From 86608545e2f81deb9655003012a3dc8d8582e6c7 Mon Sep 17 00:00:00 2001
From: garrettmills <shout@garrettmills.dev>
Date: Sun, 29 Nov 2020 12:22:33 -0600
Subject: [PATCH] Add authentication guard to fs. and stream. routes

---
 app/ws/Socket.js | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/ws/Socket.js b/app/ws/Socket.js
index bbbf832..ec0a30d 100644
--- a/app/ws/Socket.js
+++ b/app/ws/Socket.js
@@ -59,18 +59,26 @@ class Socket extends Injectable {
 
             this.messages = this.messages.filter(x => !x.has_response)
         } else {
+            if ( this.needs_auth(message.route()) && !this.session.is_auth ) {
+                return this.send(response.error(Errors.NodePermissionFail))
+            }
+
             let handler;
             try {
                 handler = require(`./routes/${message.route()}`)
             } catch (e) {}
 
             if ( !handler ) {
-                return this.send(socket, response.error(Errors.InvalidMessageRoute))
+                return this.send(response.error(Errors.InvalidMessageRoute))
             }
 
             await handler(message, this.app.di().container.proxy())
         }
     }
+
+    needs_auth(route) {
+        return route.startsWith('fs.') || route.startsWith('stream.')
+    }
 }
 
 module.exports = exports = Socket