Disabling completely routes if admin token not configured

2022-01-27 18:38:33 +01:00 · 2022-01-27 18:38:33 +01:00 · 12d6d9a50d
commit 12d6d9a50d
parent 767ac9a68f
7 changed files with 22 additions and 5 deletions
--- a/back/src/Controller/DebugController.ts
+++ b/back/src/Controller/DebugController.ts
@ -15,6 +15,9 @@ export class DebugController {
            (async () => {
                const query = parse(req.getQuery());

+                if (ADMIN_API_TOKEN === "") {
+                    return res.writeStatus("401 Unauthorized").end("No token configured!");
+                }
                if (query.token !== ADMIN_API_TOKEN) {
                    return res.writeStatus("401 Unauthorized").end("Invalid token sent!");
                }
--- a/back/src/Enum/EnvironmentVariable.ts
+++ b/back/src/Enum/EnvironmentVariable.ts
@ -2,7 +2,7 @@ const MINIMUM_DISTANCE = process.env.MINIMUM_DISTANCE ? Number(process.env.MINIM
 const GROUP_RADIUS = process.env.GROUP_RADIUS ? Number(process.env.GROUP_RADIUS) : 48;
 const ALLOW_ARTILLERY = process.env.ALLOW_ARTILLERY ? process.env.ALLOW_ARTILLERY == "true" : false;
 const ADMIN_API_URL = process.env.ADMIN_API_URL || "";
-const ADMIN_API_TOKEN = process.env.ADMIN_API_TOKEN || "myapitoken";
+const ADMIN_API_TOKEN = process.env.ADMIN_API_TOKEN || "";
 const CPU_OVERHEAT_THRESHOLD = Number(process.env.CPU_OVERHEAT_THRESHOLD) || 80;
 const JITSI_URL: string | undefined = process.env.JITSI_URL === "" ? undefined : process.env.JITSI_URL;
 const JITSI_ISS = process.env.JITSI_ISS || "";