From 2a775d4bf7a68c4a0a9371d4c398dc459d03c135 Mon Sep 17 00:00:00 2001
From: "Philip H." <47042125+pheiduck@users.noreply.github.com>
Date: Sun, 3 Dec 2023 11:46:13 +0000
Subject: [PATCH] fixup: Prototype-polluting assignment (medium)

---
 src/lib/Server.js | 26 ++++++++++++++++----------
 1 file changed, 16 insertions(+), 10 deletions(-)

diff --git a/src/lib/Server.js b/src/lib/Server.js
index b7cd79c8..d9d2bd83 100644
--- a/src/lib/Server.js
+++ b/src/lib/Server.js
@@ -118,9 +118,6 @@ module.exports = class Server {
         const svg = await WireGuard.getClientQRCodeSVG({ clientId });
         res.header('Content-Type', 'image/svg+xml');
         res.send(svg);
-        if (clientId === '__proto__' || clientId === 'constructor' || clientId === 'prototype') {
-          res.end(403);
-        }
       }))
       .get('/api/wireguard/client/:clientId/configuration', Util.promisify(async (req, res) => {
         const { clientId } = req.params;
@@ -134,9 +131,6 @@ module.exports = class Server {
         res.header('Content-Disposition', `attachment; filename="${configName || clientId}.conf"`);
         res.header('Content-Type', 'text/plain');
         res.send(config);
-        if (clientId === '__proto__' || clientId === 'constructor' || clientId === 'prototype') {
-          res.end(403);
-        }
       }))
       .post('/api/wireguard/client', Util.promisify(async (req) => {
         const { name } = req.body;
@@ -146,21 +140,33 @@ module.exports = class Server {
         const { clientId } = req.params;
         return WireGuard.deleteClient({ clientId });
       }))
-      .post('/api/wireguard/client/:clientId/enable', Util.promisify(async (req) => {
+      .post('/api/wireguard/client/:clientId/enable', Util.promisify(async (req, res) => {
         const { clientId } = req.params;
+        if (clientId === '__proto__' || clientId === 'constructor' || clientId === 'prototype') {
+          res.end(403);
+        }
         return WireGuard.enableClient({ clientId });
       }))
-      .post('/api/wireguard/client/:clientId/disable', Util.promisify(async (req) => {
+      .post('/api/wireguard/client/:clientId/disable', Util.promisify(async (req, res) => {
         const { clientId } = req.params;
+        if (clientId === '__proto__' || clientId === 'constructor' || clientId === 'prototype') {
+          res.end(403);
+        }
         return WireGuard.disableClient({ clientId });
       }))
-      .put('/api/wireguard/client/:clientId/name', Util.promisify(async (req) => {
+      .put('/api/wireguard/client/:clientId/name', Util.promisify(async (req, res) => {
         const { clientId } = req.params;
+        if (clientId === '__proto__' || clientId === 'constructor' || clientId === 'prototype') {
+          res.end(403);
+        }
         const { name } = req.body;
         return WireGuard.updateClientName({ clientId, name });
       }))
-      .put('/api/wireguard/client/:clientId/address', Util.promisify(async (req) => {
+      .put('/api/wireguard/client/:clientId/address', Util.promisify(async (req, res) => {
         const { clientId } = req.params;
+        if (clientId === '__proto__' || clientId === 'constructor' || clientId === 'prototype') {
+          res.end(403);
+        }
         const { address } = req.body;
         return WireGuard.updateClientAddress({ clientId, address });
       }))