highperfocused/bostr
1
0
Fork 0
mirror of https://github.com/Yonle/bostr.git synced 2025-03-17 13:22:49 +01:00
Code Issues Packages Projects Releases Wiki Activity

auth.js: fix auth that let's everyone in

Browse Source 
Even with authorized_keys being set, If noscraper is enabled in config,
Then an unexpected behavior will occurs due to bad code on auth.js.

See the following diff for details.

Signed-off-by: Yonle <yonle@lecturify.net>
This commit is contained in:
Yonle 2024-08-01 22:54:23 +07:00
parent 8b131e239b
commit 49181f4ec9
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
auth.js
View File

@ -18,7 +18,9 @@ module.exports = (authKey, data, ws, req) => {
return false;
}
if (!authorized_keys?.includes(data.pubkey) && !private_keys[data.pubkey] && !noscraper) {
let pubkeyInConfig = authorized_keys?.includes(data.pubkey) || data.pubkey in private_keys;
if (authorized_keys?.length && !pubkeyInConfig) {
ws.send(JSON.stringify(["OK", data.id, false, "unauthorized."]));
return false;
}