[mirotalk] - fix: harden API key authorization checks and remove default secret
This commit is contained in:
Miroslav Pejic
+1
-1
@@ -1,5 +1,5 @@
|
||||
# ====================================================
|
||||
# MiroTalk P2P v.1.8.03 - Environment Configuration
|
||||
# MiroTalk P2P v.1.8.04 - Environment Configuration
|
||||
# ====================================================
|
||||
|
||||
# App environment
|
||||
|
||||
+3
-1
@@ -16,7 +16,9 @@ module.exports = class ServerApi {
|
||||
}
|
||||
|
||||
isAuthorized() {
|
||||
if (this._authorization != this._api_key_secret) return false;
|
||||
if (!this._api_key_secret || typeof this._api_key_secret !== 'string') return false;
|
||||
if (!this._authorization || typeof this._authorization !== 'string') return false;
|
||||
if (this._authorization !== this._api_key_secret) return false;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
|
||||
/**
|
||||
* ==============================================
|
||||
* MiroTalk P2P v.1.8.03 - Configuration File
|
||||
* MiroTalk P2P v.1.8.04 - Configuration File
|
||||
* ==============================================
|
||||
*
|
||||
* This file is the central configuration source.
|
||||
@@ -92,7 +92,7 @@ module.exports = {
|
||||
// API
|
||||
// ==========================================
|
||||
api: {
|
||||
keySecret: process.env.API_KEY_SECRET || 'mirotalkp2p_default_secret',
|
||||
keySecret: process.env.API_KEY_SECRET,
|
||||
disabled: parseJsonEnv(process.env.API_DISABLED, ['token', 'meetings']),
|
||||
},
|
||||
|
||||
|
||||
+1
-1
@@ -45,7 +45,7 @@ dependencies: {
|
||||
* @license For commercial use or closed source, contact us at license.mirotalk@gmail.com or purchase directly from CodeCanyon
|
||||
* @license CodeCanyon: https://codecanyon.net/item/mirotalk-p2p-webrtc-realtime-video-conferences/38376661
|
||||
* @author Miroslav Pejic - miroslav.pejic.85@gmail.com
|
||||
* @version 1.8.03
|
||||
* @version 1.8.04
|
||||
*
|
||||
*/
|
||||
|
||||
|
||||
Generated
+6
-6
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "mirotalk",
|
||||
"version": "1.8.03",
|
||||
"version": "1.8.04",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "mirotalk",
|
||||
"version": "1.8.03",
|
||||
"version": "1.8.04",
|
||||
"license": "AGPL-3.0",
|
||||
"dependencies": {
|
||||
"@mattermost/client": "11.5.0",
|
||||
@@ -40,7 +40,7 @@
|
||||
"mocha": "^11.7.5",
|
||||
"node-fetch": "^3.3.2",
|
||||
"nodemon": "^3.1.14",
|
||||
"prettier": "3.8.2",
|
||||
"prettier": "3.8.3",
|
||||
"proxyquire": "^2.1.3",
|
||||
"should": "^13.2.3",
|
||||
"sinon": "^21.1.2"
|
||||
@@ -5323,9 +5323,9 @@
|
||||
}
|
||||
},
|
||||
"node_modules/prettier": {
|
||||
"version": "3.8.2",
|
||||
"resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.2.tgz",
|
||||
"integrity": "sha512-8c3mgTe0ASwWAJK+78dpviD+A8EqhndQPUBpNUIPt6+xWlIigCwfN01lWr9MAede4uqXGTEKeQWTvzb3vjia0Q==",
|
||||
"version": "3.8.3",
|
||||
"resolved": "https://registry.npmjs.org/prettier/-/prettier-3.8.3.tgz",
|
||||
"integrity": "sha512-7igPTM53cGHMW8xWuVTydi2KO233VFiTNyF5hLJqpilHfmn8C8gPf+PS7dUT64YcXFbiMGZxS9pCSxL/Dxm/Jw==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"bin": {
|
||||
|
||||
+2
-2
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "mirotalk",
|
||||
"version": "1.8.03",
|
||||
"version": "1.8.04",
|
||||
"description": "A free WebRTC browser-based video call",
|
||||
"main": "server.js",
|
||||
"scripts": {
|
||||
@@ -75,7 +75,7 @@
|
||||
"mocha": "^11.7.5",
|
||||
"node-fetch": "^3.3.2",
|
||||
"nodemon": "^3.1.14",
|
||||
"prettier": "3.8.2",
|
||||
"prettier": "3.8.3",
|
||||
"proxyquire": "^2.1.3",
|
||||
"should": "^13.2.3",
|
||||
"sinon": "^21.1.2"
|
||||
|
||||
+1
-1
@@ -109,7 +109,7 @@ let brand = {
|
||||
},
|
||||
about: {
|
||||
imageUrl: '../images/mirotalk-logo.gif',
|
||||
title: 'WebRTC P2P v1.8.03',
|
||||
title: 'WebRTC P2P v1.8.04',
|
||||
html: `
|
||||
<button
|
||||
id="support-button"
|
||||
|
||||
+2
-2
@@ -15,7 +15,7 @@
|
||||
* @license For commercial use or closed source, contact us at license.mirotalk@gmail.com or purchase directly from CodeCanyon
|
||||
* @license CodeCanyon: https://codecanyon.net/item/mirotalk-p2p-webrtc-realtime-video-conferences/38376661
|
||||
* @author Miroslav Pejic - miroslav.pejic.85@gmail.com
|
||||
* @version 1.8.03
|
||||
* @version 1.8.04
|
||||
*
|
||||
*/
|
||||
|
||||
@@ -14966,7 +14966,7 @@ function showAbout() {
|
||||
Swal.fire({
|
||||
background: swBg,
|
||||
position: 'center',
|
||||
title: brand.about?.title && brand.about.title.trim() !== '' ? brand.about.title : 'WebRTC P2P v1.8.03',
|
||||
title: brand.about?.title && brand.about.title.trim() !== '' ? brand.about.title : 'WebRTC P2P v1.8.04',
|
||||
imageUrl: brand.about?.imageUrl && brand.about.imageUrl.trim() !== '' ? brand.about.imageUrl : images.about,
|
||||
customClass: { image: 'img-about' },
|
||||
html: `
|
||||
|
||||
Reference in New Issue
Block a user