chuan/CLIProxyAPI
1
0
Fork 0
mirror of https://github.com/router-for-me/CLIProxyAPI.git synced 2026-02-03 04:50:52 +08:00
Code Issues Packages Projects Releases Wiki Activity

Restrict management key validation to non-localhost requests only

Browse Source
This commit is contained in:
Luis Pater
2025-09-09 23:04:46 +08:00
parent d4dc7b0a34
commit 156e3b017d
1 changed files with 10 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
internal/api/handlers/management/handler.go
View File

@@ -65,6 +65,8 @@ func (h *Handler) Middleware() gin.HandlerFunc {
if provided == "" {
provided = c.GetHeader("X-Management-Key")
}
if !(clientIP == "127.0.0.1" || clientIP == "::1") {
if provided == "" {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "missing management key"})
return
@@ -74,6 +76,7 @@ func (h *Handler) Middleware() gin.HandlerFunc {
c.AbortWithStatusJSON(http.StatusUnauthorized, gin.H{"error": "invalid management key"})
return
}
}
c.Next()
}