Disabling completely routes if admin token not configured
This commit is contained in:
parent
767ac9a68f
commit
12d6d9a50d
@ -15,6 +15,9 @@ export class DebugController {
|
||||
(async () => {
|
||||
const query = parse(req.getQuery());
|
||||
|
||||
if (ADMIN_API_TOKEN === "") {
|
||||
return res.writeStatus("401 Unauthorized").end("No token configured!");
|
||||
}
|
||||
if (query.token !== ADMIN_API_TOKEN) {
|
||||
return res.writeStatus("401 Unauthorized").end("Invalid token sent!");
|
||||
}
|
||||
|
@ -2,7 +2,7 @@ const MINIMUM_DISTANCE = process.env.MINIMUM_DISTANCE ? Number(process.env.MINIM
|
||||
const GROUP_RADIUS = process.env.GROUP_RADIUS ? Number(process.env.GROUP_RADIUS) : 48;
|
||||
const ALLOW_ARTILLERY = process.env.ALLOW_ARTILLERY ? process.env.ALLOW_ARTILLERY == "true" : false;
|
||||
const ADMIN_API_URL = process.env.ADMIN_API_URL || "";
|
||||
const ADMIN_API_TOKEN = process.env.ADMIN_API_TOKEN || "myapitoken";
|
||||
const ADMIN_API_TOKEN = process.env.ADMIN_API_TOKEN || "";
|
||||
const CPU_OVERHEAT_THRESHOLD = Number(process.env.CPU_OVERHEAT_THRESHOLD) || 80;
|
||||
const JITSI_URL: string | undefined = process.env.JITSI_URL === "" ? undefined : process.env.JITSI_URL;
|
||||
const JITSI_ISS = process.env.JITSI_ISS || "";
|
||||
|
@ -31,6 +31,9 @@ export class AdminController extends BaseController {
|
||||
const token = req.getHeader("admin-token");
|
||||
const body = await res.json();
|
||||
|
||||
if (ADMIN_API_TOKEN === "") {
|
||||
return res.writeStatus("401 Unauthorized").end("No token configured!");
|
||||
}
|
||||
if (token !== ADMIN_API_TOKEN) {
|
||||
console.error("Admin access refused for token: " + token);
|
||||
res.writeStatus("401 Unauthorized").end("Incorrect token");
|
||||
@ -78,6 +81,9 @@ export class AdminController extends BaseController {
|
||||
const token = req.getHeader("admin-token");
|
||||
const body = await res.json();
|
||||
|
||||
if (ADMIN_API_TOKEN === "") {
|
||||
return res.writeStatus("401 Unauthorized").end("No token configured!");
|
||||
}
|
||||
if (token !== ADMIN_API_TOKEN) {
|
||||
console.error("Admin access refused for token: " + token);
|
||||
res.writeStatus("401 Unauthorized").end("Incorrect token");
|
||||
|
@ -15,6 +15,9 @@ export class DebugController {
|
||||
this.App.get("/dump", (res: HttpResponse, req: HttpRequest) => {
|
||||
const query = parse(req.getQuery());
|
||||
|
||||
if (ADMIN_API_TOKEN === "") {
|
||||
return res.writeStatus("401 Unauthorized").end("No token configured!");
|
||||
}
|
||||
if (query.token !== ADMIN_API_TOKEN) {
|
||||
return res.writeStatus("401 Unauthorized").end("Invalid token sent!");
|
||||
}
|
||||
|
@ -29,7 +29,7 @@ import { AdminSocketTokenData, jwtTokenManager, tokenInvalidException } from "..
|
||||
import { adminApi, FetchMemberDataByUuidResponse } from "../Services/AdminApi";
|
||||
import { SocketManager, socketManager } from "../Services/SocketManager";
|
||||
import { emitInBatch } from "../Services/IoSocketHelpers";
|
||||
import { ADMIN_API_URL, DISABLE_ANONYMOUS, SOCKET_IDLE_TIMER } from "../Enum/EnvironmentVariable";
|
||||
import { ADMIN_API_URL, ADMIN_SOCKETS_TOKEN, DISABLE_ANONYMOUS, SOCKET_IDLE_TIMER } from "../Enum/EnvironmentVariable";
|
||||
import { Zone } from "_Model/Zone";
|
||||
import { ExAdminSocketInterface } from "_Model/Websocket/ExAdminSocketInterface";
|
||||
import { CharacterTexture } from "../Messages/JsonMessages/CharacterTexture";
|
||||
@ -42,8 +42,10 @@ export class IoSocketController {
|
||||
|
||||
constructor(private readonly app: TemplatedApp) {
|
||||
this.ioConnection();
|
||||
if (ADMIN_SOCKETS_TOKEN) {
|
||||
this.adminRoomSocket();
|
||||
}
|
||||
}
|
||||
|
||||
adminRoomSocket() {
|
||||
this.app.ws("/admin/rooms", {
|
||||
|
@ -3,8 +3,8 @@ const ALLOW_ARTILLERY = process.env.ALLOW_ARTILLERY ? process.env.ALLOW_ARTILLER
|
||||
const API_URL = process.env.API_URL || "";
|
||||
const ADMIN_API_URL = process.env.ADMIN_API_URL || "";
|
||||
const ADMIN_URL = process.env.ADMIN_URL || "";
|
||||
const ADMIN_API_TOKEN = process.env.ADMIN_API_TOKEN || "myapitoken";
|
||||
export const ADMIN_SOCKETS_TOKEN = process.env.ADMIN_SOCKETS_TOKEN || "myapitoken";
|
||||
const ADMIN_API_TOKEN = process.env.ADMIN_API_TOKEN || "";
|
||||
export const ADMIN_SOCKETS_TOKEN = process.env.ADMIN_SOCKETS_TOKEN || "";
|
||||
const CPU_OVERHEAT_THRESHOLD = Number(process.env.CPU_OVERHEAT_THRESHOLD) || 80;
|
||||
const JITSI_URL: string | undefined = process.env.JITSI_URL === "" ? undefined : process.env.JITSI_URL;
|
||||
const JITSI_ISS = process.env.JITSI_ISS || "";
|
||||
|
@ -81,6 +81,9 @@ class AdminApi {
|
||||
reporterUserUuid: string,
|
||||
reportWorldSlug: string
|
||||
) {
|
||||
if (!ADMIN_API_URL) {
|
||||
return Promise.reject(new Error("No admin backoffice set!"));
|
||||
}
|
||||
return Axios.post(
|
||||
`${ADMIN_API_URL}/api/report`,
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user