_Bastler/partey_workadventure
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Disabling completely routes if admin token not configured

Browse Source
This commit is contained in:
David Négrier
2022-01-27 18:38:33 +01:00
parent 767ac9a68f
commit 12d6d9a50d
7 changed files with 22 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pusher/src/Controller/AdminController.ts
+6
View File
@@ -31,6 +31,9 @@ export class AdminController extends BaseController {
const token = req.getHeader("admin-token");
const body = await res.json();
if (ADMIN_API_TOKEN === "") {
return res.writeStatus("401 Unauthorized").end("No token configured!");
}
if (token !== ADMIN_API_TOKEN) {
console.error("Admin access refused for token: " + token);
res.writeStatus("401 Unauthorized").end("Incorrect token");
@@ -78,6 +81,9 @@ export class AdminController extends BaseController {
const token = req.getHeader("admin-token");
const body = await res.json();
if (ADMIN_API_TOKEN === "") {
return res.writeStatus("401 Unauthorized").end("No token configured!");
}
if (token !== ADMIN_API_TOKEN) {
console.error("Admin access refused for token: " + token);
res.writeStatus("401 Unauthorized").end("Incorrect token");