sendnrw/netbird
2
0
Fork 0
mirror of https://github.com/netbirdio/netbird.git synced 2026-04-22 18:26:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

return error when trying to use accountID path variable with PAT

Browse Source
This commit is contained in:
Pascal Fischer
2025-04-02 16:03:33 +02:00
parent 09243a0fe0
commit de457788ba
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
management/server/http/middleware/auth_middleware.go
View File

@@ -142,6 +142,12 @@ func (m *AuthMiddleware) checkPATFromRequest(r *http.Request, auth []string) (*h
return r, fmt.Errorf("token expired")
}
if impersonate, ok := r.URL.Query()["account"]; ok && len(impersonate) == 1 {
if user.AccountID != impersonate[0] {
return r, fmt.Errorf("token is not valid for this account")
}
}
err = m.authManager.MarkPATUsed(ctx, pat.ID)
if err != nil {
return r, err