From 9d5f8a1b0299dda4290f2a508ba6b98caacba33f Mon Sep 17 00:00:00 2001
From: Dominik Hebeler <dominik@suma-ev.de>
Date: Fri, 5 Apr 2024 09:57:14 +0200
Subject: [PATCH] check existing key on url parameter and header aswell

---
 pass/routes/key.js | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/pass/routes/key.js b/pass/routes/key.js
index a29fd9e..96d2a73 100644
--- a/pass/routes/key.js
+++ b/pass/routes/key.js
@@ -77,8 +77,16 @@ router.get("/remove", (req, res) => {
 });
 
 router.get("/enter", function (req, res, next) {
-  if (req.cookies.key) {
-    Key.GET_KEY(req.cookies.key, false).then((key) => {
+  let key = null;
+  if (req.query.key) {
+    key = req.query.key;
+  } else if (req.headers.key) {
+    key = req.headers.key;
+  } else if (req.cookies.key) {
+    key = req.cookies.key;
+  }
+  if (key != null) {
+    Key.GET_KEY(key, false).then((key) => {
       res.redirect(
         `${res.locals.baseDir}/key/` + encodeURIComponent(key.get_key())
       );
@@ -117,7 +125,7 @@ router.post("/enter", upload.single("file"), async (req, res, next) => {
   if (typeof req.body.key === "string" && req.body.key.length > 0) {
     let input = req.body.key.trim();
     // Login via Login code
-    if(input.match(/^\d{6}$/)){
+    if (input.match(/^\d{6}$/)) {
       let prefix = "logincode:";
       let code = input;
       let key_from_code = await __redis_client.getdel(prefix + code);
@@ -129,12 +137,12 @@ router.post("/enter", upload.single("file"), async (req, res, next) => {
         return;
       }
     }
-     if(input.match(/^[0-9A-F]{32}$/i)){
-      input = [input.slice(0,8), input.slice(8,12),  input.slice(12,16),  input.slice(16,20),  input.slice(20,32)].join("-");
+    if (input.match(/^[0-9A-F]{32}$/i)) {
+      input = [input.slice(0, 8), input.slice(8, 12), input.slice(12, 16), input.slice(16, 20), input.slice(20, 32)].join("-");
     }
-    if(Key.IS_VALID_UUID(input) || input.match(/^[0-9a-zA-Z]{6}$/)){
+    if (Key.IS_VALID_UUID(input) || input.match(/^[0-9a-zA-Z]{6}$/)) {
       key = await Key.GET_KEY(input).then((key) => key.get_key());
-    }else{
+    } else {
       res.render("login/key", { errors: "The entered key is invalid. Please check your input." });
       return;
     }
-- 
GitLab