-server/src') diff --git a/planetwars-server/src/routes/bots.rs b/planetwars-server/src/routes/bots.rs index f7f99cb..1d7cbf6 100644 --- a/planetwars-server/src/routes/bots.rs +++ b/planetwars-server/src/routes/bots.rs @@ -1,8 +1,7 @@ -use axum::body; use axum::extract::{Multipart, Path}; use axum::http::StatusCode; use axum::response::{IntoResponse, Response}; -use axum::Json; +use axum::{body, Json}; use diesel::OptionalExtension; use rand::distributions::Alphanumeric; use rand::Rng; @@ -46,6 +45,7 @@ impl IntoResponse for SaveBotError { pub async fn save_bot( Json(params): Json, + user: User, conn: DatabaseConnection, ) -> Result, SaveBotError> { // TODO: authorization @@ -53,10 +53,16 @@ pub async fn save_bot( .optional() .expect("could not run query"); let bot = match res { - Some(_bot) => return Err(SaveBotError::BotNameTaken), + Some(existing_bot) => { + if existing_bot.owner_id == Some(user.id) { + existing_bot + } else { + return Err(SaveBotError::BotNameTaken); + } + } None => { let new_bot = bots::NewBot { - owner_id: None, + owner_id: Some(user.id), name: ¶ms.bot_name, }; -- cgit v1.2.3