api: bind session tokens to ip hash

2025-03-30 17:03:52 +00:00
parent bf5937e336
commit 1f768df4ec
3 changed files with 22 additions and 16 deletions
--- a/api/src/core/api.js
+++ b/api/src/core/api.js
@@ -175,7 +175,7 @@ export const runAPI = async (express, app, __dirname, isPrimary = true) => {
                return fail(res, "error.api.auth.jwt.invalid");
            }

-            if (!jwt.verify(token)) {
+            if (!jwt.verify(token, getIP(req, 32))) {
                return fail(res, "error.api.auth.jwt.invalid");
            }

@@ -221,7 +221,7 @@ export const runAPI = async (express, app, __dirname, isPrimary = true) => {
        }

        try {
-            res.json(jwt.generate());
+            res.json(jwt.generate(getIP(req, 32)));
        } catch {
            return fail(res, "error.api.generic");
        }