Compare commits

...

1 Commits

Author SHA1 Message Date
AAGaming 30a538e85e FINALLY fix the multiple injections bug 2022-08-13 23:58:57 -04:00
3 changed files with 4 additions and 3 deletions
+4 -1
View File
@@ -1,6 +1,7 @@
import certifi
import ssl
import uuid
import re
from aiohttp.web import middleware, Response
from subprocess import check_output
@@ -12,6 +13,8 @@ ssl_ctx = ssl.create_default_context(cafile=certifi.where())
user = None
group = None
assets_regex = re.compile("^/plugins/.*/assets/.*")
def get_ssl_context():
return ssl_ctx
@@ -20,7 +23,7 @@ def get_csrf_token():
@middleware
async def csrf_middleware(request, handler):
if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/legacy/") or str(request.rel_url).startswith("/steam_resource/"):
if str(request.method) == "OPTIONS" or request.headers.get('Authentication') == csrf_token or str(request.rel_url) == "/auth/token" or str(request.rel_url).startswith("/plugins/load_main/") or str(request.rel_url).startswith("/static/") or str(request.rel_url).startswith("/legacy/") or str(request.rel_url).startswith("/steam_resource/") or assets_regex.match(str(request.rel_url)):
return await handler(request)
return Response(text='Forbidden', status='403')
-1
View File
@@ -62,7 +62,6 @@ class PluginManager:
self.updater = Updater(self)
jinja_setup(self.web_app)
self.web_app.on_startup.append(self.inject_javascript)
if CONFIG["chown_plugin_path"] == True:
self.web_app.on_startup.append(chown_plugin_dir)
self.loop.create_task(self.loader_reinjector())
-1
View File
@@ -15,7 +15,6 @@ declare global {
}
(async () => {
window.deckyHasLoaded = true;
await sleep(1000);
window.deckyAuthToken = await fetch('http://127.0.0.1:1337/auth/token').then((r) => r.text());
window.DeckyPluginLoader?.dismountAll();