diff --git a/components/layout/Header.js b/components/layout/Header.js
index a81e016c..5f0ca386 100644
--- a/components/layout/Header.js
+++ b/components/layout/Header.js
@@ -29,21 +29,24 @@ export default function Header() {
} size="large" className={styles.logo} />
umami
-
+
{user && (
-
-
-
-
-
-
-
- {!process.env.isCloudMode && (
-
-
+ <>
+
+
+
+
- )}
-
+
+
+
+ {!process.env.isCloudMode && (
+
+
+
+ )}
+
diff --git a/pages/api/realtime/init.js b/pages/api/realtime/init.js
index 9a9a4297..75ddf022 100644
--- a/pages/api/realtime/init.js
+++ b/pages/api/realtime/init.js
@@ -1,5 +1,5 @@
import { subMinutes } from 'date-fns';
-import { ok, methodNotAllowed, createToken } from 'next-basics';
+import { ok, unauthorized, methodNotAllowed, createToken } from 'next-basics';
import { useAuth } from 'lib/middleware';
import { getUserWebsites, getRealtimeData } from 'queries';
import { secret } from 'lib/crypto';
@@ -10,6 +10,10 @@ export default async (req, res) => {
if (req.method === 'GET') {
const { userId } = req.auth;
+ if (!userId) {
+ return unauthorized(res);
+ }
+
const websites = await getUserWebsites({ userId });
const ids = websites.map(({ websiteUuid }) => websiteUuid);
const token = createToken({ websites: ids }, secret());
diff --git a/pages/api/websites/index.js b/pages/api/websites/index.js
index daecac88..f5fb6cfe 100644
--- a/pages/api/websites/index.js
+++ b/pages/api/websites/index.js
@@ -7,6 +7,7 @@ export default async (req, res) => {
await useAuth(req, res);
const { user_id, include_all } = req.query;
+
const { userId: currentUserId, isAdmin } = req.auth;
const accountUuid = user_id || req.auth.accountUuid;
let account;
@@ -18,7 +19,7 @@ export default async (req, res) => {
const userId = account ? account.id : user_id;
if (req.method === 'GET') {
- if (userId && userId !== currentUserId && !isAdmin) {
+ if (!userId || (userId !== currentUserId && !isAdmin)) {
return unauthorized(res);
}