From 5a32ccfa7abeca326f6d77b47595dbb40dcb768c Mon Sep 17 00:00:00 2001 From: Aria Moradi Date: Wed, 6 Apr 2022 21:30:38 +0430 Subject: [PATCH] fix auth not actually blocking requests (#333) --- .../suwayomi/tachidesk/server/JavalinSetup.kt | 26 ++++++++++--------- 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt b/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt index 0e70ff8ad..d4602c26e 100644 --- a/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt +++ b/server/src/main/kotlin/suwayomi/tachidesk/server/JavalinSetup.kt @@ -54,6 +54,20 @@ object JavalinSetup { } config.enableCorsForAllOrigins() + + config.accessManager { handler, ctx, _ -> + fun credentialsValid(): Boolean { + val (username, password) = ctx.basicAuthCredentials() + return username == serverConfig.basicAuthUsername && password == serverConfig.basicAuthPassword + } + + if (serverConfig.basicAuthEnabled && !(ctx.basicAuthCredentialsExist() && credentialsValid())) { + ctx.header("WWW-Authenticate", "Basic") + ctx.status(401).json("Unauthorized") + } else { + handler.handle(ctx) + } + } }.events { event -> event.serverStarted { if (serverConfig.initialOpenInBrowserEnabled) { @@ -83,18 +97,6 @@ object JavalinSetup { ctx.result(e.message ?: "Internal Server Error") } - app.before { ctx -> - fun credentialsValid(): Boolean { - val (username, password) = ctx.basicAuthCredentials() - return username == serverConfig.basicAuthUsername && password == serverConfig.basicAuthPassword - } - - if (serverConfig.basicAuthEnabled && !(ctx.basicAuthCredentialsExist() && credentialsValid())) { - ctx.header("WWW-Authenticate", "Basic") - ctx.status(401).json("Unauthorized") - } - } - app.routes { path("api/v1/") { GlobalAPI.defineEndpoints()