From 15de47be19b157c2a1754cf55a7152e8aaeba163 Mon Sep 17 00:00:00 2001
From: Dario Piotrowicz <dario@cloudflare.com>
Date: Mon, 6 Mar 2023 10:08:15 +0000
Subject: [PATCH] add missing auth loader to settings page

---
 frontend/src/routes/(admin)/settings/layout.tsx | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/frontend/src/routes/(admin)/settings/layout.tsx b/frontend/src/routes/(admin)/settings/layout.tsx
index db131f0..7b3b1ce 100644
--- a/frontend/src/routes/(admin)/settings/layout.tsx
+++ b/frontend/src/routes/(admin)/settings/layout.tsx
@@ -1,5 +1,19 @@
 import { component$, Slot } from '@builder.io/qwik'
+import { loader$ } from '@builder.io/qwik-city'
+import { getDatabase } from 'wildebeest/backend/src/database'
 import { WildebeestLogo } from '~/components/MastodonLogo'
+import { getErrorHtml } from '~/utils/getErrorHtml/getErrorHtml'
+import { isUserAdmin } from '~/utils/isUserAdmin'
+
+export const authLoader = loader$(async ({ cookie, platform, html }) => {
+	const database = await getDatabase(platform)
+	const jwt = cookie.get('CF_Authorization')?.value ?? ''
+	const isAdmin = await isUserAdmin(jwt, database)
+
+	if (!isAdmin) {
+		return html(401, getErrorHtml("You're unauthorized to view this page"))
+	}
+})
 
 export default component$(() => {
 	return (