From 82c198d45b97331707417508745cda5b7f556660 Mon Sep 17 00:00:00 2001
From: heimoshuiyu <heimoshuiyu@gmail.com>
Date: Wed, 15 Dec 2021 11:34:01 +0800
Subject: [PATCH] Reject anonymous user for some action

---
 pkg/api/handle_user.go | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/pkg/api/handle_user.go b/pkg/api/handle_user.go
index a59c321..0c31b18 100644
--- a/pkg/api/handle_user.go
+++ b/pkg/api/handle_user.go
@@ -246,9 +246,16 @@ type UpdateUsernameRequest struct {
 }
 
 func (api *API) HandleUpdateUsername(w http.ResponseWriter, r *http.Request) {
+	// reject anonymous user
+	err := api.CheckNotAnonymous(w, r)
+	if err != nil {
+		api.HandleError(w, r, err)
+		return
+	}
+
 	req := &UpdateUsernameRequest{}
 
-	err := json.NewDecoder(r.Body).Decode(req)
+	err = json.NewDecoder(r.Body).Decode(req)
 	if err != nil {
 		api.HandleError(w, r, err)
 		return
@@ -320,8 +327,15 @@ type UpdateUserPasswordRequest struct {
 }
 
 func (api *API) HandleUpdateUserPassword(w http.ResponseWriter, r *http.Request) {
+	// reject anonymous user
+	err := api.CheckNotAnonymous(w, r)
+	if err != nil {
+		api.HandleError(w, r, err)
+		return
+	}
+
 	req := &UpdateUserPasswordRequest{}
-	err := json.NewDecoder(r.Body).Decode(req)
+	err = json.NewDecoder(r.Body).Decode(req)
 	if err != nil {
 		api.HandleError(w, r, err)
 		return