Public vote stats

author: Marvin Borner 2020-11-05 20:01:09 +0100
committer: Marvin Borner 2020-11-05 20:01:09 +0100
commit: 50f973d67af54cf52dbdc64e98b33ccd3cd8210e (patch)
tree: 27087460ca470fec97f481771b5d6d4950169c8a /admin/index.js
parent: c4431482a0aa209e0091b759e4977f2398a20fdc (diff)
1 files changed, 11 insertions, 2 deletions
diff --git a/admin/index.js b/admin/index.js
index 99c876a..8d71896 100644
--- a/admin/index.js
+++ b/admin/index.js
@@ -3,7 +3,16 @@ const db = require("../db");
 const app = express.Router();
 const { checkUser, checkAdmin } = require("../auth");
 
-app.use("/", checkAdmin, express.static(__dirname + "/public"));
+// app.use("/", checkAdmin, express.static(__dirname + "/public"));
+app.use(
+    "/",
+    (req, res, next) => {
+        console.log(req.path);
+        if ((req.session.loggedIn && req.session.isAdmin) || req.path.startsWith("/api/votes")) next();
+        else res.redirect("/");
+    },
+    express.static(__dirname + "/public"),
+);
 
 // For debugging ig
 app.get("/api/all", checkAdmin, async (req, res) => {
@@ -45,7 +54,7 @@ app.get("/api/answers", checkAdmin, async (req, res) => {
     res.json(answers);
 });
 
-app.get("/api/votes", checkAdmin, async (req, res) => {
+app.get("/api/votes", checkUser, async (req, res) => {
     const votes = await db.query(
         "SELECT m.id, m.name, m.description, SUM(votes) votes FROM motto_votes mv RIGHT JOIN mottos m on mv.motto_id = m.id GROUP BY m.id, m.name, m.description ORDER BY SUM(votes) DESC",
     );
author	Marvin Borner	2020-11-05 20:01:09 +0100
committer	Marvin Borner	2020-11-05 20:01:09 +0100
commit	50f973d67af54cf52dbdc64e98b33ccd3cd8210e (patch)
tree	27087460ca470fec97f481771b5d6d4950169c8a /admin/index.js
parent	c4431482a0aa209e0091b759e4977f2398a20fdc (diff)