From ecd09c90735bddf3f64fe78e47681b6a1b608014 Mon Sep 17 00:00:00 2001 From: JayWll Date: Sat, 25 Apr 2020 15:30:47 -0600 Subject: [PATCH] Locking down settings --- nodeapp/app.js | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/nodeapp/app.js b/nodeapp/app.js index b61ba4d..0180877 100644 --- a/nodeapp/app.js +++ b/nodeapp/app.js @@ -57,6 +57,11 @@ app.get('/exportall', (req, res) => { // Handle requests for /showsettings by retrieving all settings from the database and returning a JSON object app.get('/showsettings', (req, res) => { + // Check that the expected key has been included with the web request + if (!req.headers['export-key'] || req.headers['export-key'] != process.env.SECRET) { + return res.status(401).send('Authorization header not found').end(); + } + db.Settings.findAll().then((result) => { res.status(200).send(result).end(); })