pangolin_mirror/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-03-11 21:26:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add header auth so it does not allow passing

Browse Source
This commit is contained in:
Owen
2025-10-13 14:57:50 -07:00
parent 2cff142266
commit 38faf1f905
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
server/routers/badger/verifySession.ts
View File

@@ -196,11 +196,13 @@ export async function verifyResourceSession(
// otherwise its undefined and we pass // otherwise its undefined and we pass
} }
// IMPORTANT: ADD NEW AUTH CHECKS HERE OR WHEN TURNING OFF ALL OTHER AUTH METHODS IT WILL JUST PASS
if ( if (
!resource.sso && !resource.sso &&
!pincode && !pincode &&
!password && !password &&
!resource.emailWhitelistEnabled !resource.emailWhitelistEnabled &&
!headerAuth
) { ) {
logger.debug("Resource allowed because no auth"); logger.debug("Resource allowed because no auth");
return allowed(res); return allowed(res);
@@ -295,8 +297,9 @@ export async function verifyResourceSession(
} }
// check for HTTP Basic Auth header // check for HTTP Basic Auth header
const clientHeaderAuthKey = `headerAuth:${clientHeaderAuth}`;
if (headerAuth && clientHeaderAuth) { if (headerAuth && clientHeaderAuth) {
if (cache.get(clientHeaderAuth)) { if (cache.get(clientHeaderAuthKey)) {
logger.debug( logger.debug(
"Resource allowed because header auth is valid (cached)" "Resource allowed because header auth is valid (cached)"
); );
@@ -307,7 +310,7 @@ export async function verifyResourceSession(
headerAuth.headerAuthHash headerAuth.headerAuthHash
) )
) { ) {
cache.set(clientHeaderAuth, clientHeaderAuth); cache.set(clientHeaderAuthKey, clientHeaderAuth);
logger.debug("Resource allowed because header auth is valid"); logger.debug("Resource allowed because header auth is valid");
return allowed(res); return allowed(res);
} }