fix meshctrl with key=xxx and loginkey #6328

Signed-off-by: si458 <simonsmith5521@gmail.com>
2025-02-12 11:01:52 +00:00 · 2024-08-16 16:02:21 +01:00 · 2024-08-16 16:02:21 +01:00 · fa39f8a105
commit fa39f8a105
parent c1e3354c91
2 changed files with 10 additions and 3 deletions
--- a/meshctrl.js
+++ b/meshctrl.js
@ -1270,10 +1270,10 @@ function serverConnect() {
        var domainid = '', username = 'admin';
        if (args.logindomain != null) { domainid = args.logindomain; }
        if (args.loginuser != null) { username = args.loginuser; }
-        url += '?auth=' + encodeCookie({ userid: 'user/' + domainid + '/' + username, domainid: domainid }, ckey);
+        url += (url.indexOf('?key=') >= 0 ? '&auth=' : '?auth=') + encodeCookie({ userid: 'user/' + domainid + '/' + username, domainid: domainid }, ckey);
    } else {
        if (args.logindomain != null) { console.log("--logindomain can only be used along with --loginkey."); process.exit(); return; }
-        if (loginCookie != null) { url += '?auth=' + loginCookie; }
+        if (loginCookie != null) { url += (url.indexOf('?key=') >= 0 ? '&auth=' : '?auth=') + loginCookie; }
    }

    const ws = new WebSocket(url, options);
@ -2401,6 +2401,8 @@ function serverConnect() {
                if (data.cause == 'noauth') {
                    if (data.msg == 'tokenrequired') {
                        console.log('Authentication token required, use --token [number].');
+                    } else if (data.msg == 'nokey') {
+                        console.log('URL key is invalid or missing, please specify ?key=xxx in url');
                    } else {
                        if ((args.loginkeyfile != null) || (args.loginkey != null)) {
                            console.log('Invalid login, check the login key and that this computer has the correct time.');
--- a/webserver.js
+++ b/webserver.js
@ -6573,12 +6573,17 @@ module.exports.CreateWebServer = function (parent, db, args, certificates, doneF
                            try { ws.close(); } catch (ex) { }
                            return;
                        }
-                        if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { ws.close(); return; } // Check 3FA URL key
+                        if ((domain.loginkey != null) && (domain.loginkey.indexOf(req.query.key) == -1)) { // Check 3FA URL key
+                            try { ws.send(JSON.stringify({ action: 'close', cause: 'noauth', msg: 'nokey' })); } catch (ex) { }
+                            try { ws.close(); } catch (ex) { }
+                            return;
+                        }
                        PerformWSSessionAuth(ws, req, true, function (ws1, req1, domain, user, cookie, authData) {
                            if (user == null) { // User is not authenticated, perform inner server authentication
                                if (req.headers['x-meshauth'] === '*') {
                                    PerformWSSessionInnerAuth(ws, req, domain, function (ws1, req1, domain, user) { obj.meshUserHandler.CreateMeshUser(obj, obj.db, ws1, req1, obj.args, domain, user, authData); }); // User is authenticated
                                } else {
+                                    try { ws.send(JSON.stringify({ action: 'close', cause: 'noauth', msg: 'noauth' })); } catch (ex) { }
                                    try { ws.close(); } catch (ex) { } // user is not authenticated and inner authentication was not requested, disconnect now.
                                }
                            } else {