6 tahun lalu · d559ae50c6
--- a/src/api/middleware/auth/index.js
+++ b/src/api/middleware/auth/index.js
@@ -1,10 +1,15 @@
 
				+const config = require('../../../../config');
			
 
				 const realm = require('../../../services/realm');
			
 
				 
			
 
				 module.exports = (req, res, next) => {
			
 
				-  const { id, token } = req.params;
			
 
				+  const { id, token, key } = req.params;
			
 
				 
			
 
				   const sendAuthError = () => res.sendStatus(401);
			
 
				 
			
 
				+  if (key !== config.get('key')) {
			
 
				+    return sendAuthError();
			
 
				+  }
			
 
				+
			
 
				   if (!id) {
			
 
				     return next();
			
 
				   }
			
--- a/src/api/v1/public/index.js
+++ b/src/api/v1/public/index.js
@@ -8,14 +8,9 @@ const randomId = () => {
 
				   return (Math.random().toString(36) + '0000000000000000000').substr(2, 16);
			
 
				 };
			
 
				 
			
 
				-const generateClientId = (key) => {
			
 
				+const generateClientId = () => {
			
 
				   let clientId = randomId();
			
 
				 
			
 
				-  const realm = realmsCache.getRealmByKey(key);
			
 
				-  if (!realm) {
			
 
				-    return clientId;
			
 
				-  }
			
 
				-
			
 
				   while (realm.getClientById(clientId)) {
			
 
				     clientId = randomId();
			
 
				   }
			
@@ -25,10 +20,8 @@ const generateClientId = (key) => {
 
				 
			
 
				 // Retrieve guaranteed random ID.
			
 
				 app.get('/id', (req, res, next) => {
			
 
				-  const { key } = req.params;
			
 
				-
			
 
				   res.contentType = 'text/html';
			
 
				-  res.send(generateClientId(key));
			
 
				+  res.send(generateClientId());
			
 
				 });
			
 
				 
			
 
				 // Get a list of all peers for a key, enabled by the `allowDiscovery` flag.
			
@@ -41,25 +34,3 @@ app.get('/peers', (req, res, next) => {
 
				 
			
 
				   res.sendStatus(401);
			
 
				 });
			
 
				-
			
 
				-// Server sets up HTTP streaming when you get post an ID.
			
 
				-// app.post('/:id/:token/id', (req, res, next) => {
			
 
				-//   var id = req.params.id;
			
 
				-//   var token = req.params.token;
			
 
				-//   var key = req.params.key;
			
 
				-//   var ip = req.connection.remoteAddress;
			
 
				-
			
 
				-//   if (!self._clients[key] || !self._clients[key][id]) {
			
 
				-//     self._checkKey(key, ip, function (err) {
			
 
				-//       if (!err && !self._clients[key][id]) {
			
 
				-//         self._clients[key][id] = { token: token, ip: ip };
			
 
				-//         self._ips[ip]++;
			
 
				-//         self._startStreaming(res, key, id, token, true);
			
 
				-//       } else {
			
 
				-//         res.send(JSON.stringify({ type: 'HTTP-ERROR' }));
			
 
				-//       }
			
 
				-//     });
			
 
				-//   } else {
			
 
				-//     self._startStreaming(res, key, id, token);
			
 
				-//   }
			
 
				-// });