diff options
| author | Pitu <[email protected]> | 2020-07-18 02:55:05 +0900 |
|---|---|---|
| committer | Pitu <[email protected]> | 2020-07-18 02:55:05 +0900 |
| commit | 4dafc79cb74d901bb9454f78277298f020543bb5 (patch) | |
| tree | 8ce7ac02adee64f0780862775a3242d22d2a0adb /src/api/utils | |
| parent | Timeout, package and docs cleanup (diff) | |
| download | host.fuwn.me-4dafc79cb74d901bb9454f78277298f020543bb5.tar.xz host.fuwn.me-4dafc79cb74d901bb9454f78277298f020543bb5.zip | |
fix authorization
Diffstat (limited to 'src/api/utils')
| -rw-r--r-- | src/api/utils/Util.js | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/api/utils/Util.js b/src/api/utils/Util.js index b8d960d..80bffd5 100644 --- a/src/api/utils/Util.js +++ b/src/api/utils/Util.js @@ -206,7 +206,15 @@ class Util { } } - static isAuthorized(req) { + static async isAuthorized(req) { + if (req.headers.token) { + if (!this.options.canApiKey) return false; + const user = await db.table('users').where({ apiKey: req.headers.token }).first(); + if (!user) return false; + if (!user.enabled) return false; + return true; + } + if (!req.headers.authorization) return false; const token = req.headers.authorization.split(' ')[1]; if (!token) return false; |