Buriburizaemon/nodewarden
1
0
Fork 0
mirror of https://github.com/shuaiplus/nodewarden.git synced 2026-06-20 13:00:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor JWT_SECRET handling and add setup warning page

Browse Source
This commit is contained in:
shuaiplus
2026-02-08 21:27:13 +08:00
parent f13ba90ebe
commit 5fc2436552
12 changed files with 1024 additions and 780 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/router.ts
+7
View File
@@ -89,6 +89,7 @@ export async function handleRequest(request: Request, env: Env): Promise<Respons
// Route matching
try {
// Setup page (root)
if (path === '/' && method === 'GET') {
return handleSetupPage(request, env);
@@ -181,6 +182,12 @@ export async function handleRequest(request: Request, env: Env): Promise<Respons
return handleRegister(request, env);
}
// If JWT_SECRET is not safely configured, block any other endpoints.
const secret = (env.JWT_SECRET || '').trim();
if (!secret || secret.length < 32) {
return errorResponse('Server configuration error: JWT_SECRET is not set or too weak', 500);
}
// All other API endpoints require authentication
const auth = new AuthService(env);
const authHeader = request.headers.get('Authorization');