@actual-app/sync-server 26.1.0-nightly.20251213 → 26.1.0-nightly.20251214

package/build/src/util/validate-user.js

@@ -3,10 +3,6 @@ import { getSession } from '../account-db.js';
 import { config } from '../load-config.js';
 export const TOKEN_EXPIRATION_NEVER = -1;
 const MS_PER_SECOND = 1000;
-/**
- * @param {import('express').Request} req
- * @param {import('express').Response} res
- */
 export function validateSession(req, res) {
     let { token } = req.body || {};
     if (!token) {
@@ -38,11 +34,14 @@ export function validateAuthHeader(req) {
     const trustedAuthProxies = config.get('trustedAuthProxies') ?? config.get('trustedProxies');
     // ensure the first hop from our server is trusted
     const peer = req.socket.remoteAddress;
+    if (peer === undefined) {
+        console.error(`Header Auth Login attempted but there was no defined peer.`);
+        return false;
+    }
     const peerIp = ipaddr.process(peer);
     const rangeList = {
         allowed_ips: trustedAuthProxies.map(q => ipaddr.parseCIDR(q)),
     };
-    // @ts-ignore : there is an error in the ts definition for the function, but this is valid
     const matched = ipaddr.subnetMatch(peerIp, rangeList, 'fail');
     if (matched === 'allowed_ips') {
         console.info(`Header Auth Login permitted from ${peer}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@actual-app/sync-server",
-  "version": "26.1.0-nightly.20251213",
+  "version": "26.1.0-nightly.20251214",
   "license": "MIT",
   "description": "actual syncing server",
   "bin": {
@@ -29,7 +29,7 @@
   },
   "dependencies": {
     "@actual-app/crdt": "2.1.0",
-    "@actual-app/web": "26.1.0-nightly.20251213",
+    "@actual-app/web": "26.1.0-nightly.20251214",
     "bcrypt": "^6.0.0",
     "better-sqlite3": "^12.4.1",
     "convict": "^6.2.4",