🐛 fix: Prevent API abuse

2024-03-30 19:49:49 +08:00 · 2024-03-30 19:49:49 +08:00 · 988df5c13c
commit 988df5c13c
parent 89a84e2386
2 changed files with 15 additions and 1 deletions
--- a/middleware/prices.go
+++ b/middleware/prices.go
@ -0,0 +1,14 @@
+package middleware
+
+import "github.com/gin-gonic/gin"
+
+func PricesAuth() gin.HandlerFunc {
+	return func(c *gin.Context) {
+		typeParam := c.Query("type")
+		if typeParam == "old" {
+			AdminAuth()(c)
+		} else {
+			c.Next()
+		}
+	}
+}
--- a/router/api-router.go
+++ b/router/api-router.go
@ -18,7 +18,7 @@ func SetApiRouter(router *gin.Engine) {
 		apiRouter.GET("/status", controller.GetStatus)
 		apiRouter.GET("/notice", controller.GetNotice)
 		apiRouter.GET("/about", controller.GetAbout)
-		apiRouter.GET("/prices", middleware.CORS(), controller.GetPricesList)
+		apiRouter.GET("/prices", middleware.PricesAuth(), middleware.CORS(), controller.GetPricesList)
 		apiRouter.GET("/ownedby", relay.GetModelOwnedBy)
 		apiRouter.GET("/home_page_content", controller.GetHomePageContent)
 		apiRouter.GET("/verification", middleware.CriticalRateLimit(), middleware.TurnstileCheck(), controller.SendEmailVerification)