From 068d7c4b3eb008cfb743ae774c03ac378ce4daad Mon Sep 17 00:00:00 2001
From: LD-Reborn <lucretia.dietz@gmx.de>
Date: Sun, 30 Nov 2025 20:34:19 +0100
Subject: [PATCH] Fixed missing uploads authorization check

---
 Program.cs | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/Program.cs b/Program.cs
index c5f88cc..0472b82 100644
--- a/Program.cs
+++ b/Program.cs
@@ -1,3 +1,4 @@
+using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Localization;
 using Microsoft.EntityFrameworkCore;
@@ -94,7 +95,19 @@ app.UseRouting();
 app.UseAuthentication();
 app.UseAuthorization();
 
-app.MapStaticAssets();
+app.Use(async (context, next) =>
+{
+    if (context.Request.Path.StartsWithSegments("/uploads")
+        && !(context.User.Identity?.IsAuthenticated ?? false))
+    {
+        context.Response.StatusCode = 401;
+        return;
+    }
+    
+    await next();
+});
+
+app.UseStaticFiles();
 
 app.MapControllerRoute(
     name: "default",