Check ownership of app on GetMessagesWithToken

2018-03-10 21:32:45 +01:00 · 2018-03-10 21:32:45 +01:00 · 4078358aaa
parent 98df7501f6
commit 4078358aaa
1 changed files with 6 additions and 2 deletions
--- a/api/message.go
+++ b/api/message.go
@ -43,8 +43,12 @@ func (a *MessageAPI) GetMessages(ctx *gin.Context) {
 // GetMessagesWithApplication returns all messages from a specific application.
 func (a *MessageAPI) GetMessagesWithApplication(ctx *gin.Context) {
 	withID(ctx, "appid", func(id uint) {
+		if app := a.DB.GetApplicationByID(id); app != nil && app.UserID == auth.GetUserID(ctx) {
 			messages := a.DB.GetMessagesByApplication(id)
 			ctx.JSON(200, messages)
+		} else {
+			ctx.AbortWithError(404, errors.New("application does not exist"))
+		}
 	})
 }