aboutsummaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
authorMateja <mail@matejamaric.com>2021-07-27 19:16:14 +0200
committerMateja <mail@matejamaric.com>2021-07-27 19:16:14 +0200
commit10b0444eacee8e54c947a88b1cc27252666fe14c (patch)
treec2ebfc2c0922d39c6ed8bf472f6184763ab454ff /server
parent306c59e56c5038d13f94b9477bcdd060ab282ee6 (diff)
downloadmevn-ecommerce-10b0444eacee8e54c947a88b1cc27252666fe14c.tar.gz
mevn-ecommerce-10b0444eacee8e54c947a88b1cc27252666fe14c.zip
Protect API endpoint for showing paid orders.
Diffstat (limited to 'server')
-rw-r--r--server/routes/api.js2
1 files changed, 1 insertions, 1 deletions
diff --git a/server/routes/api.js b/server/routes/api.js
index cf1d2d6..b680b70 100644
--- a/server/routes/api.js
+++ b/server/routes/api.js
@@ -17,7 +17,7 @@ router.post('/products', isAuth, isAdmin, upload.single('image'), productsContro
router.patch('/products/:id', isAuth, isAdmin, upload.single('image'), productsController.update);
router.delete('/products/:id', isAuth, isAdmin, productsController.destroy);
-router.get('/transactions/paid', transactionController.showPaid);
+router.get('/transactions/paid', isAuth, isAdmin, transactionController.showPaid);
router.post('/transactions/setup', transactionController.setup);
router.post('/transactions/capture', transactionController.capture);