libre-service.eu/pad.libre-service.eu-etherpad
libre-service.eu/pad.libre-service.eu-etherpad
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-01-19 06:03:34 +01:00
Code Issues Projects Releases Wiki Activity

Fixed api query authorization (#6404)

Browse source 
* Fixed api query authorization

* Fixed api query authorization
This commit is contained in:
SamTV12345 2024-05-24 21:31:58 +02:00 committed by GitHub
parent 63e9b2d4eb
commit 95328dcaeb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 3926 additions and 4941 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
package.json
View file

@ -46,5 +46,6 @@
"url": "https://github.com/ether/etherpad-lite.git"
},
"version": "2.0.3",
"license": "Apache-2.0"
"license": "Apache-2.0",
"packageManager": "pnpm@8.15.6+sha256.01c01eeb990e379b31ef19c03e9d06a14afa5250b82e81303f88721c99ff2e6f"
}

8857
pnpm-lock.yaml
View file

File diff suppressed because it is too large Load diff

7
src/node/handler/APIHandler.ts
View file

@ -175,9 +175,7 @@ exports.handle = async function (apiVersion: string, functionName: string, field
throw new createHTTPError.NotFound('no such function');
}
if(!req.headers.authorization) {
throw new createHTTPError.Unauthorized('no or wrong API Key');
}
if (apikey !== null && apikey.trim().length > 0) {
fields.apikey = fields.apikey || fields.api_key || fields.authorization;
@ -186,6 +184,9 @@ exports.handle = async function (apiVersion: string, functionName: string, field
throw new createHTTPError.Unauthorized('no or wrong API Key');
}
} else {
if(!req.headers.authorization) {
throw new createHTTPError.Unauthorized('no or wrong API Key');
}
try {
await jwtVerify(req.headers.authorization!.replace("Bearer ", ""), publicKeyExported!, {algorithms: ['RS256'],
requiredClaims: ["admin"]})