mirrors/Tachidesk
1
0
Fork 0
mirror of https://github.com/Suwayomi/Tachidesk.git synced 2026-01-04 10:52:34 +01:00
Code Issues Projects Releases Wiki Activity

fix auth not actually blocking requests (#333)

Browse Source
This commit is contained in:
Aria Moradi
2022-04-06 21:30:38 +04:30
committed by GitHub
parent f51818b157
commit 5a32ccfa7a
1 changed files with 14 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt
View File

@@ -54,6 +54,20 @@ object JavalinSetup {
}
config.enableCorsForAllOrigins()
config.accessManager { handler, ctx, _ ->
fun credentialsValid(): Boolean {
val (username, password) = ctx.basicAuthCredentials()
return username == serverConfig.basicAuthUsername && password == serverConfig.basicAuthPassword
}
if (serverConfig.basicAuthEnabled && !(ctx.basicAuthCredentialsExist() && credentialsValid())) {
ctx.header("WWW-Authenticate", "Basic")
ctx.status(401).json("Unauthorized")
} else {
handler.handle(ctx)
}
}
}.events { event ->
event.serverStarted {
if (serverConfig.initialOpenInBrowserEnabled) {
@@ -83,18 +97,6 @@ object JavalinSetup {
ctx.result(e.message ?: "Internal Server Error")
}
app.before { ctx ->
fun credentialsValid(): Boolean {
val (username, password) = ctx.basicAuthCredentials()
return username == serverConfig.basicAuthUsername && password == serverConfig.basicAuthPassword
}
if (serverConfig.basicAuthEnabled && !(ctx.basicAuthCredentialsExist() && credentialsValid())) {
ctx.header("WWW-Authenticate", "Basic")
ctx.status(401).json("Unauthorized")
}
}
app.routes {
path("api/v1/") {
GlobalAPI.defineEndpoints()