zefie/minisrv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BREAKING CHANGES: (for SeCuRiTy):

Browse Source 
By default:
- `ssid_sessions[socket.ssid]` is now `session_data`
- `require` is no longer allowed in user scripts

To access global `socket_sessions` and `ssid_sessions`, as well as `require` additional modules, you must set `privileged: true` for the specific service. See `config.json`.
This commit is contained in:
zefie
2022-10-09 13:26:14 -04:00
parent 2491f62b89
commit 37f1ab67ad
118 changed files with 577 additions and 530 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
zefie_wtvp_minisrv/ServiceVault/wtv-setup/edit-user-name.js
View File

@@ -1,11 +1,11 @@
var minisrv_service_file = true;
ssid_sessions[socket.ssid].loadSessionData();
session_data.loadSessionData();
var user_id = (request_headers.query.user_id) ? request_headers.query.user_id : ssid_sessions[socket.ssid].user_id;
var user_id = (request_headers.query.user_id) ? request_headers.query.user_id : session_data.user_id;
// security
if (ssid_sessions[socket.ssid].user_id != 0 && ssid_sessions[socket.ssid].user_id != request_headers.query.user_id) {
if (session_data.user_id != 0 && session_data.user_id != request_headers.query.user_id) {
user_id = null; // force unset
var errpage = wtvshared.doErrorPage(400, "You are not authorized to change the selected user's password.");
headers = errpage[0];
@@ -14,7 +14,7 @@ if (ssid_sessions[socket.ssid].user_id != 0 && ssid_sessions[socket.ssid].user_i
if (user_id != null) {
var userSession = null;
if (ssid_sessions[socket.ssid].user_id == request_headers.query.user_id) userSession = ssid_sessions[socket.ssid];
if (session_data.user_id == request_headers.query.user_id) userSession = session_data;
else {
userSession = new WTVClientSessionData(minisrv_config, socket.ssid);
userSession.user_id = user_id;