fix: close web access to foreign groups and sessions

2026-04-23 20:09:22 +03:00
parent ecc2236937
commit 1c4cfb71c0
14 changed files with 352 additions and 49 deletions
@@ -3,8 +3,9 @@
@using Microsoft.AspNetCore.Components.Authorization
@using GmRelay.Web.Services
@attribute [Authorize]
-@inject SessionService SessionService
+@inject AuthorizedSessionService SessionService
@inject AuthenticationStateProvider AuthStateProvider
+@inject NavigationManager Navigation

 <PageTitle>Панель управления — GM-Relay</PageTitle>

@@ -88,10 +89,12 @@
        var user = authState.User;
        userName = user.Identity?.Name ?? "Мастер Игры";

-        var telegramIdClaim = user.FindFirst("TelegramId")?.Value;
-        if (long.TryParse(telegramIdClaim, out var telegramId))
+        if (!user.TryGetTelegramId(out var telegramId))
        {
-            groups = await SessionService.GetGroupsForGmAsync(telegramId);
+            Navigation.NavigateTo("/access-denied");
+            return;
        }
+
+        groups = await SessionService.GetGroupsForGmAsync(telegramId);
    }
 }