Add header auth so it does not allow passing

2026-01-28 22:00:51 +00:00 · 2025-10-13 14:57:50 -07:00
parent 2cff142266
commit 38faf1f905
1 changed files with 6 additions and 3 deletions
--- a/server/routers/badger/verifySession.ts
+++ b/server/routers/badger/verifySession.ts
@@ -196,11 +196,13 @@ export async function verifyResourceSession(
            // otherwise its undefined and we pass
        }

+        // IMPORTANT: ADD NEW AUTH CHECKS HERE OR WHEN TURNING OFF ALL OTHER AUTH METHODS IT WILL JUST PASS
        if (
            !resource.sso &&
            !pincode &&
            !password &&
-            !resource.emailWhitelistEnabled
+            !resource.emailWhitelistEnabled &&
+            !headerAuth
        ) {
            logger.debug("Resource allowed because no auth");
            return allowed(res);
@@ -295,8 +297,9 @@ export async function verifyResourceSession(
        }

        // check for HTTP Basic Auth header
+        const clientHeaderAuthKey = `headerAuth:${clientHeaderAuth}`;
        if (headerAuth && clientHeaderAuth) {
-            if (cache.get(clientHeaderAuth)) {
+            if (cache.get(clientHeaderAuthKey)) {
                logger.debug(
                    "Resource allowed because header auth is valid (cached)"
                );
@@ -307,7 +310,7 @@ export async function verifyResourceSession(
                    headerAuth.headerAuthHash
                )
            ) {
-                cache.set(clientHeaderAuth, clientHeaderAuth);
+                cache.set(clientHeaderAuthKey, clientHeaderAuth);
                logger.debug("Resource allowed because header auth is valid");
                return allowed(res);
            }