From 50d0e4a7824f6cd825c17586bb8cfd7bc014debd Mon Sep 17 00:00:00 2001
From: meltland <meltland@icloud.com>
Date: Sat, 15 Mar 2025 13:26:51 -0400
Subject: fuck

---
 main.py | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/main.py b/main.py
index d243d0f..76ea084 100644
--- a/main.py
+++ b/main.py
@@ -407,10 +407,6 @@ async def handler(websocket):
                 if str(websocket.id) not in client_data:
                     await websocket.send(util.error("unauthorized", listener))
                     continue
-                username = client_data[str(websocket.id)]["username"]
-                if "INBOX" not in db.acc.get_perms(username):
-                    await websocket.send(util.error("unauthorized", listener))
-                    continue
                 data = db.inbox.get_recent()
                 await websocket.send(json.dumps({"error": False, "inbox": data, "listener": listener}))
             elif r["command"] == "post_inbox":
@@ -421,6 +417,10 @@ async def handler(websocket):
                 if str(websocket.id) not in client_data:
                     await websocket.send(util.error("unauthorized", listener))
                     continue
+                username = client_data[str(websocket.id)]["username"]
+                if "INBOX" not in db.acc.get_perms(username):
+                    await websocket.send(util.error("unauthorized", listener))
+                    continue
                 attachments = []
                 for i in r["attachments"]:
                     if urlparse(i).hostname in attachment_whitelist:
-- 
cgit 1.4.1-2-gfad0