Disable anonymous access to the streaming API (#23989)
This commit is contained in:
parent
59b24c3688
commit
174352716a
1 changed files with 7 additions and 13 deletions
|
@ -16,7 +16,6 @@ const WebSocket = require('ws');
|
||||||
const { JSDOM } = require('jsdom');
|
const { JSDOM } = require('jsdom');
|
||||||
|
|
||||||
const env = process.env.NODE_ENV || 'development';
|
const env = process.env.NODE_ENV || 'development';
|
||||||
const alwaysRequireAuth = process.env.LIMITED_FEDERATION_MODE === 'true' || process.env.WHITELIST_MODE === 'true' || process.env.AUTHORIZED_FETCH === 'true';
|
|
||||||
|
|
||||||
dotenv.config({
|
dotenv.config({
|
||||||
path: env === 'production' ? '.env.production' : '.env',
|
path: env === 'production' ? '.env.production' : '.env',
|
||||||
|
@ -347,22 +346,17 @@ const startWorker = async (workerId) => {
|
||||||
* @param {boolean=} required
|
* @param {boolean=} required
|
||||||
* @return {Promise.<void>}
|
* @return {Promise.<void>}
|
||||||
*/
|
*/
|
||||||
const accountFromRequest = (req, required = true) => new Promise((resolve, reject) => {
|
const accountFromRequest = (req) => new Promise((resolve, reject) => {
|
||||||
const authorization = req.headers.authorization;
|
const authorization = req.headers.authorization;
|
||||||
const location = url.parse(req.url, true);
|
const location = url.parse(req.url, true);
|
||||||
const accessToken = location.query.access_token || req.headers['sec-websocket-protocol'];
|
const accessToken = location.query.access_token || req.headers['sec-websocket-protocol'];
|
||||||
|
|
||||||
if (!authorization && !accessToken) {
|
if (!authorization && !accessToken) {
|
||||||
if (required) {
|
const err = new Error('Missing access token');
|
||||||
const err = new Error('Missing access token');
|
err.status = 401;
|
||||||
err.status = 401;
|
|
||||||
|
|
||||||
reject(err);
|
reject(err);
|
||||||
return;
|
return;
|
||||||
} else {
|
|
||||||
resolve();
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
const token = authorization ? authorization.replace(/^Bearer /, '') : accessToken;
|
const token = authorization ? authorization.replace(/^Bearer /, '') : accessToken;
|
||||||
|
@ -465,7 +459,7 @@ const startWorker = async (workerId) => {
|
||||||
// variables. OAuth scope checks are moved to the point of subscription
|
// variables. OAuth scope checks are moved to the point of subscription
|
||||||
// to a specific stream.
|
// to a specific stream.
|
||||||
|
|
||||||
accountFromRequest(info.req, alwaysRequireAuth).then(() => {
|
accountFromRequest(info.req).then(() => {
|
||||||
callback(true, undefined, undefined);
|
callback(true, undefined, undefined);
|
||||||
}).catch(err => {
|
}).catch(err => {
|
||||||
log.error(info.req.requestId, err.toString());
|
log.error(info.req.requestId, err.toString());
|
||||||
|
@ -539,7 +533,7 @@ const startWorker = async (workerId) => {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
accountFromRequest(req, alwaysRequireAuth).then(() => checkScopes(req, channelNameFromPath(req))).then(() => {
|
accountFromRequest(req).then(() => checkScopes(req, channelNameFromPath(req))).then(() => {
|
||||||
subscribeHttpToSystemChannel(req, res);
|
subscribeHttpToSystemChannel(req, res);
|
||||||
}).then(() => {
|
}).then(() => {
|
||||||
next();
|
next();
|
||||||
|
|
Loading…
Reference in a new issue