Merge branch 'main' into glitch-soc/merge-upstream
Conflicts: - `.github/workflows/build-image.yml`: Upstream switched to pushing to both DockerHub and GitHub Container Repository, while glitch-soc was already pushing to the latter only. Updated our configuration to be slightly more consistent with upstream's naming and styling, but kept our behavior. - `Gemfile.lock`: Updated dependencies textually too close to glitch-soc only hcaptcha dependency. Updated dependencies as upstream did. - `README.md`: Upstream updated its README, but we have a completely different one. Kept our README, though it probably should be reworked at some point. - `app/views/auth/sessions/two_factor.html.haml`: Minor style fix upstream that's on a line glitch-soc removed because of its different theming system. Kept our file as is. - `spec/controllers/health_controller_spec.rb`: This file apparently did not exist upstream, upstream created it with different contents but it is functionally the same. Switched to upstream's version of the file. - `spec/presenters/instance_presenter_spec.rb`: Upstream changed the specs around `GITHUB_REPOSITORY`, while glitch-soc had its own code because it's a fork and does not have the same default source URL. Took upstream's change, but with glitch-soc's repo as the default case. - `yarn.lock`: Upstream dependencies textually too close to a glitch-soc only one. Updated dependencies as upstream did.
This commit is contained in:
@@ -16,7 +16,6 @@ const WebSocket = require('ws');
|
||||
const { JSDOM } = require('jsdom');
|
||||
|
||||
const env = process.env.NODE_ENV || 'development';
|
||||
const alwaysRequireAuth = process.env.LIMITED_FEDERATION_MODE === 'true' || process.env.WHITELIST_MODE === 'true' || process.env.AUTHORIZED_FETCH === 'true';
|
||||
|
||||
dotenv.config({
|
||||
path: env === 'production' ? '.env.production' : '.env',
|
||||
@@ -347,22 +346,17 @@ const startWorker = async (workerId) => {
|
||||
* @param {boolean=} required
|
||||
* @return {Promise.<void>}
|
||||
*/
|
||||
const accountFromRequest = (req, required = true) => new Promise((resolve, reject) => {
|
||||
const accountFromRequest = (req) => new Promise((resolve, reject) => {
|
||||
const authorization = req.headers.authorization;
|
||||
const location = url.parse(req.url, true);
|
||||
const accessToken = location.query.access_token || req.headers['sec-websocket-protocol'];
|
||||
|
||||
if (!authorization && !accessToken) {
|
||||
if (required) {
|
||||
const err = new Error('Missing access token');
|
||||
err.status = 401;
|
||||
const err = new Error('Missing access token');
|
||||
err.status = 401;
|
||||
|
||||
reject(err);
|
||||
return;
|
||||
} else {
|
||||
resolve();
|
||||
return;
|
||||
}
|
||||
reject(err);
|
||||
return;
|
||||
}
|
||||
|
||||
const token = authorization ? authorization.replace(/^Bearer /, '') : accessToken;
|
||||
@@ -466,7 +460,7 @@ const startWorker = async (workerId) => {
|
||||
// variables. OAuth scope checks are moved to the point of subscription
|
||||
// to a specific stream.
|
||||
|
||||
accountFromRequest(info.req, alwaysRequireAuth).then(() => {
|
||||
accountFromRequest(info.req).then(() => {
|
||||
callback(true, undefined, undefined);
|
||||
}).catch(err => {
|
||||
log.error(info.req.requestId, err.toString());
|
||||
@@ -540,7 +534,7 @@ const startWorker = async (workerId) => {
|
||||
return;
|
||||
}
|
||||
|
||||
accountFromRequest(req, alwaysRequireAuth).then(() => checkScopes(req, channelNameFromPath(req))).then(() => {
|
||||
accountFromRequest(req).then(() => checkScopes(req, channelNameFromPath(req))).then(() => {
|
||||
subscribeHttpToSystemChannel(req, res);
|
||||
}).then(() => {
|
||||
next();
|
||||
|
Reference in New Issue
Block a user