server owner is unauthorized

youngcoder45 · youngcoder45 · commit 46d87d7b13e3 · 2026-03-07T23:54:33.000+05:30
diff --git a/dash/src/pages/api/server/[serverId]/guild-data.ts b/dash/src/pages/api/server/[serverId]/guild-data.ts
@@ -19,14 +19,20 @@ export default async function handler(
 
   // Check if user has access to this guild
   try {
+    const accessToken = (session as any).accessToken
+    
+    if (!accessToken) {
+      return res.status(401).json({ error: 'Authentication token missing. Please sign out and sign in again.' })
+    }
+
     const guildsResponse = await fetch('https://discord.com/api/v10/users/@me/guilds', {
       headers: {
-        Authorization: `Bearer ${(session as any).accessToken}`,
+        Authorization: `Bearer ${accessToken}`,
       },
     })
 
     if (!guildsResponse.ok) {
-      return res.status(401).json({ error: 'Failed to verify guild access' })
+      return res.status(401).json({ error: 'Failed to verify guild access. Please sign out and sign in again.' })
     }
 
     const userGuilds = await guildsResponse.json()
@@ -36,8 +42,10 @@ export default async function handler(
       return res.status(403).json({ error: 'You do not have access to this server' })
     }
 
-    // Check if user has MANAGE_GUILD permission (0x20 = 32) or is owner
-    const hasPermission = guild.owner || (parseInt(guild.permissions) & 0x20) === 0x20
+    // Check if user has MANAGE_GUILD permission (0x20) or is owner
+    const permissions = BigInt(guild.permissions)
+    const hasManageGuild = (permissions & BigInt(0x20)) === BigInt(0x20)
+    const hasPermission = guild.owner || hasManageGuild
 
     if (!hasPermission) {
       return res.status(403).json({ error: 'You do not have permission to manage this server' })
diff --git a/dash/src/pages/api/server/[serverId]/leaderboard.ts b/dash/src/pages/api/server/[serverId]/leaderboard.ts
@@ -48,14 +48,20 @@ export default async function handler(
 
   // Check if user has access to this guild
   try {
+    const accessToken = (session as any).accessToken
+    
+    if (!accessToken) {
+      return res.status(401).json({ error: 'Authentication token missing. Please sign out and sign in again.' })
+    }
+
     const guildsResponse = await fetch('https://discord.com/api/v10/users/@me/guilds', {
       headers: {
-        Authorization: `Bearer ${(session as any).accessToken}`,
+        Authorization: `Bearer ${accessToken}`,
       },
     })
 
     if (!guildsResponse.ok) {
-      return res.status(401).json({ error: 'Failed to verify guild access' })
+      return res.status(401).json({ error: 'Failed to verify guild access. Please sign out and sign in again.' })
     }
 
     const userGuilds = await guildsResponse.json()
@@ -65,8 +71,10 @@ export default async function handler(
       return res.status(403).json({ error: 'You do not have access to this server' })
     }
 
-    // Check if user has MANAGE_GUILD permission (0x20 = 32) or is owner
-    const hasPermission = guild.owner || (parseInt(guild.permissions) & 0x20) === 0x20
+    // Check if user has MANAGE_GUILD permission (0x20) or is owner
+    const permissions = BigInt(guild.permissions)
+    const hasManageGuild = (permissions & BigInt(0x20)) === BigInt(0x20)
+    const hasPermission = guild.owner || hasManageGuild
 
     if (!hasPermission) {
       return res.status(403).json({ error: 'You do not have permission to manage this server' })
diff --git a/dash/src/pages/api/server/[serverId]/settings.ts b/dash/src/pages/api/server/[serverId]/settings.ts
@@ -21,31 +21,45 @@ export default async function handler(
 
   // Check if user has access to this guild
   try {
+    const accessToken = (session as any).accessToken
+    console.log('[API] Checking guild access for user, serverId:', serverId, 'hasToken:', !!accessToken)
+    
+    if (!accessToken) {
+      console.error('[API] No access token in session')
+      return res.status(401).json({ error: 'Authentication token missing. Please sign out and sign in again.' })
+    }
+
     const guildsResponse = await fetch('https://discord.com/api/v10/users/@me/guilds', {
       headers: {
-        Authorization: `Bearer ${(session as any).accessToken}`,
+        Authorization: `Bearer ${accessToken}`,
       },
     })
 
     if (!guildsResponse.ok) {
-      return res.status(401).json({ error: 'Failed to verify guild access' })
+      console.error('[API] Failed to fetch user guilds:', guildsResponse.status, guildsResponse.statusText)
+      return res.status(401).json({ error: 'Failed to verify guild access. Please sign out and sign in again.' })
     }
 
     const userGuilds = await guildsResponse.json()
     const guild = userGuilds.find((g: any) => g.id === serverId)
 
     if (!guild) {
+      console.warn('[API] User does not have access to guild:', serverId)
       return res.status(403).json({ error: 'You do not have access to this server' })
     }
 
-    // Check if user has MANAGE_GUILD permission (0x20 = 32) or is owner
-    const hasPermission = guild.owner || (parseInt(guild.permissions) & 0x20) === 0x20
+    // Check if user has MANAGE_GUILD permission (0x20) or is owner
+    const permissions = BigInt(guild.permissions)
+    const hasManageGuild = (permissions & BigInt(0x20)) === BigInt(0x20)
+    const hasPermission = guild.owner || hasManageGuild
+
+    console.log('[API] Guild access check:', { owner: guild.owner, hasManageGuild, hasPermission })
 
     if (!hasPermission) {
       return res.status(403).json({ error: 'You do not have permission to manage this server' })
     }
   } catch (error) {
-    console.error('Error checking guild permissions:', error)
+    console.error('[API] Error checking guild permissions:', error)
     return res.status(500).json({ error: 'Failed to verify permissions' })
   }
 
diff --git a/dash/src/pages/api/server/[serverId]/stats.ts b/dash/src/pages/api/server/[serverId]/stats.ts
@@ -21,14 +21,20 @@ export default async function handler(
 
   // Check if user has access to this guild
   try {
+    const accessToken = (session as any).accessToken
+    
+    if (!accessToken) {
+      return res.status(401).json({ error: 'Authentication token missing. Please sign out and sign in again.' })
+    }
+
     const guildsResponse = await fetch('https://discord.com/api/v10/users/@me/guilds', {
       headers: {
-        Authorization: `Bearer ${(session as any).accessToken}`,
+        Authorization: `Bearer ${accessToken}`,
       },
     })
 
     if (!guildsResponse.ok) {
-      return res.status(401).json({ error: 'Failed to verify guild access' })
+      return res.status(401).json({ error: 'Failed to verify guild access. Please sign out and sign in again.' })
     }
 
     const userGuilds = await guildsResponse.json()
@@ -38,8 +44,10 @@ export default async function handler(
       return res.status(403).json({ error: 'You do not have access to this server' })
     }
 
-    // Check if user has MANAGE_GUILD permission (0x20 = 32) or is owner
-    const hasPermission = guild.owner || (parseInt(guild.permissions) & 0x20) === 0x20
+    // Check if user has MANAGE_GUILD permission (0x20) or is owner
+    const permissions = BigInt(guild.permissions)
+    const hasManageGuild = (permissions & BigInt(0x20)) === BigInt(0x20)
+    const hasPermission = guild.owner || hasManageGuild
 
     if (!hasPermission) {
       return res.status(403).json({ error: 'You do not have permission to manage this server' })
