mestima/GM-Discord
1
0
Fork 0
mirror of https://github.com/Mestima/GM-Discord.git synced 2025-05-06 06:10:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

node webpart request security fix

Browse Source
This commit is contained in:
Mestima 2020-08-26 18:53:08 +03:00
parent 06580802e1
commit 52d332450b
No known key found for this signature in database
GPG Key ID: 30B59EB1D7F18807
3 changed files with 27 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
web/nodejs/config_sample.json
View File

@ -3,5 +3,6 @@
"token": "", "token": "",
"channel": "", "channel": "",
"webhook": "", "webhook": "",
"security": true,
"debug": false "debug": false
} }

12
web/nodejs/dist/index.js vendored
View File

@ -12,6 +12,7 @@ const port = config.port;
const webhook = config.webhook; const webhook = config.webhook;
const channel = config.channel; const channel = config.channel;
const token = config.token; const token = config.token;
const security = config.security;
const debug = config.debug; const debug = config.debug;
app.post("/send", (req, res) => { app.post("/send", (req, res) => {
const content = req.query.content; const content = req.query.content;
@ -42,6 +43,17 @@ app.post("/send", (req, res) => {
}); });
}); });
app.get("/request", (req, res) => { app.get("/request", (req, res) => {
if (security) {
const postToken = req.query.token;
const postChannel = req.query.channel;
if (channel != postChannel || token != postToken) {
const err = `error: unknown token or channel`;
if (debug) {
console.log(err);
}
return res.send(err);
}
}
node_fetch_1.default(`https://discordapp.com/api/channels/${channel}/messages?token=Bot ${token}`) node_fetch_1.default(`https://discordapp.com/api/channels/${channel}/messages?token=Bot ${token}`)
.then(discordRes => discordRes.json()) .then(discordRes => discordRes.json())
.then(json => { .then(json => {

14
web/nodejs/index.ts
View File

@ -10,6 +10,8 @@ const port = config.port;
const webhook = config.webhook; const webhook = config.webhook;
const channel = config.channel; const channel = config.channel;
const token = config.token; const token = config.token;
const security = config.security;
const debug = config.debug; const debug = config.debug;
app.post("/send", (req, res) => { app.post("/send", (req, res) => {
@ -45,6 +47,18 @@ app.post("/send", (req, res) => {
}); });
app.get("/request", (req, res) => { app.get("/request", (req, res) => {
if (security) {
const postToken: any = req.query.token;
const postChannel: any = req.query.channel;
if (channel != postChannel || token != postToken) {
const err = `error: unknown token or channel`;
if (debug) {
console.log(err);
}
return res.send(err);
}
}
fetch(`https://discordapp.com/api/channels/${channel}/messages?token=Bot ${token}`) fetch(`https://discordapp.com/api/channels/${channel}/messages?token=Bot ${token}`)
.then(discordRes => discordRes.json()) .then(discordRes => discordRes.json())
.then(json => { .then(json => {