From 0ed82328059ddb89b7e54f275e2a082bd43dfb08 Mon Sep 17 00:00:00 2001
From: Sainan <sainan@calamity.inc>
Date: Thu, 27 Mar 2025 00:49:44 +0100
Subject: [PATCH] require valid authz for getGuildContributions

---
 src/controllers/api/getGuildContributionsController.ts | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/controllers/api/getGuildContributionsController.ts b/src/controllers/api/getGuildContributionsController.ts
index e5ff9086..72d61cbe 100644
--- a/src/controllers/api/getGuildContributionsController.ts
+++ b/src/controllers/api/getGuildContributionsController.ts
@@ -1,9 +1,11 @@
 import { GuildMember } from "@/src/models/guildModel";
-import { Inventory } from "@/src/models/inventoryModels/inventoryModel";
+import { getInventory } from "@/src/services/inventoryService";
+import { getAccountIdForRequest } from "@/src/services/loginService";
 import { RequestHandler } from "express";
 
 export const getGuildContributionsController: RequestHandler = async (req, res) => {
-    const guildId = (await Inventory.findOne({ accountOwnerId: req.query.accountId }, "GuildId"))!.GuildId;
+    const accountId = await getAccountIdForRequest(req);
+    const guildId = (await getInventory(accountId, "GuildId")).GuildId;
     const guildMember = (await GuildMember.findOne({ guildId, accountId: req.query.buddyId }))!;
     res.json({
         _id: { $oid: req.query.buddyId },