NowChess/NowChessSystems
4
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

fix(auth): correct internal secret validation logic in InternalAuthFilter
Build & Test (NowChessSystems) TeamCity build finished
Details

Browse Source
This commit is contained in:
Janis
2026-05-03 13:12:50 +02:00
parent 4a145cb538
commit 85b187293f
2 changed files with 19 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/security/src/main/scala/de/nowchess/security/InternalAuthFilter.scala
+1 -1
View File
@@ -23,5 +23,5 @@ class InternalAuthFilter extends ContainerRequestFilter:
override def filter(ctx: ContainerRequestContext): Unit =
if authEnabled then
val header = Option(ctx.getHeaderString("X-Internal-Secret"))
if header.isEmpty || header.get.equals(secret) then
if header.isEmpty || (!header.get.equals(secret)) then
ctx.abortWith(Response.status(Response.Status.UNAUTHORIZED).build())