From d071e68a56874fdba7c3d3975d3c82f5a1cb598f Mon Sep 17 00:00:00 2001
From: James Magahern <jmagahern@apple.com>
Date: Thu, 6 Jul 2023 15:27:12 -0700
Subject: [PATCH] Security: adds authentication to updates websocket operation

---
 kordophone/Bridge/MBIMHTTPConnection.m | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/kordophone/Bridge/MBIMHTTPConnection.m b/kordophone/Bridge/MBIMHTTPConnection.m
index a36a444..e81e45f 100644
--- a/kordophone/Bridge/MBIMHTTPConnection.m
+++ b/kordophone/Bridge/MBIMHTTPConnection.m
@@ -13,6 +13,7 @@
 #import "MBIMBridgeOperation.h"
 #import "MBIMAuthToken.h"
 #import "MBIMUpdateQueue.h"
+#import "MBIMURLUtilities.h"
 
 #import <Security/Security.h>
 #import <CocoaHTTPServer/HTTPMessage.h>
@@ -130,7 +131,14 @@
 {
     NSURL *url = [NSURL URLWithString:path];
     NSString *endpointName = [url lastPathComponent];
+    NSString *authTokenString = [url valueForQueryItemWithName:@"token"];
+    MBIMAuthToken *authToken = [[MBIMAuthToken alloc] initWithTokenString:authTokenString];
+    
     if ([endpointName isEqualToString:@"updates"]) {
+        if (![authToken isValid]) {
+            return nil;
+        }
+        
         return [[MBIMUpdateQueue sharedInstance] vendUpdateWebSocketConsumerForRequest:request socket:asyncSocket];
     }