mirror of
https://github.com/alangrainger/immich-public-proxy.git
synced 2025-01-28 02:02:42 +01:00
Improve handling of expired password
This commit is contained in:
parent
a3095897ef
commit
309c8cc0ce
2 changed files with 3 additions and 6 deletions
app
|
@ -40,11 +40,6 @@ const checkPassword = (req: Request, res: Response, next: NextFunction) => {
|
|||
}))
|
||||
if (payload?.expires && dayjs(payload.expires) > dayjs()) {
|
||||
req.password = payload.password
|
||||
} else {
|
||||
log(`Attempted to load assets from ${req.params.key} with an expired decryption token`)
|
||||
// Send 404 rather than 401 so as not to provide information to an attacker that there is "something" at this path
|
||||
res.status(404).send()
|
||||
return
|
||||
}
|
||||
} catch (e) { }
|
||||
}
|
||||
|
|
|
@ -45,14 +45,16 @@
|
|||
async function submitForm (formElement) {
|
||||
const formData = new FormData(formElement)
|
||||
try {
|
||||
// Validate password
|
||||
const res = await fetch('/share/unlock', {
|
||||
method: 'POST',
|
||||
headers: { 'Content-Type': 'application/json' },
|
||||
body: JSON.stringify(Object.fromEntries(formData.entries()))
|
||||
})
|
||||
if (res.status === 200) {
|
||||
// Valid password - redirect to the gallery
|
||||
const params = await res.json()
|
||||
window.location = window.location + '?' + new URLSearchParams(params).toString()
|
||||
window.location = window.location.href.split('?')[0] + '?' + new URLSearchParams(params).toString()
|
||||
}
|
||||
} catch (e) { }
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue