@hasna/todos 0.6.0 → 0.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/index.js +13 -8
- package/package.json +1 -1
package/dist/cli/index.js
CHANGED
|
@@ -8353,14 +8353,19 @@ function createFetchHandler(getPort, dashboardDir, dashboardExists) {
|
|
|
8353
8353
|
if (path.startsWith("/api/") && !path.startsWith("/api/system/") && !path.startsWith("/api/keys")) {
|
|
8354
8354
|
const hasKeys = hasAnyApiKeys();
|
|
8355
8355
|
if (hasKeys) {
|
|
8356
|
-
const
|
|
8357
|
-
const
|
|
8358
|
-
|
|
8359
|
-
|
|
8360
|
-
|
|
8361
|
-
|
|
8362
|
-
|
|
8363
|
-
|
|
8356
|
+
const origin = req.headers.get("origin") || "";
|
|
8357
|
+
const referer = req.headers.get("referer") || "";
|
|
8358
|
+
const isSameOrigin = origin.includes(`localhost:${port}`) || referer.includes(`localhost:${port}`);
|
|
8359
|
+
if (!isSameOrigin) {
|
|
8360
|
+
const authHeader = req.headers.get("authorization");
|
|
8361
|
+
const apiKey = authHeader?.startsWith("Bearer ") ? authHeader.slice(7) : null;
|
|
8362
|
+
if (!apiKey) {
|
|
8363
|
+
return json({ error: "API key required. Pass via Authorization: Bearer <key>" }, 401, port);
|
|
8364
|
+
}
|
|
8365
|
+
const valid = await validateApiKey(apiKey);
|
|
8366
|
+
if (!valid) {
|
|
8367
|
+
return json({ error: "Invalid or expired API key" }, 403, port);
|
|
8368
|
+
}
|
|
8364
8369
|
}
|
|
8365
8370
|
}
|
|
8366
8371
|
}
|