From ad768e2b25b58d62a44aa2daeb1429a651d488e5 Mon Sep 17 00:00:00 2001
From: Andrew Lee <andrew@alee14.me>
Date: Mon, 24 Mar 2025 15:42:10 -0400
Subject: Added JWT on API; Added back settings on Discord

---
 bot/src/api/routes/quotes.js | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'bot/src/api/routes/quotes.js')

diff --git a/bot/src/api/routes/quotes.js b/bot/src/api/routes/quotes.js
index d39bb28..7f9f255 100644
--- a/bot/src/api/routes/quotes.js
+++ b/bot/src/api/routes/quotes.js
@@ -1,9 +1,10 @@
 import { Router } from 'express';
 import { pendingQuote, quote as newQuote } from '../../models/quote.js';
+import { verifyToken } from './auth.js';
 
 export const quoteRouter = Router();
 
-quoteRouter.get('/quotes/pending', async (req, res) => {
+quoteRouter.get('/quotes/pending', verifyToken, async (req, res) => {
     try {
         const quotes = await pendingQuote.findAll();
         res.json(quotes);
@@ -13,7 +14,7 @@ quoteRouter.get('/quotes/pending', async (req, res) => {
     }
 });
 
-quoteRouter.post('/quotes/add', async (req, res) => {
+quoteRouter.post('/quotes/add', verifyToken, async (req, res) => {
     const { author, authorImage, quote, year, submitterID } = req.body;
     try {
         await newQuote.create({
@@ -30,7 +31,7 @@ quoteRouter.post('/quotes/add', async (req, res) => {
     }
 });
 
-quoteRouter.post('/quotes/approve', async (req, res) => {
+quoteRouter.post('/quotes/approve', verifyToken, async (req, res) => {
     const { id } = req.body;
     try {
         const quote = await pendingQuote.findByPk(id);
@@ -53,7 +54,7 @@ quoteRouter.post('/quotes/approve', async (req, res) => {
     }
 });
 
-quoteRouter.post('/quotes/reject', async (req, res) => {
+quoteRouter.post('/quotes/reject', verifyToken, async (req, res) => {
     const { id } = req.body;
     try {
         const quote = await pendingQuote.findByPk(id);
-- 
cgit v1.2.3