Merge branch 'release/1.8.0'

EvolutionAPI · May 27, 2024 · 05b5ae8 · 05b5ae8
2 parents 2ae4dde + 2e9c14a
commit 05b5ae8
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,7 @@
 
 ### Fixed
 * Correction in message formatting when generated by AI as markdown in typebot
+* Security fix in fetch instance with client key when not connected to mongodb
 
 # 1.7.5 (2024-05-21 08:50)
 

diff --git a/src/api/guards/auth.guard.ts b/src/api/guards/auth.guard.ts
@@ -3,7 +3,7 @@ import { NextFunction, Request, Response } from 'express';
 import jwt from 'jsonwebtoken';
 
 import { name } from '../../../package.json';
-import { Auth, configService } from '../../config/env.config';
+import { Auth, configService, Database } from '../../config/env.config';
 import { Logger } from '../../config/logger.config';
 import { ForbiddenException, UnauthorizedException } from '../../exceptions';
 import { InstanceDto } from '../dto/instance.dto';
@@ -58,6 +58,7 @@ async function jwtGuard(req: Request, res: Response, next: NextFunction) {
 async function apikey(req: Request, _: Response, next: NextFunction) {
   const env = configService.get<Auth>('AUTHENTICATION').API_KEY;
   const key = req.get('apikey');
+  const db = configService.get<Database>('DATABASE');
 
   if (!key) {
     throw new UnauthorizedException();
@@ -79,7 +80,7 @@ async function apikey(req: Request, _: Response, next: NextFunction) {
         return next();
       }
     } else {
-      if (req.originalUrl.includes('/instance/fetchInstances')) {
+      if (req.originalUrl.includes('/instance/fetchInstances') && db.ENABLED) {
         const instanceByKey = await repository.auth.findByKey(key);
         if (instanceByKey) {
           return next();