From 094cdab65e061f5486c55a097c5331ed6b135c69 Mon Sep 17 00:00:00 2001
From: Nicholas Pease <me@nicholaspease.com>
Date: Fri, 19 Apr 2024 11:18:46 -0400
Subject: [PATCH] DM Security Fix

---
 frontend-next/src/app/dm/page.js | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/frontend-next/src/app/dm/page.js b/frontend-next/src/app/dm/page.js
index f71beb2..b46a1fb 100644
--- a/frontend-next/src/app/dm/page.js
+++ b/frontend-next/src/app/dm/page.js
@@ -26,6 +26,7 @@ function Chat() {
   const [doneLoading, setDoneLoading] = useState(false) // is the page done loading or not
   const [authUser, authLoading] = useAuthState(auth) // auth user object (used to obtain other user object)
   const [drawerOpen, setDrawerOpen] = useState(true); // drawer open state
+  const [isUserAuthed, setIsUserAuthed] = useState(false); // is the user authenticated or not
 
   var windowSize = useWindowSize()
   useEffect(() => {
@@ -57,7 +58,10 @@ function Chat() {
     if (user) {
         const searchParams = new URLSearchParams(document.location.search);
         var path = searchParams.get("dm")
-
+        if (path.includes(user.uid))
+          setIsUserAuthed(true)
+        else
+          location.href = "/app"
         /*// Send entered message
         var payload = {
             body: "entered",
@@ -102,7 +106,7 @@ function Chat() {
 
   return (
     <div>
-      {(authUser && doneLoading) && (
+      {(authUser && doneLoading && isUserAuthed) && (
         <div className="overflow-hidden h-dvh">
           {/* Left Side of Page */}
           <div className="overflow-hidden h-dvh md:mr-[400px]">
-- 
2.52.0