Disabling completely routes if admin token not configured

2022-01-27 18:38:33 +01:00 · 2022-01-27 18:38:33 +01:00 · 12d6d9a50d
parent 767ac9a68f
commit 12d6d9a50d
7 changed files with 22 additions and 5 deletions
--- a/back/src/Controller/DebugController.ts
+++ b/back/src/Controller/DebugController.ts
@ -15,6 +15,9 @@ export class DebugController {
            (async () => {
                const query = parse(req.getQuery());

+                if (ADMIN_API_TOKEN === "") {
+                    return res.writeStatus("401 Unauthorized").end("No token configured!");
+                }
                if (query.token !== ADMIN_API_TOKEN) {
                    return res.writeStatus("401 Unauthorized").end("Invalid token sent!");
                }
--- a/back/src/Enum/EnvironmentVariable.ts
+++ b/back/src/Enum/EnvironmentVariable.ts
@ -2,7 +2,7 @@ const MINIMUM_DISTANCE = process.env.MINIMUM_DISTANCE ? Number(process.env.MINIM
 const GROUP_RADIUS = process.env.GROUP_RADIUS ? Number(process.env.GROUP_RADIUS) : 48;
 const ALLOW_ARTILLERY = process.env.ALLOW_ARTILLERY ? process.env.ALLOW_ARTILLERY == "true" : false;
 const ADMIN_API_URL = process.env.ADMIN_API_URL || "";
-const ADMIN_API_TOKEN = process.env.ADMIN_API_TOKEN || "myapitoken";
+const ADMIN_API_TOKEN = process.env.ADMIN_API_TOKEN || "";
 const CPU_OVERHEAT_THRESHOLD = Number(process.env.CPU_OVERHEAT_THRESHOLD) || 80;
 const JITSI_URL: string | undefined = process.env.JITSI_URL === "" ? undefined : process.env.JITSI_URL;
 const JITSI_ISS = process.env.JITSI_ISS || "";
--- a/pusher/src/Controller/AdminController.ts
+++ b/pusher/src/Controller/AdminController.ts
@ -31,6 +31,9 @@ export class AdminController extends BaseController {
            const token = req.getHeader("admin-token");
            const body = await res.json();

+            if (ADMIN_API_TOKEN === "") {
+                return res.writeStatus("401 Unauthorized").end("No token configured!");
+            }
            if (token !== ADMIN_API_TOKEN) {
                console.error("Admin access refused for token: " + token);
                res.writeStatus("401 Unauthorized").end("Incorrect token");
@ -78,6 +81,9 @@ export class AdminController extends BaseController {
            const token = req.getHeader("admin-token");
            const body = await res.json();

+            if (ADMIN_API_TOKEN === "") {
+                return res.writeStatus("401 Unauthorized").end("No token configured!");
+            }
            if (token !== ADMIN_API_TOKEN) {
                console.error("Admin access refused for token: " + token);
                res.writeStatus("401 Unauthorized").end("Incorrect token");
--- a/pusher/src/Controller/DebugController.ts
+++ b/pusher/src/Controller/DebugController.ts
@ -15,6 +15,9 @@ export class DebugController {
        this.App.get("/dump", (res: HttpResponse, req: HttpRequest) => {
            const query = parse(req.getQuery());

+            if (ADMIN_API_TOKEN === "") {
+                return res.writeStatus("401 Unauthorized").end("No token configured!");
+            }
            if (query.token !== ADMIN_API_TOKEN) {
                return res.writeStatus("401 Unauthorized").end("Invalid token sent!");
            }
--- a/pusher/src/Controller/IoSocketController.ts
+++ b/pusher/src/Controller/IoSocketController.ts
@ -29,7 +29,7 @@ import { AdminSocketTokenData, jwtTokenManager, tokenInvalidException } from "..
 import { adminApi, FetchMemberDataByUuidResponse } from "../Services/AdminApi";
 import { SocketManager, socketManager } from "../Services/SocketManager";
 import { emitInBatch } from "../Services/IoSocketHelpers";
-import { ADMIN_API_URL, DISABLE_ANONYMOUS, SOCKET_IDLE_TIMER } from "../Enum/EnvironmentVariable";
+import { ADMIN_API_URL, ADMIN_SOCKETS_TOKEN, DISABLE_ANONYMOUS, SOCKET_IDLE_TIMER } from "../Enum/EnvironmentVariable";
 import { Zone } from "_Model/Zone";
 import { ExAdminSocketInterface } from "_Model/Websocket/ExAdminSocketInterface";
 import { CharacterTexture } from "../Messages/JsonMessages/CharacterTexture";
@ -42,7 +42,9 @@ export class IoSocketController {

    constructor(private readonly app: TemplatedApp) {
        this.ioConnection();
-        this.adminRoomSocket();
+        if (ADMIN_SOCKETS_TOKEN) {
+            this.adminRoomSocket();
+        }
    }

    adminRoomSocket() {
--- a/pusher/src/Enum/EnvironmentVariable.ts
+++ b/pusher/src/Enum/EnvironmentVariable.ts
@ -3,8 +3,8 @@ const ALLOW_ARTILLERY = process.env.ALLOW_ARTILLERY ? process.env.ALLOW_ARTILLER
 const API_URL = process.env.API_URL || "";
 const ADMIN_API_URL = process.env.ADMIN_API_URL || "";
 const ADMIN_URL = process.env.ADMIN_URL || "";
-const ADMIN_API_TOKEN = process.env.ADMIN_API_TOKEN || "myapitoken";
-export const ADMIN_SOCKETS_TOKEN = process.env.ADMIN_SOCKETS_TOKEN || "myapitoken";
+const ADMIN_API_TOKEN = process.env.ADMIN_API_TOKEN || "";
+export const ADMIN_SOCKETS_TOKEN = process.env.ADMIN_SOCKETS_TOKEN || "";
 const CPU_OVERHEAT_THRESHOLD = Number(process.env.CPU_OVERHEAT_THRESHOLD) || 80;
 const JITSI_URL: string | undefined = process.env.JITSI_URL === "" ? undefined : process.env.JITSI_URL;
 const JITSI_ISS = process.env.JITSI_ISS || "";
--- a/pusher/src/Services/AdminApi.ts
+++ b/pusher/src/Services/AdminApi.ts
@ -81,6 +81,9 @@ class AdminApi {
        reporterUserUuid: string,
        reportWorldSlug: string
    ) {
+        if (!ADMIN_API_URL) {
+            return Promise.reject(new Error("No admin backoffice set!"));
+        }
        return Axios.post(
            `${ADMIN_API_URL}/api/report`,
            {