From 619934dc296d1ff8f55379dcf0e97d32f029e1f1 Mon Sep 17 00:00:00 2001 From: Asher Date: Fri, 12 Feb 2021 14:56:39 -0600 Subject: [PATCH] Authenticate plugin routes (#2720) --- src/node/plugin.ts | 6 +++--- src/node/routes/index.ts | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/node/plugin.ts b/src/node/plugin.ts index 2ba1bf1e..7b65b6b5 100644 --- a/src/node/plugin.ts +++ b/src/node/plugin.ts @@ -6,7 +6,7 @@ import * as semver from "semver" import * as pluginapi from "../../typings/pluginapi" import { HttpCode, HttpError } from "../common/http" import { version } from "./constants" -import { replaceTemplates } from "./http" +import { ensureAuthenticated, replaceTemplates } from "./http" import { proxy } from "./proxy" import * as util from "./util" import { Router as WsRouter, WebsocketRouter, wss } from "./wsRouter" @@ -122,10 +122,10 @@ export class PluginAPI { public mount(r: express.Router, wr: express.Router): void { for (const [, p] of this.plugins) { if (p.router) { - r.use(`${p.routerPath}`, p.router()) + r.use(`${p.routerPath}`, ensureAuthenticated, p.router()) } if (p.wsRouter) { - wr.use(`${p.routerPath}`, (p.wsRouter() as WebsocketRouter).router) + wr.use(`${p.routerPath}`, ensureAuthenticated, (p.wsRouter() as WebsocketRouter).router) } } } diff --git a/src/node/routes/index.ts b/src/node/routes/index.ts index d04eac34..a4348952 100644 --- a/src/node/routes/index.ts +++ b/src/node/routes/index.ts @@ -12,7 +12,7 @@ import { plural } from "../../common/util" import { AuthType, DefaultedArgs } from "../cli" import { rootPath } from "../constants" import { Heart } from "../heart" -import { redirect, replaceTemplates } from "../http" +import { ensureAuthenticated, redirect, replaceTemplates } from "../http" import { PluginAPI } from "../plugin" import { getMediaMime, paths } from "../util" import { wrapper } from "../wrapper" @@ -119,7 +119,7 @@ export const register = async ( const pluginApi = new PluginAPI(logger, process.env.CS_PLUGIN, process.env.CS_PLUGIN_PATH, workingDir) await pluginApi.loadPlugins() pluginApi.mount(app, wsApp) - app.use("/api/applications", apps.router(pluginApi)) + app.use("/api/applications", ensureAuthenticated, apps.router(pluginApi)) wrapper.onDispose(() => pluginApi.dispose()) }