From d3181cb1f8e2054356fa8a8f28b141019b3a8313 Mon Sep 17 00:00:00 2001 From: tycrek Date: Sun, 25 Dec 2022 10:39:30 -0700 Subject: [PATCH] fix: new tokens may have `_` or `-` --- src/routers/upload.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/routers/upload.ts b/src/routers/upload.ts index 0a5cddb..f04ebd4 100644 --- a/src/routers/upload.ts +++ b/src/routers/upload.ts @@ -37,7 +37,7 @@ bb.extend(router, { // Block unauthorized requests and attempt token sanitization router.post('/', (req: Request, res: Response, next: Function) => { req.headers.authorization = req.headers.authorization || ''; - req.token = req.headers.authorization.replace(/[^\da-z]/gi, ''); // Strip anything that isn't a digit or ASCII letter + req.token = req.headers.authorization.replace(/[^\da-z_-]/gi, ''); // Strip anything that isn't a digit, ASCII letter, or underscore/hyphen !verifyValidToken(req) ? log.warn('Upload blocked', 'Unauthorized').callback(() => res.sendStatus(CODE_UNAUTHORIZED)) : next(); // skipcq: JS-0093 });