Use config flag to change whether token integrity is checked
ref KTLO-1 Allows us to get this out to self-hosters much faster
This commit is contained in:
parent
23c0882019
commit
244e612f53
@ -169,20 +169,27 @@ const createIntegrityToken = async function createIntegrityToken(req, res) {
|
||||
};
|
||||
|
||||
const verifyIntegrityToken = async function verifyIntegrityToken(req, res, next) {
|
||||
const shouldThrowForInvalidToken = config.get('verifyRequestIntegrity');
|
||||
try {
|
||||
const token = req.body.integrityToken;
|
||||
if (!token) {
|
||||
logging.warn('Request with missing integrity token.');
|
||||
// In future this will throw an error
|
||||
if (shouldThrowForInvalidToken) {
|
||||
throw new errors.BadRequestError();
|
||||
} else {
|
||||
return next();
|
||||
}
|
||||
}
|
||||
if (membersService.requestIntegrityTokenProvider.validate(token)) {
|
||||
return next();
|
||||
} else {
|
||||
logging.warn('Request with invalid integrity token.');
|
||||
// In future this will throw an error
|
||||
if (shouldThrowForInvalidToken) {
|
||||
throw new errors.BadRequestError();
|
||||
} else {
|
||||
return next();
|
||||
}
|
||||
}
|
||||
} catch (err) {
|
||||
next(err);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user