1
0
Fork 0
mirror of https://github.com/alangrainger/immich-public-proxy.git synced 2025-01-28 02:02:42 +01:00

Improve handling of expired password

This commit is contained in:
Alan Grainger 2025-01-13 13:36:05 +08:00
parent a3095897ef
commit 309c8cc0ce
2 changed files with 3 additions and 6 deletions

View file

@ -40,11 +40,6 @@ const checkPassword = (req: Request, res: Response, next: NextFunction) => {
}))
if (payload?.expires && dayjs(payload.expires) > dayjs()) {
req.password = payload.password
} else {
log(`Attempted to load assets from ${req.params.key} with an expired decryption token`)
// Send 404 rather than 401 so as not to provide information to an attacker that there is "something" at this path
res.status(404).send()
return
}
} catch (e) { }
}

View file

@ -45,14 +45,16 @@
async function submitForm (formElement) {
const formData = new FormData(formElement)
try {
// Validate password
const res = await fetch('/share/unlock', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(Object.fromEntries(formData.entries()))
})
if (res.status === 200) {
// Valid password - redirect to the gallery
const params = await res.json()
window.location = window.location + '?' + new URLSearchParams(params).toString()
window.location = window.location.href.split('?')[0] + '?' + new URLSearchParams(params).toString()
}
} catch (e) { }
}