From 724e4737558ba1d1955e794f3d0990f4be04e819 Mon Sep 17 00:00:00 2001
From: April Hall <ari@arithefirst.com>
Date: Fri, 21 Feb 2025 18:37:54 -0500
Subject: [PATCH] fix: Prevent unauthed users from uploading

---
 src/routes/(server)/api/upload/+server.ts | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/routes/(server)/api/upload/+server.ts b/src/routes/(server)/api/upload/+server.ts
index 088d2f1..c2f6e6c 100644
--- a/src/routes/(server)/api/upload/+server.ts
+++ b/src/routes/(server)/api/upload/+server.ts
@@ -1,3 +1,14 @@
-export const POST = async () => {
+import { error } from '@sveltejs/kit';
+import { auth } from '$lib/server/db/auth';
+
+export const POST = async ({ request }) => {
+  const session = await auth.api.getSession({
+    headers: request.headers,
+  });
+
+  if (!session) {
+    return error(401, 'Not authorized. Please sign up at /sign-up');
+  }
+
   return new Response(undefined, { status: 204 });
 };