Kraut.World/server
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Disabling completely routes if admin token not configured

Browse source
This commit is contained in:
David Négrier 2022-01-27 18:38:33 +01:00
parent 767ac9a68f
commit 12d6d9a50d
7 changed files with 22 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
pusher/src/Controller/AdminController.ts
View file

@ -31,6 +31,9 @@ export class AdminController extends BaseController {
const token = req.getHeader("admin-token");
const body = await res.json();
if (ADMIN_API_TOKEN === "") {
return res.writeStatus("401 Unauthorized").end("No token configured!");
}
if (token !== ADMIN_API_TOKEN) {
console.error("Admin access refused for token: " + token);
res.writeStatus("401 Unauthorized").end("Incorrect token");
@ -78,6 +81,9 @@ export class AdminController extends BaseController {
const token = req.getHeader("admin-token");
const body = await res.json();
if (ADMIN_API_TOKEN === "") {
return res.writeStatus("401 Unauthorized").end("No token configured!");
}
if (token !== ADMIN_API_TOKEN) {
console.error("Admin access refused for token: " + token);
res.writeStatus("401 Unauthorized").end("Incorrect token");

3
pusher/src/Controller/DebugController.ts
View file

@ -15,6 +15,9 @@ export class DebugController {
this.App.get("/dump", (res: HttpResponse, req: HttpRequest) => {
const query = parse(req.getQuery());
if (ADMIN_API_TOKEN === "") {
return res.writeStatus("401 Unauthorized").end("No token configured!");
}
if (query.token !== ADMIN_API_TOKEN) {
return res.writeStatus("401 Unauthorized").end("Invalid token sent!");
}

6
pusher/src/Controller/IoSocketController.ts
View file

@ -29,7 +29,7 @@ import { AdminSocketTokenData, jwtTokenManager, tokenInvalidException } from "..
import { adminApi, FetchMemberDataByUuidResponse } from "../Services/AdminApi";
import { SocketManager, socketManager } from "../Services/SocketManager";
import { emitInBatch } from "../Services/IoSocketHelpers";
import { ADMIN_API_URL, DISABLE_ANONYMOUS, SOCKET_IDLE_TIMER } from "../Enum/EnvironmentVariable";
import { ADMIN_API_URL, ADMIN_SOCKETS_TOKEN, DISABLE_ANONYMOUS, SOCKET_IDLE_TIMER } from "../Enum/EnvironmentVariable";
import { Zone } from "_Model/Zone";
import { ExAdminSocketInterface } from "_Model/Websocket/ExAdminSocketInterface";
import { CharacterTexture } from "../Messages/JsonMessages/CharacterTexture";
@ -42,7 +42,9 @@ export class IoSocketController {
constructor(private readonly app: TemplatedApp) {
this.ioConnection();
this.adminRoomSocket();
if (ADMIN_SOCKETS_TOKEN) {
this.adminRoomSocket();
}
}
adminRoomSocket() {