mudhorn/n8n
1
0
Fork 0
mirror of https://github.com/n8n-io/n8n.git synced 2025-02-02 07:01:30 -08:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix(Telegram Trigger Node): Fix header secret check (#12018)

Browse source
This commit is contained in:
Tomi Turtiainen 2024-12-03 12:29:36 +02:00 committed by GitHub
parent 7ad4badd2d
commit f16de4db01
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
packages/nodes-base/nodes/Telegram/TelegramTrigger.node.ts
View file

@ -238,7 +238,10 @@ export class TelegramTrigger implements INodeType {
const headerSecretBuffer = Buffer.from( const headerSecretBuffer = Buffer.from(
String(headerData['x-telegram-bot-api-secret-token'] ?? ''), String(headerData['x-telegram-bot-api-secret-token'] ?? ''),
); );
if (!crypto.timingSafeEqual(secretBuffer, headerSecretBuffer)) { if (
secretBuffer.byteLength !== headerSecretBuffer.byteLength ||
!crypto.timingSafeEqual(secretBuffer, headerSecretBuffer)
) {
const res = this.getResponseObject(); const res = this.getResponseObject();
res.status(403).json({ message: 'Provided secret is not valid' }); res.status(403).json({ message: 'Provided secret is not valid' });
return { return {