fixed critical security issues
This commit is contained in:
@@ -1,6 +1,7 @@
|
||||
package document_scraper
|
||||
|
||||
import (
|
||||
"crypto/subtle"
|
||||
"strings"
|
||||
"tm/pkg/response"
|
||||
|
||||
@@ -25,7 +26,7 @@ func APIKeyMiddleware(apiKey string) echo.MiddlewareFunc {
|
||||
return response.Unauthorized(c, "API key required. Use X-API-Key header or Authorization: ApiKey <key>")
|
||||
}
|
||||
|
||||
if apiKeyHeader != apiKey {
|
||||
if subtle.ConstantTimeCompare([]byte(apiKeyHeader), []byte(apiKey)) != 1 {
|
||||
return response.Unauthorized(c, "Invalid API key")
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user