session key

2 files changed, 4 insertions, 5 deletions

diff --git a/src/server/ApiManagers/SessionManager.ts b/src/server/ApiManagers/SessionManager.ts
index a99aa05e0..f1629b8f0 100644
--- a/src/server/ApiManagers/SessionManager.ts
+++ b/src/server/ApiManagers/SessionManager.ts
@@ -8,16 +8,15 @@ const permissionError = "You are not authorized!";
 
 export default class SessionManager extends ApiManager {
 
-    private secureSubscriber = (root: string, ...params: string[]) => new RouteSubscriber(root).add("sessionKey", ...params);
+    private secureSubscriber = (root: string, ...params: string[]) => new RouteSubscriber(root).add("session_key", ...params);
 
     private authorizedAction = (handler: SecureHandler) => {
         return (core: AuthorizedCore) => {
-            const { req, res, isRelease } = core;
-            const { sessionKey } = req.params;
+            const { req: { params }, res, isRelease } = core;
             if (!isRelease) {
                 return res.send("This can be run only on the release server.");
             }
-            if (sessionKey !== process.env.session_key) {
+            if (params.session_key !== process.env.session_key) {
                 return _permission_denied(res, permissionError);
             }
             return handler(core);
diff --git a/src/server/RouteManager.ts b/src/server/RouteManager.ts
index 5afd607fd..f9ffdaa80 100644
--- a/src/server/RouteManager.ts
+++ b/src/server/RouteManager.ts
@@ -197,5 +197,5 @@ export function _permission_denied(res: express.Response, message?: string) {
     if (message) {
         res.statusMessage = message;
     }
-    res.status(STATUS.BAD_REQUEST).send("Permission Denied!");
+    res.status(STATUS.PERMISSION_DENIED).send("Permission Denied!");
 }