Pied/server
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add authentication guard to fs. and stream. routes

Browse Source
This commit is contained in:
Garrett Mills 2020-11-29 12:22:33 -06:00
parent 8a5d0edc0d
commit 86608545e2
Signed by: garrettmills
GPG Key ID: D2BF5FBA8298F246
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
app/ws/Socket.js
View File

@ -59,18 +59,26 @@ class Socket extends Injectable {
this.messages = this.messages.filter(x => !x.has_response) this.messages = this.messages.filter(x => !x.has_response)
} else { } else {
if ( this.needs_auth(message.route()) && !this.session.is_auth ) {
return this.send(response.error(Errors.NodePermissionFail))
}
let handler; let handler;
try { try {
handler = require(`./routes/${message.route()}`) handler = require(`./routes/${message.route()}`)
} catch (e) {} } catch (e) {}
if ( !handler ) { if ( !handler ) {
return this.send(socket, response.error(Errors.InvalidMessageRoute)) return this.send(response.error(Errors.InvalidMessageRoute))
} }
await handler(message, this.app.di().container.proxy()) await handler(message, this.app.di().container.proxy())
} }
} }
needs_auth(route) {
return route.startsWith('fs.') || route.startsWith('stream.')
}
} }
module.exports = exports = Socket module.exports = exports = Socket