summaryrefslogtreecommitdiff
path: root/packages/backend/src/server/api
diff options
context:
space:
mode:
Diffstat (limited to 'packages/backend/src/server/api')
-rw-r--r--packages/backend/src/server/api/endpoints/admin/accounts/create.ts6
1 files changed, 2 insertions, 4 deletions
diff --git a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts
index a2f9bf6945..f54d567fff 100644
--- a/packages/backend/src/server/api/endpoints/admin/accounts/create.ts
+++ b/packages/backend/src/server/api/endpoints/admin/accounts/create.ts
@@ -15,8 +15,6 @@ import { DI } from '@/di-symbols.js';
export const meta = {
tags: ['admin'],
- secure: true,
-
res: {
type: 'object',
optional: false, nullable: false,
@@ -48,12 +46,12 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
private userEntityService: UserEntityService,
private signupService: SignupService,
) {
- super(meta, paramDef, async (ps, _me) => {
+ super(meta, paramDef, async (ps, _me, token) => {
const me = _me ? await this.usersRepository.findOneByOrFail({ id: _me.id }) : null;
const noUsers = (await this.usersRepository.countBy({
host: IsNull(),
})) === 0;
- if (!noUsers && !me?.isRoot) throw new Error('access denied');
+ if ((!noUsers && !me?.isRoot) || token !== null) throw new Error('access denied');
const { account, secret } = await this.signupService.signup({
username: ps.username,
generated by cgit v1.2.3-freya (git 2.53.0.84.g453e7b744a) at 2026-04-20 17:36:55 +0000