fix(security): require auth on clan creation, remove debug console.log

POST /herowars/clans was accessible without authentication.
console.log(req.profile) in profiles controller leaked user data to logs.
This commit is contained in:
2026-04-26 21:57:31 +02:00
parent ed0cd81bde
commit c2e65adbc6
2 changed files with 1 additions and 2 deletions
+1 -1
View File
@@ -6,7 +6,7 @@ const clanRouter = express.Router();
//clanRouter.param('clanId', getClan);
clanRouter.get('/', auth.optional, getAllClans);
clanRouter.post('/', auth.optional, createClan);
clanRouter.post('/', auth.required, createClan);
clanRouter.get('/:clanId', auth.required, getClan);
clanRouter.put('/:clanId', auth.required, updateClan);
clanRouter.delete('/:clanId', auth.required, deleteClan);