Infra-Mirrors/uptime-kuma
1
0
Fork 0
mirror of https://github.com/louislam/uptime-kuma.git synced 2025-07-22 14:30:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

Switched to crypto.randomBytes fpr key generation

Browse source 
Keys are now 32 bytes long encoded in a URL safe base64 string

Signed-off-by: Matthew Nickson <mnickson@sidingsmedia.com>
This commit is contained in:
Matthew Nickson 2023-02-26 16:47:34 +00:00
parent b8720b46c3
commit 42a69c16ca
No known key found for this signature in database
GPG key ID: BF229DCFD4748E05
2 changed files with 7 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

7
server/auth.js
View file

@ -44,8 +44,9 @@ async function verifyAPIKey(key) {
return false;
}
let index = key.substring(0, key.indexOf("-"));
let clear = key.substring(key.indexOf("-") + 1, key.length);
// uk prefix + key ID is before _
let index = key.substring(2, key.indexOf("_"));
let clear = key.substring(key.indexOf("_") + 1, key.length);
let hash = await R.findOne("api_key", " id=? ", [ index ]);
@ -137,7 +138,7 @@ exports.basicAuth = async function (req, res, next) {
};
/**
* Use X-API-Key header if API keys enabled, else use basic auth
* Use use API Key if API keys enabled, else use basic auth
* @param {express.Request} req Express request object
* @param {express.Response} res Express response object
* @param {express.NextFunction} next