require valid OpenWebRX ticket for all authorize calls
This commit is contained in:
@@ -5527,13 +5527,6 @@ function resolveOpenWebRxOwnerFromRequestContext(req, url) {
|
||||
}
|
||||
|
||||
async function handleOpenWebRxAuthorize(req, res, url) {
|
||||
if (canAuthorizeOpenWebRxByActiveSession()) {
|
||||
await ensureOpenWebRxSdrPath(null, { force: false, minIntervalMs: 3000 });
|
||||
res.writeHead(200, { "Content-Type": "text/plain; charset=utf-8" });
|
||||
res.end("ok");
|
||||
return;
|
||||
}
|
||||
|
||||
const queryTicket = String(url.searchParams.get("ticket") || "").trim();
|
||||
const cookieTicket = readCookie(req.headers && req.headers.cookie, "rms_owrx_ticket");
|
||||
const originalUriHeader = req.headers ? (req.headers["x-original-uri"] || req.headers["x-rewrite-uri"] || "") : "";
|
||||
@@ -5554,12 +5547,6 @@ async function handleOpenWebRxAuthorize(req, res, url) {
|
||||
tickets.push(refererTicket);
|
||||
}
|
||||
if (tickets.length === 0) {
|
||||
if (canAuthorizeOpenWebRxWebSocketWithoutTicket(req, originalUriHeader)) {
|
||||
await ensureOpenWebRxSdrPath(null, { force: false, minIntervalMs: 3000 });
|
||||
res.writeHead(200, { "Content-Type": "text/plain; charset=utf-8" });
|
||||
res.end("ok");
|
||||
return;
|
||||
}
|
||||
res.writeHead(403, { "Content-Type": "text/plain; charset=utf-8" });
|
||||
res.end("forbidden");
|
||||
return;
|
||||
@@ -5654,27 +5641,6 @@ function extractTicketFromUri(rawUri) {
|
||||
return String(params.get("ticket") || "").trim();
|
||||
}
|
||||
|
||||
function canAuthorizeOpenWebRxWebSocketWithoutTicket(req, originalUriHeader) {
|
||||
const headers = req && req.headers ? req.headers : {};
|
||||
const upgrade = String(headers.upgrade || "").toLowerCase();
|
||||
const hasWebSocketKey = Boolean(headers["sec-websocket-key"]);
|
||||
const isWebSocket = upgrade === "websocket" || hasWebSocketKey;
|
||||
if (!isWebSocket) {
|
||||
return false;
|
||||
}
|
||||
if (!runtime.station || !runtime.station.isInUse || !runtime.station.activeByUserId) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
function canAuthorizeOpenWebRxByActiveSession() {
|
||||
if (!runtime.station || !runtime.station.isInUse || !runtime.station.activeByUserId) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
async function handleHelpContent(res, user) {
|
||||
if (!hasRole(user, ["operator", "approver", "admin"])) {
|
||||
return sendError(res, 403, "auth.forbidden", "Nicht berechtigt");
|
||||
|
||||
Reference in New Issue
Block a user