mirror of
https://github.com/Jackett/Jackett
synced 2025-01-04 06:22:45 +00:00
core: security fix, authorization first in download / blackhole links (#6825)
This commit is contained in:
parent
7e93a86ae0
commit
45b205ddc3
2 changed files with 12 additions and 12 deletions
|
@ -20,14 +20,14 @@ namespace Jackett.Server.Controllers
|
|||
{
|
||||
private Logger logger;
|
||||
private IIndexerManagerService indexerService;
|
||||
private readonly ServerConfig serverConfig;
|
||||
private ServerConfig serverConfig;
|
||||
private IProtectionService protectionService;
|
||||
|
||||
public BlackholeController(IIndexerManagerService i, Logger l, ServerConfig config, IProtectionService ps)
|
||||
public BlackholeController(IIndexerManagerService i, Logger l, ServerConfig sConfig, IProtectionService ps)
|
||||
{
|
||||
logger = l;
|
||||
indexerService = i;
|
||||
serverConfig = config;
|
||||
serverConfig = sConfig;
|
||||
protectionService = ps;
|
||||
}
|
||||
|
||||
|
@ -37,6 +37,9 @@ namespace Jackett.Server.Controllers
|
|||
var jsonReply = new JObject();
|
||||
try
|
||||
{
|
||||
if (serverConfig.APIKey != jackett_apikey)
|
||||
return Unauthorized();
|
||||
|
||||
var indexer = indexerService.GetWebIndexer(indexerID);
|
||||
if (!indexer.IsConfigured)
|
||||
{
|
||||
|
@ -44,9 +47,6 @@ namespace Jackett.Server.Controllers
|
|||
throw new Exception("This indexer is not configured.");
|
||||
}
|
||||
|
||||
if (serverConfig.APIKey != jackett_apikey)
|
||||
throw new Exception("Incorrect API key");
|
||||
|
||||
path = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(path));
|
||||
path = protectionService.UnProtect(path);
|
||||
var remoteFile = new Uri(path, UriKind.RelativeOrAbsolute);
|
||||
|
|
|
@ -17,14 +17,14 @@ namespace Jackett.Server.Controllers
|
|||
[Route("dl/{indexerID}")]
|
||||
public class DownloadController : Controller
|
||||
{
|
||||
private ServerConfig config;
|
||||
private ServerConfig serverConfig;
|
||||
private Logger logger;
|
||||
private IIndexerManagerService indexerService;
|
||||
private IProtectionService protectionService;
|
||||
|
||||
public DownloadController(IIndexerManagerService i, Logger l, IProtectionService ps, ServerConfig serverConfig)
|
||||
public DownloadController(IIndexerManagerService i, Logger l, IProtectionService ps, ServerConfig sConfig)
|
||||
{
|
||||
config = serverConfig;
|
||||
serverConfig = sConfig;
|
||||
logger = l;
|
||||
indexerService = i;
|
||||
protectionService = ps;
|
||||
|
@ -35,6 +35,9 @@ namespace Jackett.Server.Controllers
|
|||
{
|
||||
try
|
||||
{
|
||||
if (serverConfig.APIKey != jackett_apikey)
|
||||
return Unauthorized();
|
||||
|
||||
var indexer = indexerService.GetWebIndexer(indexerID);
|
||||
|
||||
if (!indexer.IsConfigured)
|
||||
|
@ -46,9 +49,6 @@ namespace Jackett.Server.Controllers
|
|||
path = Encoding.UTF8.GetString(WebEncoders.Base64UrlDecode(path));
|
||||
path = protectionService.UnProtect(path);
|
||||
|
||||
if (config.APIKey != jackett_apikey)
|
||||
return Unauthorized();
|
||||
|
||||
var target = new Uri(path, UriKind.RelativeOrAbsolute);
|
||||
var downloadBytes = await indexer.Download(target);
|
||||
|
||||
|
|
Loading…
Reference in a new issue