Skip to content

Commit bf5fa8c

Browse files
versxversx
authored
Merge pull request #79 from versx/token
Add device token middleware
2 parents 6f0441b + d2e354b commit bf5fa8c

File tree

3 files changed

+22
-4
lines changed

3 files changed

+22
-4
lines changed

src/config.example.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2,6 +2,7 @@
22
"title": "Device Config Manager",
33
"interface": "0.0.0.0",
44
"port": 9991,
5+
"tokens": ["Replace with GC/Kevin/AI token"],
56
"locale": "en",
67
"style": "dark",
78
"timezone": "America/Denver",

src/middleware/auth-header.js

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
'use strict';
2+
3+
const config = require('../config.json');
4+
5+
module.exports = (req, res, next) => {
6+
const authHeader = req.headers['authorization'];
7+
if (!authHeader) {
8+
return res.sendStatus(403);
9+
}
10+
const bearer = authHeader.split(' ')[1];
11+
if (config.tokens.length > 0 && !config.tokens.includes((bearer || '').toLowerCase())) {
12+
return res.sendStatus(403);
13+
}
14+
//return true;
15+
return next();
16+
};

src/routes/api.js

Lines changed: 5 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,7 @@ const screenshotsDir = path.resolve(__dirname, '../../screenshots');
1111
const upload = multer({ dest: screenshotsDir });
1212

1313
const config = require('../config.json');
14+
const AuthTokenMiddleware = require('../middleware/auth-header.js');
1415
const Account = require('../models/account.js');
1516
const Config = require('../models/config.js');
1617
const Device = require('../models/device.js');
@@ -307,7 +308,7 @@ router.post('/device/edit/:uuid', async (req, res) => {
307308
});
308309

309310
// Kevin screenshot support
310-
router.post('/device/:uuid/screen', upload.single('file'), (req, res) => {
311+
router.post('/device/:uuid/screen', AuthTokenMiddleware, upload.single('file'), (req, res) => {
311312
const uuid = req.params.uuid;
312313
const fileName = uuid + '.png';
313314
const tempPath = req.file.path;
@@ -344,7 +345,7 @@ router.post('/device/:uuid/screen', upload.single('file'), (req, res) => {
344345
}
345346
});
346347

347-
router.post('/device/screen/:uuid', (req, res) => {
348+
router.post('/device/screen/:uuid', AuthTokenMiddleware, (req, res) => {
348349
const uuid = req.params.uuid;
349350
logger('dcm').info(`Received screen ${uuid}`);
350351
const data = Buffer.from(req.body.body, 'base64');
@@ -399,7 +400,7 @@ router.get('/configs', async (req, res) => {
399400
}
400401
});
401402

402-
router.post('/config', async (req, res) => {
403+
router.post('/config', AuthTokenMiddleware, async (req, res) => {
403404
const { uuid, ios_version, ipa_version, model, webserver_port } = req.body;
404405
let device = await Device.getByName(uuid);
405406
let noConfig = false;
@@ -672,7 +673,7 @@ router.get('/logs/:uuid', async (req, res) => {
672673
});
673674
});
674675

675-
router.post('/log/new', async (req, res) => {
676+
router.post('/log/new', AuthTokenMiddleware, async (req, res) => {
676677
if (!config.logging.enabled) {
677678
// Logs are disabled
678679
res.send('OK');

0 commit comments

Comments
 (0)