Update 20230823.md

free5gc · Aug 21, 2023 · 6e7e54e · 6e7e54e
1 parent a1d117e
commit 6e7e54e
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/docs/blog/CSRF/20230823.md b/docs/blog/CSRF/20230823.md
@@ -204,6 +204,7 @@ func ParseJWT(tokenStr string) (jwt.MapClaims, error) {
 }
 ```
 - The function `CheckAuth()` serves the purpose of determining whether a user possesses the authorization to access a particular resource.
+
 ```go
 func CheckAuth(c *gin.Context) bool {
 	tokenStr := c.GetHeader("Token")
@@ -216,8 +217,9 @@ func CheckAuth(c *gin.Context) bool {
 ```
 
 > [!WARNING] 
-> The secret key utilized for signature verification is obtained through `os.Getenv("SIGNINGKEY")`. However, there's a possibility that `SIGNINGKEY` might not be exported as an environment variable, leading to a potential return of an empty value. Under such circumstances, an implication arises: an admin in Webconsole A could potentially gain access to subscriber data within Webconsole B.
-> Within the `CheckAuth()` function, if the client sets the JWT token to **'admin'**, the function will evaluate to true, effectively allowing the check to be passed.
+> - The secret key utilized for signature verification is obtained through `os.Getenv("SIGNINGKEY")`. However, there's a possibility that `SIGNINGKEY` might not be exported as an environment variable, leading to a potential return of an empty value. Under such circumstances, an implication arises: an admin in Webconsole A could potentially gain access to subscriber data within Webconsole B.
+> 
+> - Within the `CheckAuth()` function, if the client sets the JWT token to **'admin'**, the function will evaluate to true, effectively allowing the check to be passed.
 
 
 ## Implementation