Add authentication guard to fs. and stream. routes

2020-11-29 12:22:33 -06:00 · 2020-11-29 12:22:33 -06:00 · 86608545e2
commit 86608545e2
parent 8a5d0edc0d
1 changed files with 9 additions and 1 deletions
--- a/app/ws/Socket.js
+++ b/app/ws/Socket.js
@ -59,18 +59,26 @@ class Socket extends Injectable {

            this.messages = this.messages.filter(x => !x.has_response)
        } else {
+            if ( this.needs_auth(message.route()) && !this.session.is_auth ) {
+                return this.send(response.error(Errors.NodePermissionFail))
+            }
+
            let handler;
            try {
                handler = require(`./routes/${message.route()}`)
            } catch (e) {}

            if ( !handler ) {
-                return this.send(socket, response.error(Errors.InvalidMessageRoute))
+                return this.send(response.error(Errors.InvalidMessageRoute))
            }

            await handler(message, this.app.di().container.proxy())
        }
    }
+
+    needs_auth(route) {
+        return route.startsWith('fs.') || route.startsWith('stream.')
+    }
 }

 module.exports = exports = Socket