Check websocket RPC auth for every method.
Previously, the createencryptedwallet and stop requests did not check that the client had successfully authenticated to the server. This change moves the check outside of the select statement for these special cased handlers (previously run from the default case) so an auth check will occur even if a request method does not match either of these two.
This commit is contained in:
Josh Rickmar
parent
757244a8da
commit
5615e3530a
1 changed files with 9 additions and 6 deletions
15
rpcserver.go
15
rpcserver.go
|
|
@ -761,8 +761,7 @@ out:
|
|||
continue
|
||||
}
|
||||
|
||||
switch raw.Method {
|
||||
case "authenticate":
|
||||
if raw.Method == "authenticate" {
|
||||
if wsc.authenticated || s.invalidAuth(request) {
|
||||
// Disconnect immediately.
|
||||
break out
|
||||
|
|
@ -778,7 +777,15 @@ out:
|
|||
if err != nil {
|
||||
break out
|
||||
}
|
||||
continue
|
||||
}
|
||||
|
||||
if !wsc.authenticated {
|
||||
// Disconnect immediately.
|
||||
break out
|
||||
}
|
||||
|
||||
switch raw.Method {
|
||||
case "createencryptedwallet":
|
||||
result, err := s.handleCreateEncryptedWallet(request)
|
||||
resp := makeResponse(raw.ID, result, err)
|
||||
|
|
@ -807,10 +814,6 @@ out:
|
|||
}
|
||||
|
||||
default:
|
||||
if !wsc.authenticated {
|
||||
// Disconnect immediately.
|
||||
break out
|
||||
}
|
||||
f := s.HandlerClosure(raw.Method)
|
||||
wsc.wg.Add(1)
|
||||
go func(request []byte, raw *rawRequest) {
|
||||
|
|
|
|||
Loading…
Reference in a new issue