mirror of
https://github.com/advplyr/audiobookshelf.git
synced 2026-05-25 21:01:31 +00:00
Update socket events to check client is admin & validate log level
This commit is contained in:
advplyr
parent
47ea6b5092
commit
b0aaa24660
1 changed files with 22 additions and 2 deletions
|
|
@ -3,6 +3,7 @@ const Logger = require('./Logger')
|
||||||
const Database = require('./Database')
|
const Database = require('./Database')
|
||||||
const TokenManager = require('./auth/TokenManager')
|
const TokenManager = require('./auth/TokenManager')
|
||||||
const CoverSearchManager = require('./managers/CoverSearchManager')
|
const CoverSearchManager = require('./managers/CoverSearchManager')
|
||||||
|
const { LogLevel } = require('./utils/constants')
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @typedef SocketClient
|
* @typedef SocketClient
|
||||||
|
|
@ -85,6 +86,14 @@ class SocketAuthority {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
requireAdminSocket(socket, eventName) {
|
||||||
|
const client = this.clients[socket.id]
|
||||||
|
if (client?.user?.isAdminOrUp) return true
|
||||||
|
|
||||||
|
Logger.warn(`[SocketAuthority] Unauthorized ${eventName} socket event from socket ${socket.id}`)
|
||||||
|
return false
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Emits event with library item to all clients that can access the library item
|
* Emits event with library item to all clients that can access the library item
|
||||||
* Note: Emits toOldJSONExpanded()
|
* Note: Emits toOldJSONExpanded()
|
||||||
|
|
@ -179,14 +188,25 @@ class SocketAuthority {
|
||||||
socket.on('auth', (token) => this.authenticateSocket(socket, token))
|
socket.on('auth', (token) => this.authenticateSocket(socket, token))
|
||||||
|
|
||||||
// Scanning
|
// Scanning
|
||||||
socket.on('cancel_scan', (libraryId) => this.cancelScan(libraryId))
|
socket.on('cancel_scan', (libraryId) => {
|
||||||
|
if (!this.requireAdminSocket(socket, 'cancel_scan')) return
|
||||||
|
this.cancelScan(libraryId)
|
||||||
|
})
|
||||||
|
|
||||||
// Cover search streaming
|
// Cover search streaming
|
||||||
socket.on('search_covers', (payload) => this.handleCoverSearch(socket, payload))
|
socket.on('search_covers', (payload) => this.handleCoverSearch(socket, payload))
|
||||||
socket.on('cancel_cover_search', (requestId) => this.handleCancelCoverSearch(socket, requestId))
|
socket.on('cancel_cover_search', (requestId) => this.handleCancelCoverSearch(socket, requestId))
|
||||||
|
|
||||||
// Logs
|
// Logs
|
||||||
socket.on('set_log_listener', (level) => Logger.addSocketListener(socket, level))
|
socket.on('set_log_listener', (level) => {
|
||||||
|
if (!this.requireAdminSocket(socket, 'set_log_listener')) return
|
||||||
|
|
||||||
|
if (!Number.isInteger(level) || !Object.values(LogLevel).includes(level)) {
|
||||||
|
Logger.warn(`[SocketAuthority] Invalid set_log_listener level from socket ${socket.id}`)
|
||||||
|
return
|
||||||
|
}
|
||||||
|
Logger.addSocketListener(socket, level)
|
||||||
|
})
|
||||||
socket.on('remove_log_listener', () => Logger.removeSocketListener(socket.id))
|
socket.on('remove_log_listener', () => Logger.removeSocketListener(socket.id))
|
||||||
|
|
||||||
// Sent automatically from socket.io clients
|
// Sent automatically from socket.io clients
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue