From 3e77e63fe878fd19bf038f70aebfec45d138a797 Mon Sep 17 00:00:00 2001
From: Tiago Ribeiro <tiago.ribeiro@ecrop.dev>
Date: Wed, 12 Apr 2023 16:57:15 +0100
Subject: [PATCH] Added protection to the exam endpoint

---
 src/pages/api/exam/[module].ts | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/pages/api/exam/[module].ts b/src/pages/api/exam/[module].ts
index 79febe03..2e85e7d1 100644
--- a/src/pages/api/exam/[module].ts
+++ b/src/pages/api/exam/[module].ts
@@ -2,10 +2,19 @@
 import type {NextApiRequest, NextApiResponse} from "next";
 import {app} from "@/firebase";
 import {getFirestore, collection, getDocs} from "firebase/firestore";
+import {withIronSessionApiRoute} from "iron-session/next";
+import {sessionOptions} from "@/lib/session";
 
 const db = getFirestore(app);
 
-export default async function handler(req: NextApiRequest, res: NextApiResponse) {
+export default withIronSessionApiRoute(handler, sessionOptions);
+
+async function handler(req: NextApiRequest, res: NextApiResponse) {
+	if (!req.session.user) {
+		res.status(401).json({ok: false});
+		return;
+	}
+
 	const {module} = req.query as {module: string};
 
 	const snapshot = await getDocs(collection(db, module));