From a2797cabc2d9426d283fd20cf7b6613705d79325 Mon Sep 17 00:00:00 2001
From: exyi <exyi@outlook.cz>
Date: Sat, 17 Oct 2020 18:22:22 +0000
Subject: [PATCH] Forbid tasks.json modification on production env

---
 server/Ksp.WebServer/Controllers/TasksController.cs | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/Ksp.WebServer/Controllers/TasksController.cs b/server/Ksp.WebServer/Controllers/TasksController.cs
index 9c7c1d4..0a38497 100644
--- a/server/Ksp.WebServer/Controllers/TasksController.cs
+++ b/server/Ksp.WebServer/Controllers/TasksController.cs
@@ -5,6 +5,7 @@ using System.Linq;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.Extensions.Hosting;
 using Microsoft.Extensions.Logging;
 
 namespace Ksp.WebServer.Controllers
@@ -33,6 +34,9 @@ namespace Ksp.WebServer.Controllers
         [HttpPost]
         public async Task<IActionResult> Post()
         {
+            if (env.IsProduction())
+                return this.Forbid();
+
             // TODO: auth org
             using var rdr = new StreamReader(HttpContext.Request.Body);
             await System.IO.File.WriteAllTextAsync(TasksJsonFile, await rdr.ReadToEndAsync());