buzzert/Kordophone
Private
Public Access
1
0
Fork 0
Code Packages Activity

Security: adds authentication to updates websocket operation

Browse Source
This commit is contained in:
James Magahern
2023-07-06 15:27:12 -07:00
parent 2f5d50188b
commit d071e68a56
1 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
kordophone/Bridge/MBIMHTTPConnection.m
View File

@@ -13,6 +13,7 @@
#import "MBIMBridgeOperation.h" #import "MBIMBridgeOperation.h"
#import "MBIMAuthToken.h" #import "MBIMAuthToken.h"
#import "MBIMUpdateQueue.h" #import "MBIMUpdateQueue.h"
#import "MBIMURLUtilities.h"
#import <Security/Security.h> #import <Security/Security.h>
#import <CocoaHTTPServer/HTTPMessage.h> #import <CocoaHTTPServer/HTTPMessage.h>
@@ -130,7 +131,14 @@
{ {
NSURL *url = [NSURL URLWithString:path]; NSURL *url = [NSURL URLWithString:path];
NSString *endpointName = [url lastPathComponent]; NSString *endpointName = [url lastPathComponent];
NSString *authTokenString = [url valueForQueryItemWithName:@"token"];
MBIMAuthToken *authToken = [[MBIMAuthToken alloc] initWithTokenString:authTokenString];
if ([endpointName isEqualToString:@"updates"]) { if ([endpointName isEqualToString:@"updates"]) {
if (![authToken isValid]) {
return nil;
}
return [[MBIMUpdateQueue sharedInstance] vendUpdateWebSocketConsumerForRequest:request socket:asyncSocket]; return [[MBIMUpdateQueue sharedInstance] vendUpdateWebSocketConsumerForRequest:request socket:asyncSocket];
} }