mleku/next.orly.dev
1
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

fix auth-required not sending immediate challenge, benchmark leak

Browse Source
This commit is contained in:
mleku
2025-11-18 18:21:11 +00:00
parent 038d1959ed
commit 1d4d877a10
6 changed files with 615 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/handle-event.go
View File

@@ -253,6 +253,12 @@ func (l *Listener) HandleEvent(msg []byte) (err error) {
).Write(l); chk.E(err) {
return
}
// Send AUTH challenge to prompt authentication
log.D.F("HandleEvent: sending AUTH challenge to %s", l.remote)
if err = authenvelope.NewChallengeWith(l.challenge.Load()).
Write(l); chk.E(err) {
return
}
return
}

3
app/handle-websocket.go
View File

@@ -118,7 +118,8 @@ whitelist:
chal := make([]byte, 32)
rand.Read(chal)
listener.challenge.Store([]byte(hex.Enc(chal)))
if s.Config.ACLMode != "none" {
// Send AUTH challenge if ACL mode requires it, or if auth is required/required for writes
if s.Config.ACLMode != "none" || s.Config.AuthRequired || s.Config.AuthToWrite {
log.D.F("sending AUTH challenge to %s", remote)
if err = authenvelope.NewChallengeWith(listener.challenge.Load()).
Write(listener); chk.E(err) {