dennii/dbgate
1
0
Fork 0
mirror of https://github.com/DeNNiiInc/dbgate.git synced 2026-04-18 14:56:01 +00:00
Code Issues Packages Projects Releases Wiki Activity

timg safe compare token fixes #91

Browse Source
This commit is contained in:
Jan Prochazka
2021-04-30 17:21:35 +02:00
parent 4522c37bfa
commit bd6c116cc0
2 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
packages/api/src/main.js
View File

@@ -31,6 +31,7 @@ const scheduler = require('./controllers/scheduler');
const { rundir } = require('./utility/directories');
const platformInfo = require('./utility/platformInfo');
const processArgs = require('./utility/processArgs');
const timingSafeCheckToken = require('./utility/timingSafeCheckToken');
let authorization = null;
let checkLocalhostOrigin = null;
@@ -56,7 +57,7 @@ function start() {
}
app.use(function (req, res, next) {
if (authorization && req.headers.authorization != authorization) {
if (authorization && !timingSafeCheckToken(req.headers.authorization, authorization)) {
return res.status(403).json({ error: 'Not authorized!' });
}
if (checkLocalhostOrigin) {