From 991dc32ce404f427ec9bf63104057137087b1d97 Mon Sep 17 00:00:00 2001
From: mifi <badmf@mifi.dev>
Date: Tue, 9 May 2023 20:04:11 -0400
Subject: [PATCH] Some extra changes

---
 lib/server/controllers/auth.ts | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/server/controllers/auth.ts b/lib/server/controllers/auth.ts
index 9048e6d..836285a 100644
--- a/lib/server/controllers/auth.ts
+++ b/lib/server/controllers/auth.ts
@@ -45,6 +45,9 @@ router.post(process.env.RESET_ROUTE || RESET_ROUTE, async (ctx, next) => {
 });
 
 router.patch('/:record', authenticated(), (ctx: Koa.Context) => {
+    if (ctx.user !== ctx.param.record) {
+        ctx.throw(StatusCodes.UNAUTHORIZED);
+    }
     const data = Auth.findOneAndUpdate({ record: ctx.params.record });
     if (!data) {
         ctx.throw(StatusCodes.NOT_FOUND);