Fix issue where the server will 403 you if SERVER_DIGEST_KEY env var is unset.

2025-08-07 12:28:39 +00:00 · 2021-10-31 14:09:57 -04:00 · 2021-10-31 14:09:57 -04:00 · 874477008e
commit 874477008e
parent 76ed7a736d
1 changed files with 16 additions and 12 deletions
--- a/ProjectLighthouse/Startup.cs
+++ b/ProjectLighthouse/Startup.cs
@ -77,23 +77,27 @@ namespace LBPUnion.ProjectLighthouse
                string digestPath = context.Request.Path;
                Stream body = context.Request.Body;
-                string clientRequestDigest = await HashHelper.ComputeDigest(digestPath, authCookie, body, serverDigestKey);
+                if (computeDigests)
                // Check the digest we've just calculated against the X-Digest-A header if the game set the header. They should match.
                if (context.Request.Headers.TryGetValue("X-Digest-A", out var sentDigest))
                {
-                    if (clientRequestDigest != sentDigest)
+                    string clientRequestDigest =
                        await HashHelper.ComputeDigest(digestPath, authCookie, body, serverDigestKey);
                    // Check the digest we've just calculated against the X-Digest-A header if the game set the header. They should match.
                    if (context.Request.Headers.TryGetValue("X-Digest-A", out var sentDigest))
                    {
-                        context.Response.StatusCode = 403;
+                        if (clientRequestDigest != sentDigest)
-                        context.Abort();
+                        {
-                        return;
+                            context.Response.StatusCode = 403;
                            context.Abort();
                            return;
                        }
                    }
                    context.Response.Headers.Add("X-Digest-B", clientRequestDigest);
                    context.Request.Body.Position = 0;
                }
-                context.Response.Headers.Add("X-Digest-B", clientRequestDigest);
+                // This does the same as above, but for the response stream.
                context.Request.Body.Position = 0;
                    // This does the same as above, but for the response stream.
                using MemoryStream responseBuffer = new MemoryStream();
                Stream oldResponseStream = context.Response.Body;
                context.Response.Body = responseBuffer;