NeoAnd/evolution-api
1
0
Fork 0
mirror of https://github.com/EvolutionAPI/evolution-api.git synced 2025-07-16 12:12:55 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'release/1.8.0'

Browse Source
This commit is contained in:
Davidson Gomes 2024-05-27 16:36:03 -03:00
commit 05b5ae8a84
2 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -8,6 +8,7 @@
### Fixed ### Fixed
* Correction in message formatting when generated by AI as markdown in typebot * Correction in message formatting when generated by AI as markdown in typebot
* Security fix in fetch instance with client key when not connected to mongodb
# 1.7.5 (2024-05-21 08:50) # 1.7.5 (2024-05-21 08:50)

5
src/api/guards/auth.guard.ts
View File

@ -3,7 +3,7 @@ import { NextFunction, Request, Response } from 'express';
import jwt from 'jsonwebtoken'; import jwt from 'jsonwebtoken';
import { name } from '../../../package.json'; import { name } from '../../../package.json';
import { Auth, configService } from '../../config/env.config'; import { Auth, configService, Database } from '../../config/env.config';
import { Logger } from '../../config/logger.config'; import { Logger } from '../../config/logger.config';
import { ForbiddenException, UnauthorizedException } from '../../exceptions'; import { ForbiddenException, UnauthorizedException } from '../../exceptions';
import { InstanceDto } from '../dto/instance.dto'; import { InstanceDto } from '../dto/instance.dto';
@ -58,6 +58,7 @@ async function jwtGuard(req: Request, res: Response, next: NextFunction) {
async function apikey(req: Request, _: Response, next: NextFunction) { async function apikey(req: Request, _: Response, next: NextFunction) {
const env = configService.get<Auth>('AUTHENTICATION').API_KEY; const env = configService.get<Auth>('AUTHENTICATION').API_KEY;
const key = req.get('apikey'); const key = req.get('apikey');
const db = configService.get<Database>('DATABASE');
if (!key) { if (!key) {
throw new UnauthorizedException(); throw new UnauthorizedException();
@ -79,7 +80,7 @@ async function apikey(req: Request, _: Response, next: NextFunction) {
return next(); return next();
} }
} else { } else {
if (req.originalUrl.includes('/instance/fetchInstances')) { if (req.originalUrl.includes('/instance/fetchInstances') && db.ENABLED) {
const instanceByKey = await repository.auth.findByKey(key); const instanceByKey = await repository.auth.findByKey(key);
if (instanceByKey) { if (instanceByKey) {
return next(); return next();