Karl/homepage
1
0
Fork 0
mirror of https://github.com/karl0ss/homepage.git synced 2025-05-04 22:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1019 from benphelps/issue-1007

Browse Source 
Fix: pass csrf token for unifi login
This commit is contained in:
shamoon 2023-02-17 14:12:07 -08:00 committed by GitHub
commit 79d199b321
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/widgets/unifi/proxy.js
View File

@ -42,12 +42,15 @@ async function getWidget(req) {
return widget; return widget;
} }
async function login(widget) { async function login(widget, csrfToken) {
const endpoint = (widget.prefix === udmpPrefix) ? "auth/login" : "login"; const endpoint = (widget.prefix === udmpPrefix) ? "auth/login" : "login";
const api = widgets?.[widget.type]?.api?.replace("{prefix}", ""); // no prefix for login url const api = widgets?.[widget.type]?.api?.replace("{prefix}", ""); // no prefix for login url
const loginUrl = new URL(formatApiCall(api, { endpoint, ...widget })); const loginUrl = new URL(formatApiCall(api, { endpoint, ...widget }));
const loginBody = { username: widget.username, password: widget.password, remember: true }; const loginBody = { username: widget.username, password: widget.password, remember: true };
const headers = { "Content-Type": "application/json" }; const headers = { "Content-Type": "application/json" };
if (csrfToken) {
headers["X-CSRF-TOKEN"] = csrfToken;
}
const [status, contentType, data, responseHeaders] = await httpProxy(loginUrl, { const [status, contentType, data, responseHeaders] = await httpProxy(loginUrl, {
method: "POST", method: "POST",
body: JSON.stringify(loginBody), body: JSON.stringify(loginBody),
@ -70,6 +73,7 @@ export default async function unifiProxyHandler(req, res) {
let [status, contentType, data, responseHeaders] = []; let [status, contentType, data, responseHeaders] = [];
let prefix = cache.get(`${prefixCacheKey}.${service}`); let prefix = cache.get(`${prefixCacheKey}.${service}`);
let csrfToken;
if (prefix === null) { if (prefix === null) {
// auto detect if we're talking to a UDM Pro, and cache the result so that we // auto detect if we're talking to a UDM Pro, and cache the result so that we
// don't make two requests each time data from Unifi is required // don't make two requests each time data from Unifi is required
@ -77,12 +81,12 @@ export default async function unifiProxyHandler(req, res) {
prefix = ""; prefix = "";
if (responseHeaders?.["x-csrf-token"]) { if (responseHeaders?.["x-csrf-token"]) {
prefix = udmpPrefix; prefix = udmpPrefix;
csrfToken = responseHeaders["x-csrf-token"];
} }
cache.put(`${prefixCacheKey}.${service}`, prefix); cache.put(`${prefixCacheKey}.${service}`, prefix);
} }
widget.prefix = prefix; widget.prefix = prefix;
const { endpoint } = req.query; const { endpoint } = req.query;
const url = new URL(formatApiCall(api, { endpoint, ...widget })); const url = new URL(formatApiCall(api, { endpoint, ...widget }));
const params = { method: "GET", headers: {} }; const params = { method: "GET", headers: {} };
@ -92,7 +96,10 @@ export default async function unifiProxyHandler(req, res) {
if (status === 401) { if (status === 401) {
logger.debug("Unifi isn't logged in or rejected the reqeust, attempting login."); logger.debug("Unifi isn't logged in or rejected the reqeust, attempting login.");
[status, contentType, data, responseHeaders] = await login(widget); if (responseHeaders?.["x-csrf-token"]) {
csrfToken = responseHeaders["x-csrf-token"];
}
[status, contentType, data, responseHeaders] = await login(widget, csrfToken);
if (status !== 200) { if (status !== 200) {
logger.error("HTTP %d logging in to Unifi. Data: %s", status, data); logger.error("HTTP %d logging in to Unifi. Data: %s", status, data);