auth.js: fix auth that let's everyone in

Even with authorized_keys being set, If noscraper is enabled in config, Then an unexpected behavior will occurs due to bad code on auth.js. See the following diff for details. Signed-off-by: Yonle <yonle@lecturify.net>
Yonle · Aug 1, 2024 · 49181f4 · 49181f4
1 parent 8b131e2
commit 49181f4
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/auth.js b/auth.js
@@ -18,7 +18,9 @@ module.exports = (authKey, data, ws, req) => {
     return false;
   }
 
-  if (!authorized_keys?.includes(data.pubkey) && !private_keys[data.pubkey] && !noscraper) {
+  let pubkeyInConfig = authorized_keys?.includes(data.pubkey) || data.pubkey in private_keys;
+
+  if (authorized_keys?.length && !pubkeyInConfig) {
     ws.send(JSON.stringify(["OK", data.id, false, "unauthorized."]));
     return false;
   }