patrick/OpenDTU-old
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: protect api/powerlimiter/status endpoint

Browse Source 
this endpoint must not spill info if read-only access is disabled.
This commit is contained in:
Bernhard Kirchen 2024-11-02 22:08:26 +01:00
parent c55ff7d9ae
commit 41fd52db52
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/WebApi_powerlimiter.cpp
View File

@ -27,6 +27,10 @@ void WebApiPowerLimiterClass::init(AsyncWebServer& server, Scheduler& scheduler)
void WebApiPowerLimiterClass::onStatus(AsyncWebServerRequest* request) void WebApiPowerLimiterClass::onStatus(AsyncWebServerRequest* request)
{ {
if (!WebApi.checkCredentialsReadonly(request)) {
return;
}
AsyncJsonResponse* response = new AsyncJsonResponse(); AsyncJsonResponse* response = new AsyncJsonResponse();
auto& root = response->getRoot(); auto& root = response->getRoot();
auto const& config = Configuration.get(); auto const& config = Configuration.get();