additional security check when mac_address is included in ws setup
This commit is contained in:
parent
d52f6458c4
commit
cf3a4cd07c
3 changed files with 16 additions and 3 deletions
|
|
@ -363,7 +363,9 @@ void webSocketEvent(WStype_t type, const uint8_t *payload, size_t length)
|
|||
// wifiTask -> WIFIMANAGER::loop() -> WIFIMANAGER::tryConnect() -> connectCb() -> websocketSetup()
|
||||
void websocketSetup(const String& server_domain, int port, const String& path)
|
||||
{
|
||||
const String headers = "Authorization: Bearer " + String(authTokenGlobal);
|
||||
const String headers =
|
||||
"Authorization: Bearer " + String(authTokenGlobal) + "\r\n" +
|
||||
"mac_address: " + WiFi.macAddress() + "\r\n";
|
||||
|
||||
xSemaphoreTake(wsMutex, portMAX_DELAY);
|
||||
|
||||
|
|
|
|||
|
|
@ -121,7 +121,11 @@ server.on("upgrade", async (req, socket, head) => {
|
|||
let supabase: SupabaseClient;
|
||||
let authToken: string;
|
||||
try {
|
||||
const { authorization: authHeader, "x-wifi-rssi": rssi } = req.headers;
|
||||
const {
|
||||
authorization: authHeader,
|
||||
"x-wifi-rssi": rssi,
|
||||
mac_address,
|
||||
} = req.headers;
|
||||
authToken = authHeader?.replace("Bearer ", "") ?? "";
|
||||
const wifiStrength = parseInt(rssi as string); // Convert to number
|
||||
|
||||
|
|
@ -137,6 +141,13 @@ server.on("upgrade", async (req, socket, head) => {
|
|||
|
||||
supabase = getSupabaseClient(authToken as string);
|
||||
user = await authenticateUser(supabase, authToken as string);
|
||||
|
||||
const expectedMac = user.device?.mac_address;
|
||||
if (mac_address && mac_address !== expectedMac) {
|
||||
socket.write("HTTP/1.1 401 Unauthorized\r\n\r\n");
|
||||
socket.destroy();
|
||||
return;
|
||||
}
|
||||
} catch (_e: any) {
|
||||
socket.write("HTTP/1.1 401 Unauthorized\r\n\r\n");
|
||||
socket.destroy();
|
||||
|
|
|
|||
|
|
@ -23,7 +23,7 @@ export const getUserByEmail = async (
|
|||
email: string,
|
||||
): Promise<IUser> => {
|
||||
const { data, error } = await supabase.from("users").select(
|
||||
"*, language:languages(name), personality:personalities!users_personality_id_fkey(*), device:device_id(is_reset, is_ota, volume)",
|
||||
"*, language:languages(name), personality:personalities!users_personality_id_fkey(*), device:device_id(is_reset, is_ota, volume, mac_address)",
|
||||
).eq("email", email);
|
||||
|
||||
console.log("data", data, error);
|
||||
|
|
|
|||
Loading…
Reference in a new issue