Mirrors/audiobookshelf
Mirrors/audiobookshelf
1
0
Fork 0
mirror of https://github.com/advplyr/audiobookshelf.git synced 2025-10-27 11:18:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Security fix for GHSA-pg8v-5jcv-wrvw

Browse Source
This commit is contained in:
mikiher 2025-02-11 22:02:51 +02:00
parent 068ba84a8c
commit ec65376569
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
server/Auth.js
View File

@ -10,6 +10,7 @@ const ExtractJwt = require('passport-jwt').ExtractJwt
const OpenIDClient = require('openid-client')
const Database = require('./Database')
const Logger = require('./Logger')
const { escapeRegExp } = require('./utils')
/**
* @class Class for handling all the authentication related functionality.
@ -18,7 +19,11 @@ class Auth {
constructor() {
// Map of openId sessions indexed by oauth2 state-variable
this.openIdAuthSession = new Map()
this.ignorePatterns = [/\/api\/items\/[^/]+\/cover/, /\/api\/authors\/[^/]+\/image/]
const escapedRouterBasePath = escapeRegExp(global.RouterBasePath)
this.ignorePatterns = [
new RegExp(`^(${escapedRouterBasePath}/api)?/items/[^/]+/cover$`),
new RegExp(`^(${escapedRouterBasePath}/api)?/authors/[^/]+/image$`)
]
}
/**
@ -28,7 +33,7 @@ class Auth {
* @private
*/
authNotNeeded(req) {
return req.method === 'GET' && this.ignorePatterns.some((pattern) => pattern.test(req.originalUrl))
return req.method === 'GET' && this.ignorePatterns.some((pattern) => pattern.test(req.path))
}
ifAuthNeeded(middleware) {