refactor: ensure only a given install can access its access tokens with the app-install-get-access-token route
This commit is contained in:
parent
d962eb5304
commit
346849cc8c
|
@ -15,6 +15,7 @@ import (
|
||||||
"gorm.io/gorm"
|
"gorm.io/gorm"
|
||||||
"io"
|
"io"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"strconv"
|
||||||
"strings"
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
@ -128,6 +129,21 @@ func githubRestVerifyMiddleware(db *gorm.DB) mux.MiddlewareFunc {
|
||||||
http.Error(w, err.Error(), http.StatusBadRequest)
|
http.Error(w, err.Error(), http.StatusBadRequest)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if mux.CurrentRoute(r).GetName() == "app-install-get-access-token" {
|
||||||
|
installId := mux.Vars(r)["installation_id"]
|
||||||
|
|
||||||
|
installIdInt, err := strconv.Atoi(installId)
|
||||||
|
if err != nil {
|
||||||
|
http.Error(w, "Invalid Install", http.StatusUnauthorized)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if appId != uint(installIdInt) {
|
||||||
|
http.Error(w, "Invalid Install", http.StatusUnauthorized)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
addAuthStatusToRequestServ(true, r, w, next)
|
addAuthStatusToRequestServ(true, r, w, next)
|
||||||
|
|
Loading…
Reference in New Issue