From 80c5f6e9c93ec6b76ebc2c01ff4a37147ec721d3 Mon Sep 17 00:00:00 2001
From: rxdn <29165304+rxdn@users.noreply.github.com>
Date: Wed, 7 Jul 2021 16:56:33 +0100
Subject: [PATCH] Remove auth

---
 app/http/middleware/parseguildid.go | 23 +++++++++++++++++++++++
 app/http/server.go                  |  4 ++--
 2 files changed, 25 insertions(+), 2 deletions(-)
 create mode 100644 app/http/middleware/parseguildid.go

diff --git a/app/http/middleware/parseguildid.go b/app/http/middleware/parseguildid.go
new file mode 100644
index 0000000..c0a6372
--- /dev/null
+++ b/app/http/middleware/parseguildid.go
@@ -0,0 +1,23 @@
+package middleware
+
+import (
+	"github.com/TicketsBot/GoPanel/utils"
+	"github.com/gin-gonic/gin"
+	"strconv"
+)
+
+func ParseGuildId(ctx *gin.Context) {
+	guildId, ok := ctx.Params.Get("id")
+	if !ok {
+		ctx.AbortWithStatusJSON(400, utils.ErrorStr("Missing guild ID"))
+		return
+	}
+
+	parsed, err := strconv.ParseUint(guildId, 10, 64)
+	if err != nil {
+		ctx.AbortWithStatusJSON(400, utils.ErrorStr("Invalid guild ID"))
+		return
+	}
+
+	ctx.Keys["guildid"] = parsed
+}
diff --git a/app/http/server.go b/app/http/server.go
index 33064cd..030476b 100644
--- a/app/http/server.go
+++ b/app/http/server.go
@@ -54,7 +54,7 @@ func StartServer() {
 
 	guildAuthApiAdmin := apiGroup.Group("/:id", middleware.AuthenticateGuild(true, permission.Admin))
 	guildAuthApiSupport := apiGroup.Group("/:id", middleware.AuthenticateGuild(true, permission.Support))
-	guildAuthApiEveryone := apiGroup.Group("/:id", middleware.AuthenticateGuild(true, permission.Everyone))
+	guildApiNoAuth := apiGroup.Group("/:id", middleware.ParseGuildId)
 	{
 		guildAuthApiSupport.GET("/channels", api.ChannelsHandler)
 		guildAuthApiSupport.GET("/premium", api.PremiumHandler)
@@ -81,7 +81,7 @@ func StartServer() {
 
 		guildAuthApiSupport.GET("/transcripts", createLimiter(5, 5 * time.Second), createLimiter(20, time.Minute), api_transcripts.ListTranscripts)
 		// Allow regular users to get their own transcripts, make sure you check perms inside
-		guildAuthApiEveryone.GET("/transcripts/:ticketId", createLimiter(10, 10 * time.Second), api_transcripts.GetTranscriptHandler)
+		guildApiNoAuth.GET("/transcripts/:ticketId", createLimiter(10, 10 * time.Second), api_transcripts.GetTranscriptHandler)
 
 		guildAuthApiSupport.GET("/tickets", api_ticket.GetTickets)
 		guildAuthApiSupport.GET("/tickets/:ticketId", api_ticket.GetTicket)