RanchiMall/fcoin
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

server: fix rpc auth.

Browse Source
This commit is contained in:
Christopher Jeffrey 2016-08-05 14:10:32 -07:00
parent 0a217e7be2
commit ac774fbe3a
No known key found for this signature in database
GPG Key ID: 8962AB9DE6666BBD
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/bcoin/http/server.js
View File

@ -137,6 +137,7 @@ HTTPServer.prototype._init = function _init() {
if (req.method === 'POST'
&& req.pathname === '/') {
req.options = {};
if (self.apiKey) {
assert(utils.isHex(req.password), 'API key must be a hex string.');
assert(req.password.length === 64, 'API key must be 32 bytes.');
@ -262,6 +263,11 @@ HTTPServer.prototype._init = function _init() {
});
this.use(function(req, res, next, send) {
if (req.method === 'POST'
&& req.pathname === '/') {
return next();
}
if (self.apiKey) {
if (!utils.ccmp(req.options.apiKey, self.apiKey)) {
send(403, { error: 'Forbidden.' });