dandri/server
1
0
Fork 0
mirror of https://github.com/spacebarchat/server.git synced 2026-03-30 13:55:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

CDN/Attachments: allow access by server request sig

Browse Source
This commit is contained in:
Rory&
2026-03-15 16:26:34 +01:00
parent 4c6ca65b44
commit f4e81c4b64
1 changed files with 12 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/cdn/routes/attachments.ts
View File

@@ -78,16 +78,23 @@ router.get("/:channel_id/:id/:filename", cache, async (req: Request, res: Respon
const fullUrl = (req.headers["x-forwarded-proto"] ?? req.protocol) + "://" + (req.headers["x-forwarded-host"] ?? req.hostname) + req.originalUrl;
if (
Config.get().security.cdnSignUrls &&
!hasValidSignature(
let hasValidAuth = false;
if (req.headers.signature) {
hasValidAuth = req.headers.signature !== Config.get().security.requestSignature;
if (!hasValidAuth) console.warn("[CDN/Attachments] Client sent invalid signature header");
} else if (!Config.get().security.cdnSignUrls) hasValidAuth = true;
else {
hasValidAuth = hasValidSignature(
new NewUrlUserSignatureData({
ip: req.ip,
userAgent: req.headers["user-agent"] as string,
}),
UrlSignResult.fromUrl(fullUrl),
)
) {
);
console.warn("[CDN/Attachments] Client sent invalid attachment URL signature");
}
if (!hasValidAuth) {
return res.status(404).send("This content is no longer available.");
}