Fix admin API bypassing

2026-04-25 00:00:52 -04:00 · 2021-01-17 08:10:43 +00:00
parent 7a09c9006a
commit 3071d44e32
3 changed files with 29 additions and 16 deletions
@@ -82,7 +82,12 @@ class AuthHandler < Kemal::Handler
      if env.session.string? "token"
        should_reject = !validate_token_admin(env)
      end
-      env.response.status_code = 403 if should_reject
+      if should_reject
+        env.response.status_code = 403
+        message = "HTTP 403: You are not authorized to visit #{env.request.path}"
+        send_error_page
+        return
+      end
    end

    call_next env