ExternalVendorCode/balena-supervisor
1
0
Fork 0
mirror of https://github.com/balena-os/balena-supervisor.git synced 2024-12-19 13:47:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Allow using an HTTP header for auth

Browse Source
This commit is contained in:
Pablo Carranza Velez 2016-08-15 18:25:31 -03:00
parent 439bac6331
commit 1eb63366ee
2 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -1,3 +1,4 @@
* Allow using an HTTP header for auth [Pablo]
* Add iptables rules to block requests to the supervisor API from all interfaces except vpn, docker and local [Pablo] * Add iptables rules to block requests to the supervisor API from all interfaces except vpn, docker and local [Pablo]
# v1.13.2 # v1.13.2

8
src/api.coffee
View File

@ -17,9 +17,15 @@ module.exports = (application) ->
parsedRouter.use(bodyParser()) parsedRouter.use(bodyParser())
api.use (req, res, next) -> api.use (req, res, next) ->
queryKey = req.query.apikey
header = req.get('Authorization') ? ''
match = header.match(/^ApiKey (\w+)$/)
headerKey = match?[1]
utils.getOrGenerateSecret('api') utils.getOrGenerateSecret('api')
.then (secret) -> .then (secret) ->
if bufferEq(new Buffer(req.query.apikey), new Buffer(secret)) if queryKey? && bufferEq(new Buffer(queryKey), new Buffer(secret))
next()
else if headerKey? && bufferEq(new Buffer(headerKey), new Buffer(secret))
next() next()
else else
res.sendStatus(401) res.sendStatus(401)