eliott/worldmonitor
1
0
Fork 0
mirror of https://github.com/koala73/worldmonitor.git synced 2026-04-25 17:14:57 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(relay): add authorization guard to api/_relay.js and dedupe military baseUrl call (#1992)

Browse Source 
api/_relay.js was missing the RELAY_AUTH_HEADER=Authorization guard from
server/_shared/relay.ts: when set, Undici merges both 'authorization: secret'
and 'Authorization: Bearer secret' into 'secret, Bearer secret', breaking the
relay's direct-compare auth check. Apply the same relayHeader !== 'authorization'
guard.

Military handler was calling getRelayBaseUrl() twice (truthy check + string
concat). Store result in relayBase to avoid the double env read and regex eval.
This commit is contained in:
Elie Habib
2026-03-21 16:37:43 +04:00
committed by GitHub
parent 4f37ba5feb
commit 951e8f7184
3 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api/_relay.js
View File

@@ -16,7 +16,9 @@ export function getRelayHeaders(baseHeaders = {}) {
if (relaySecret) {
const relayHeader = (process.env.RELAY_AUTH_HEADER || 'x-relay-key').toLowerCase();
headers[relayHeader] = relaySecret;
headers.Authorization = `Bearer ${relaySecret}`;
if (relayHeader !== 'authorization') {
headers.Authorization = `Bearer ${relaySecret}`;
}
}
return headers;
}

5
server/worldmonitor/military/v1/list-military-flights.ts
View File

@@ -78,9 +78,8 @@ export async function listMilitaryFlights(
REDIS_CACHE_TTL,
async () => {
const isSidecar = (process.env.LOCAL_API_MODE || '').includes('sidecar');
const baseUrl = isSidecar
? 'https://opensky-network.org/api/states/all'
: getRelayBaseUrl() ? getRelayBaseUrl() + '/opensky' : null;
const relayBase = isSidecar ? null : getRelayBaseUrl();
const baseUrl = isSidecar ? 'https://opensky-network.org/api/states/all' : relayBase ? relayBase + '/opensky' : null;
if (!baseUrl) return null;

2
tests/shared-relay.test.mjs
View File

@@ -256,7 +256,7 @@ describe('relay.ts — consumer import verification', () => {
'military: must use getRelayBaseUrl() to avoid wss:// URL bug',
);
assert.ok(
src.includes("getRelayBaseUrl() + '/opensky'"),
src.includes('getRelayBaseUrl()') && src.includes("'/opensky'"),
'military: must use getRelayBaseUrl() for relay URL construction',
);
});