dahjah/headplane
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

fix: protect the restart endpoint with auth

Browse Source
This commit is contained in:
Aarnav Tale 2024-04-01 19:33:22 -04:00
parent bdb00b6cd7
commit d787b8517e
No known key found for this signature in database
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
app/routes/_data.dns._index/route.tsx
View File

@ -12,6 +12,7 @@ import Spinner from '~/components/Spinner'
import TableList from '~/components/TableList' import TableList from '~/components/TableList'
import { getConfig, getContext, patchConfig } from '~/utils/config' import { getConfig, getContext, patchConfig } from '~/utils/config'
import { restartHeadscale } from '~/utils/docker' import { restartHeadscale } from '~/utils/docker'
import { getSession } from '~/utils/sessions'
import { useLiveData } from '~/utils/useLiveData' import { useLiveData } from '~/utils/useLiveData'
import Domains from './domains' import Domains from './domains'
@ -45,9 +46,18 @@ export async function loader() {
} }
export async function action({ request }: ActionFunctionArgs) { export async function action({ request }: ActionFunctionArgs) {
const session = await getSession(request.headers.get('Cookie'))
if (!session.has('hsApiKey')) {
return json({ success: false }, {
status: 401
})
}
const context = await getContext() const context = await getContext()
if (!context.hasConfigWrite) { if (!context.hasConfigWrite) {
return json({ success: false }) return json({ success: false }, {
status: 403
})
} }
const data = await request.json() as Record<string, unknown> const data = await request.json() as Record<string, unknown>