fix: Reject asset uploads in demo mode

author: MohamedBassem <me@mbassem.com> 2024-03-26 11:28:20 +0000
committer: MohamedBassem <me@mbassem.com> 2024-03-26 11:28:20 +0000
commit: e199112e648eb7da819e4c68cb1dc5c176aa2957 (patch)
tree: 105391f3c0348312903f1bac473035aff4339599 /apps/web/app/api/assets/route.ts
parent: d1e8b0017dee12e04dbad9e85f7a8b497e584d1b (diff)
download: karakeep-e199112e648eb7da819e4c68cb1dc5c176aa2957.tar.zst
1 files changed, 8 insertions, 0 deletions
diff --git a/apps/web/app/api/assets/route.ts b/apps/web/app/api/assets/route.ts
index 4e1746b3..f1c5ff6a 100644
--- a/apps/web/app/api/assets/route.ts
+++ b/apps/web/app/api/assets/route.ts
@@ -1,7 +1,9 @@
 import { createContextFromRequest } from "@/server/api/client";
+import { TRPCError } from "@trpc/server";
 
 import type { ZUploadResponse } from "@hoarder/trpc/types/uploads";
 import { saveAsset } from "@hoarder/shared/assetdb";
+import serverConfig from "@hoarder/shared/config";
 
 const SUPPORTED_ASSET_TYPES = new Set(["image/jpeg", "image/png"]);
 
@@ -13,6 +15,12 @@ export async function POST(request: Request) {
   if (!ctx.user) {
     return Response.json({ error: "Unauthorized" }, { status: 401 });
   }
+  if (serverConfig.demoMode) {
+    throw new TRPCError({
+      message: "Mutations are not allowed in demo mode",
+      code: "FORBIDDEN",
+    });
+  }
   const formData = await request.formData();
   const data = formData.get("image");
   let buffer;
author	MohamedBassem <me@mbassem.com>	2024-03-26 11:28:20 +0000
committer	MohamedBassem <me@mbassem.com>	2024-03-26 11:28:20 +0000
commit	e199112e648eb7da819e4c68cb1dc5c176aa2957 (patch)
tree	105391f3c0348312903f1bac473035aff4339599 /apps/web/app/api/assets/route.ts
parent	d1e8b0017dee12e04dbad9e85f7a8b497e584d1b (diff)
download	karakeep-e199112e648eb7da819e4c68cb1dc5c176aa2957.tar.zst