mirror/RSS-Bridge.rss-bridge
1
0
Fork 0
mirror of https://github.com/RSS-Bridge/rss-bridge.git synced 2025-07-02 18:14:42 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: token authentication (#3927)

Browse source
This commit is contained in:
Dag 2024-01-25 18:20:02 +01:00 committed by GitHub
parent d08d13f2c8
commit e58c867a82
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
13 changed files with 95 additions and 138 deletions
Download patch file Download diff file Expand all files Collapse all files

18
lib/RssBridge.php
View file

@ -47,6 +47,7 @@ final class RssBridge
]), 503);
}
// HTTP Basic auth check
if (Configuration::getConfig('authentication', 'enable')) {
if (Configuration::getConfig('authentication', 'password') === '') {
return new Response('The authentication password cannot be the empty string', 500);
@ -71,6 +72,23 @@ final class RssBridge
// At this point the username and password was correct
}
// Add token as attribute to request
$request = $request->withAttribute('token', $request->get('token'));
// Token authentication check
if (Configuration::getConfig('authentication', 'token')) {
if (! $request->attribute('token')) {
return new Response(render(__DIR__ . '/../templates/token.html.php', [
'message' => '',
]), 401);
}
if (! hash_equals(Configuration::getConfig('authentication', 'token'), $request->attribute('token'))) {
return new Response(render(__DIR__ . '/../templates/token.html.php', [
'message' => 'Invalid token',
]), 401);
}
}
$action = $request->get('action', 'Frontpage');
$actionName = strtolower($action) . 'Action';
$actionName = implode(array_map('ucfirst', explode('-', $actionName)));