weyne/dcs-retribution
1
0
Fork 0
mirror of https://github.com/dcs-retribution/dcs-retribution.git synced 2025-11-10 15:41:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add API key authentication.

Browse Source 
We don't have any sensitive data, but we do access the file system. On
the off chance that some phishing website decides to try to use
Liberation as an attack vector, prevent access to the API by
unauthorized applications. An API key is generated at each program start
and passed to the front end via the QWebChannel.
This commit is contained in:
Dan Albert
2022-02-19 14:41:39 -08:00
parent 09457d8aab
commit 77d29e314c
5 changed files with 36 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
resources/ui/map/map.js
View File

@@ -3,10 +3,15 @@ const ENABLE_EXPENSIVE_DEBUG_TOOLS = false;
const HTTP_BACKEND = "http://[::1]:5000";
const WS_BACKEND = "ws://[::1]:5000/eventstream";
// Uniquely generated at startup and passed to use by the QWebChannel.
var API_KEY = null;
function getJson(endpoint) {
return fetch(`${HTTP_BACKEND}${endpoint}`).then((response) =>
response.json()
);
return fetch(`${HTTP_BACKEND}${endpoint}`, {
headers: {
"X-API-Key": API_KEY,
},
}).then((response) => response.json());
}
const Colors = Object.freeze({
@@ -356,6 +361,7 @@ new QWebChannel(qt.webChannelTransport, function (channel) {
});
game = channel.objects.game;
API_KEY = game.apiKey;
drawInitialMap();
game.cleared.connect(clearAllLayers);
game.mapCenterChanged.connect(recenterMap);