Skip to content

Commit c6c4cba

Browse files
unocelliunocelli
committed
fix: protect daqstore.credentials
1 parent fe82348 commit c6c4cba

File tree

1 file changed

+7
-0
lines changed

1 file changed

+7
-0
lines changed

server/api/index.js

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,7 @@ var commandApi = require('./command');
2424
const reports = require('../dist/reports.service');
2525
const reportsApi = new reports.ReportsApiService();
2626
const verifyApiOrToken = require('./apikeys/verify-api-or-token');
27+
const utils = require('../runtime/utils');
2728

2829
const version = '1.0.0';
2930

@@ -107,6 +108,9 @@ function init(_server, _runtime) {
107108
if (tosend.smtp) {
108109
delete tosend.smtp.password;
109110
}
111+
if (tosend.daqstore?.credentials) {
112+
delete tosend.daqstore.credentials;
113+
}
110114
// res.header("Access-Control-Allow-Origin", "*");
111115
// res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
112116
res.json(tosend);
@@ -131,6 +135,9 @@ function init(_server, _runtime) {
131135
if (req.body.smtp && !req.body.smtp.password && runtime.settings.smtp && runtime.settings.smtp.password) {
132136
req.body.smtp.password = runtime.settings.smtp.password;
133137
}
138+
if (utils.isEmptyObject(req.body.daqstore?.credentials) && runtime.settings.daqstore?.credentials) {
139+
req.body.daqstore.credentials = runtime.settings.daqstore?.credentials;
140+
}
134141
fs.writeFileSync(runtime.settings.userSettingsFile, JSON.stringify(req.body, null, 4));
135142
mergeUserSettings(req.body);
136143
runtime.restart(true).then(function(result) {

0 commit comments

Comments
 (0)