open-source-mirrors
/
ass
mirror of https://github.com/tycrek/ass
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix: new tokens may have `_` or `-`

Browse Source
pull/182/head
tycrek 1 year ago
parent 2abea4894d
commit d3181cb1f8
No known key found for this signature in database
GPG Key ID: FF8A54DCE404885A
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File

2
src/routers/upload.ts
Unescape View File

@ -37,7 +37,7 @@ bb.extend(router, {
// Block unauthorized requests and attempt token sanitization
router.post('/', (req: Request, res: Response, next: Function) => {
req.headers.authorization = req.headers.authorization || '';
req.token = req.headers.authorization.replace(/[^\da-z]/gi, ''); // Strip anything that isn't a digit or ASCII letter
req.token = req.headers.authorization.replace(/[^\da-z_-]/gi, ''); // Strip anything that isn't a digit, ASCII letter, or underscore/hyphen
!verifyValidToken(req) ? log.warn('Upload blocked', 'Unauthorized').callback(() => res.sendStatus(CODE_UNAUTHORIZED)) : next(); // skipcq: JS-0093
});

Write Preview
Loading…
Cancel
Save