From 11e7284824e2dfa5eb4517cd0ee5a61923b1746c Mon Sep 17 00:00:00 2001
From: yoclo <147054286+yclw@users.noreply.github.com>
Date: Tue, 29 Apr 2025 23:14:16 +0800
Subject: [PATCH] fix: prevent guest user from updating profile (#8447)

---
 server/handles/auth.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/handles/auth.go b/server/handles/auth.go
index e1f512c4..7a2c0fb5 100644
--- a/server/handles/auth.go
+++ b/server/handles/auth.go
@@ -113,6 +113,10 @@ func UpdateCurrent(c *gin.Context) {
 		return
 	}
 	user := c.MustGet("user").(*model.User)
+	if user.IsGuest() {
+		common.ErrorStrResp(c, "Guest user can not update profile", 403)
+		return
+	}
 	user.Username = req.Username
 	if req.Password != "" {
 		user.SetPassword(req.Password)