NeoAnd/evolution-api
1
0
Fork 0
mirror of https://github.com/EvolutionAPI/evolution-api.git synced 2025-07-13 15:14:49 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix: security fix in fetch instance with client key when not connected to mongodb

Browse Source
This commit is contained in:
Davidson Gomes 2024-05-27 16:35:55 -03:00
parent bd7a42646b
commit 3350cec589
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/api/guards/auth.guard.ts
View File

@ -3,7 +3,7 @@ import { NextFunction, Request, Response } from 'express';
import jwt from 'jsonwebtoken';
import { name } from '../../../package.json';
import { Auth, configService } from '../../config/env.config';
import { Auth, configService, Database } from '../../config/env.config';
import { Logger } from '../../config/logger.config';
import { ForbiddenException, UnauthorizedException } from '../../exceptions';
import { InstanceDto } from '../dto/instance.dto';
@ -58,6 +58,7 @@ async function jwtGuard(req: Request, res: Response, next: NextFunction) {
async function apikey(req: Request, _: Response, next: NextFunction) {
const env = configService.get<Auth>('AUTHENTICATION').API_KEY;
const key = req.get('apikey');
const db = configService.get<Database>('DATABASE');
if (!key) {
throw new UnauthorizedException();
@ -79,7 +80,7 @@ async function apikey(req: Request, _: Response, next: NextFunction) {
return next();
}
} else {
if (req.originalUrl.includes('/instance/fetchInstances')) {
if (req.originalUrl.includes('/instance/fetchInstances') && db.ENABLED) {
const instanceByKey = await repository.auth.findByKey(key);
if (instanceByKey) {
return next();