peermap/api: fix privilege escalation during token refresh

2025-09-26 19:01:11 +08:00 · 2025-03-25 19:55:30 +08:00
parent 49236a9140
commit 6d8eba25ba
2 changed files with 9 additions and 1 deletions
--- a/langs/ifelse.go
+++ b/langs/ifelse.go
@@ -0,0 +1,8 @@
+package langs
+
+func IfElse[T any](cond bool, v1, v2 T) T {
+	if cond {
+		return v1
+	}
+	return v2
+}
--- a/peermap/api/api_v1.go
+++ b/peermap/api/api_v1.go
@@ -59,7 +59,7 @@ func (a *ApiV1) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}
 	if time.Until(time.Unix(secret.Deadline, 0)) <
 		a.Config.SecretValidityPeriod-a.Config.SecretRotationPeriod {
-		if newSecret, err := a.Grant(secret.Network, "PG_ADM"); err == nil {
+		if newSecret, err := a.Grant(secret.Network, langs.IfElse(secret.Admin, "PG_ADM", "")); err == nil {
 			b, _ := json.Marshal(newSecret)
 			w.Header().Add("X-Set-Token", string(b))
 		}