mirrors/etherpad-lite
1
0
Fork 0
mirror of https://github.com/ether/etherpad-lite.git synced 2025-04-23 08:56:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 9

Fixed api query authorization (#6404)

Browse source 
* Fixed api query authorization

* Fixed api query authorization
This commit is contained in:
SamTV12345 2024-05-24 21:31:58 +02:00 committed by GitHub
parent 63e9b2d4eb
commit 95328dcaeb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 3926 additions and 4941 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/node/handler/APIHandler.ts
View file

@ -175,9 +175,7 @@ exports.handle = async function (apiVersion: string, functionName: string, field
throw new createHTTPError.NotFound('no such function');
}
if(!req.headers.authorization) {
throw new createHTTPError.Unauthorized('no or wrong API Key');
}
if (apikey !== null && apikey.trim().length > 0) {
fields.apikey = fields.apikey || fields.api_key || fields.authorization;
@ -186,6 +184,9 @@ exports.handle = async function (apiVersion: string, functionName: string, field
throw new createHTTPError.Unauthorized('no or wrong API Key');
}
} else {
if(!req.headers.authorization) {
throw new createHTTPError.Unauthorized('no or wrong API Key');
}
try {
await jwtVerify(req.headers.authorization!.replace("Bearer ", ""), publicKeyExported!, {algorithms: ['RS256'],
requiredClaims: ["admin"]})