From 3c379d50ee9f24054791695916e157e43f673d3b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Lam?= Date: Mon, 30 Oct 2023 17:43:47 -0400 Subject: [PATCH] fix (api): api key validation --- CONTRIBUTING.md | 2 +- server/common/api.go | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 4b96d0c14..7807e8bfb 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -23,7 +23,7 @@ git clone https://github.com/mickael-kerjean/filestash cd filestash # Install dependencies -npm install # frontend dependencies +npm install --legacy-peer-deps # frontend dependencies make build_init # install the required static libraries mkdir -p ./dist/data/state/ cp -R config ./dist/data/state/ diff --git a/server/common/api.go b/server/common/api.go index e44fac2d1..fd266fff2 100644 --- a/server/common/api.go +++ b/server/common/api.go @@ -8,20 +8,20 @@ import ( func VerifyApiKey(api_key string) (host string, err error) { isApiEnabled := Config.Get("features.api.enable").Bool() - apiKey := Config.Get("feature.api.api_key").String() + allowedApiKeys := Config.Get("features.api.api_key").String() if isApiEnabled == false { return "", NewError("Api is not enabled", 503) - } else if apiKey == os.Getenv("API_KEY") { + } else if api_key == os.Getenv("API_KEY") { return "*", nil } - lines := strings.Split(apiKey, "\n") + lines := strings.Split(allowedApiKeys, "\n") for _, line := range lines { line = regexp.MustCompile(` #.*`).ReplaceAllString(line, "") // remove comment chunks := strings.SplitN(line, " ", 2) if len(chunks) == 0 { continue - } else if chunks[0] != apiKey { + } else if chunks[0] != api_key { continue } if len(chunks) == 1 {