diff --git a/api/middleware.go b/api/middleware.go index 686ba4f..a0ac80c 100644 --- a/api/middleware.go +++ b/api/middleware.go @@ -15,6 +15,7 @@ import ( "gorm.io/gorm" "io" "net/http" + "strconv" "strings" ) @@ -128,6 +129,21 @@ func githubRestVerifyMiddleware(db *gorm.DB) mux.MiddlewareFunc { http.Error(w, err.Error(), http.StatusBadRequest) return } + + if mux.CurrentRoute(r).GetName() == "app-install-get-access-token" { + installId := mux.Vars(r)["installation_id"] + + installIdInt, err := strconv.Atoi(installId) + if err != nil { + http.Error(w, "Invalid Install", http.StatusUnauthorized) + return + } + + if appId != uint(installIdInt) { + http.Error(w, "Invalid Install", http.StatusUnauthorized) + return + } + } } addAuthStatusToRequestServ(true, r, w, next)