From c9aeccb2ab260ceedc126e6e366da8cd13ece4b2 Mon Sep 17 00:00:00 2001 From: syuilo Date: Sun, 20 Aug 2023 10:00:10 +0900 Subject: [PATCH] =?UTF-8?q?fix(backend):=20=E3=82=B8=E3=83=A7=E3=83=96?= =?UTF-8?q?=E3=82=AD=E3=83=A5=E3=83=BC=E7=AE=A1=E7=90=86=E7=94=BB=E9=9D=A2?= =?UTF-8?q?=E3=81=AE=E8=AA=8D=E8=A8=BC=E3=82=92=E5=9B=9E=E9=81=BF=E3=81=A7?= =?UTF-8?q?=E3=81=8D=E3=82=8B=E5=95=8F=E9=A1=8C=E3=82=92=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- CHANGELOG.md | 1 + packages/backend/src/server/web/ClientServerService.ts | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5d9301d74d..38dcddaa91 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -39,6 +39,7 @@ - ファイルアップロード時等にファイル名の拡張子を修正する関数(correctFilename)の挙動を改善 - Fix: 一部のfeatured noteを照会できない問題を修正 - Fix: muteがapiからのuser list timeline取得で機能しない問題を修正 +- Fix: ジョブキュー管理画面の認証を回避できる問題を修正 ## 13.14.2 diff --git a/packages/backend/src/server/web/ClientServerService.ts b/packages/backend/src/server/web/ClientServerService.ts index b2b443cf36..25f59914ff 100644 --- a/packages/backend/src/server/web/ClientServerService.ts +++ b/packages/backend/src/server/web/ClientServerService.ts @@ -143,7 +143,9 @@ export class ClientServerService { // Authenticate fastify.addHook('onRequest', async (request, reply) => { - if (request.url === bullBoardPath || request.url.startsWith(bullBoardPath + '/')) { + // %71ueueとかでリクエストされたら困るため + const url = decodeURI(request.url); + if (url === bullBoardPath || url.startsWith(bullBoardPath + '/')) { const token = request.cookies.token; if (token == null) { reply.code(401);