From 08a77f6ddbf3972cef9ec168b149da69cf81bfb9 Mon Sep 17 00:00:00 2001
From: Sheen Capadngan <sheensantoscapadngan@gmail.com>
Date: Fri, 14 Jun 2024 02:37:01 +0800
Subject: [PATCH] misc: added missing auth check for rate-limit endpoint

---
 backend/src/server/routes/v1/rate-limit-router.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/backend/src/server/routes/v1/rate-limit-router.ts b/backend/src/server/routes/v1/rate-limit-router.ts
index f2f2002280..2b08a0c324 100644
--- a/backend/src/server/routes/v1/rate-limit-router.ts
+++ b/backend/src/server/routes/v1/rate-limit-router.ts
@@ -21,6 +21,11 @@ export const registerRateLimitRouter = async (server: FastifyZodProvider) => {
         })
       }
     },
+    onRequest: (req, res, done) => {
+      verifyAuth([AuthMode.JWT])(req, res, () => {
+        verifySuperAdmin(req, res, done);
+      });
+    },
     handler: async () => {
       const rateLimit = await server.services.rateLimit.getRateLimits();
       if (!rateLimit) {
@@ -40,7 +45,7 @@ export const registerRateLimitRouter = async (server: FastifyZodProvider) => {
       rateLimit: readLimit
     },
     onRequest: (req, res, done) => {
-      verifyAuth([AuthMode.JWT, AuthMode.API_KEY])(req, res, () => {
+      verifyAuth([AuthMode.JWT])(req, res, () => {
         verifySuperAdmin(req, res, done);
       });
     },