From 654d6ad32753221cfbb2b6a238c642794e81714a Mon Sep 17 00:00:00 2001
From: Edoardo Spadoni <edoardo.spadoni@nethesis.it>
Date: Wed, 13 Mar 2024 10:22:48 +0100
Subject: [PATCH] admin. check authorized routes

---
 api/storage/storage.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/api/storage/storage.go b/api/storage/storage.go
index 146a540..653ad87 100644
--- a/api/storage/storage.go
+++ b/api/storage/storage.go
@@ -111,6 +111,11 @@ func UpdateAccount(accountID string, account models.Account) error {
 }
 
 func IsAdmin(accountUsername string) (bool, string) {
+	// check if is admin
+	if accountUsername == configuration.Config.AdminUsername {
+		return true, ""
+	}
+
 	// get db
 	db := Instance()
 
@@ -118,12 +123,14 @@ func IsAdmin(accountUsername string) (bool, string) {
 	var id string
 	query := "SELECT id FROM accounts where username = ? LIMIT 1"
 	err := db.QueryRow(query, accountUsername).Scan(&id)
+
+	// check error
 	if err != nil {
 		logs.Logs.Println("[ERR][STORAGE][GET_PASSWORD] error in query execution:" + err.Error())
 	}
 
-	// return password
-	return id == "1", id
+	// check if user it's me
+	return false, id
 }
 
 func GetAccounts() ([]models.Account, error) {