From 6f969ed6a6c2d2dc702020d6ef7d77ae50a43c1e Mon Sep 17 00:00:00 2001
From: Kamil Markowicz <kamil@markowicz.net>
Date: Fri, 9 May 2025 22:31:06 -0400
Subject: [PATCH] fix: fixes 403 when using proxy auth

Resolves a 403 response when accessing /ajax/updateThumbnails from a
session authenticated by reverse proxy.

For some reason, the decorators are swapped on this route specifically,
but not the others. This brings the ordering to be consistent with other
routes. The login check should happen before the auth check now.
---
 cps/admin.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cps/admin.py b/cps/admin.py
index 5451080a..26fbe42b 100644
--- a/cps/admin.py
+++ b/cps/admin.py
@@ -189,8 +189,8 @@ def reconnect():
 
 
 @admi.route("/ajax/updateThumbnails", methods=['POST'])
-@admin_required
 @user_login_required
+@admin_required
 def update_thumbnails():
     content = config.get_scheduled_task_settings()
     if content['schedule_generate_book_covers']: