Added secret and associated processing to prevent bypass of LinkedIn …

…logon
jonverrier · Jul 7, 2024 · 0d27146 · 0d27146
2 parents 093017b + 80d3b76
commit 0d27146
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 5 deletions.
diff --git a/api/auth/index.js b/api/auth/index.js
@@ -3,7 +3,7 @@
 const axios = require('axios');
 const qs = require('qs');
 
-async function redirectWithEmail (code, session, conversation, context, res) {
+async function redirectWithEmail (code, session, conversation, secret, context, res) {
 
   try {
 
@@ -46,7 +46,8 @@ async function redirectWithEmail (code, session, conversation, context, res) {
      var redirect = "/aibot.html#&session=" + session + 
         "&conversation=" + conversation + 
         "&email=" + encodeURIComponent(profileRes.data.email) + 
-        "&name=" + encodeURIComponent(profileRes.data.name);
+        "&name=" + encodeURIComponent(profileRes.data.name) +
+        "&secret=" + encodeURIComponent(secret);
 
      if (res) {
         res.redirect (redirect);
@@ -84,7 +85,7 @@ module.exports = async function (context, req, res) {
    if ((parsed.session.startsWith (process.env.SessionKey)) || (parsed.session.startsWith (process.env.SessionKey2)) 
         && req.query.code) {
 
-      await redirectWithEmail (req.query.code, parsed.session, parsed.conversation, context, res);
+      await redirectWithEmail (req.query.code, parsed.session, parsed.conversation, parsed.secret, context, res);
    } else {
       if (res) {
          res = {

diff --git a/public/assets/js/aibot.min.js b/public/assets/js/aibot.min.js
diff --git a/public/assets/js/aibot.min.js.map b/public/assets/js/aibot.min.js.map