Spaces:
Runtime error
Runtime error
| import { LoggerService } from '@nestjs/common'; | |
| import { WhatsappConfigService } from '@waha/config.service'; | |
| import { | |
| HashAuth, | |
| IApiKeyAuth, | |
| NoAuth, | |
| PlainApiKeyAuth, | |
| } from '@waha/core/auth/auth'; | |
| export function ApiKeyAuthFactory( | |
| config: WhatsappConfigService, | |
| logger: LoggerService, | |
| ): IApiKeyAuth { | |
| const apiKey = config.getApiKey(); | |
| if (!apiKey) { | |
| setTimeout(() => { | |
| logger.warn('🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫'); | |
| logger.warn('WARNING: No API key detected. This is a security risk.'); | |
| logger.warn( | |
| 'Your API is publicly accessible without any authentication.', | |
| ); | |
| logger.warn( | |
| 'To secure your API, set environment variable: WAHA_API_KEY=your_api_key', | |
| ); | |
| logger.warn( | |
| 'For better security, use WAHA_API_KEY=sha512:{SHA512_HASH_FOR_YOUR_API_KEY}', | |
| ); | |
| logger.warn('🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫🚫'); | |
| }, 3000); | |
| return new NoAuth(); | |
| } | |
| if (apiKey.startsWith('sha512:')) { | |
| const hash = apiKey.slice(7); | |
| return new HashAuth(hash, 'sha512'); | |
| } | |
| // Fallback to plain text | |
| setTimeout(() => { | |
| logger.warn('⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️'); | |
| logger.warn( | |
| 'WARNING: Plain text API key detected. This is a security risk.', | |
| ); | |
| logger.warn( | |
| 'Your API key can be exposed in environment variables or process lists.', | |
| ); | |
| logger.warn( | |
| 'For better security, use WAHA_API_KEY=sha512:{SHA512_HASH_FOR_YOUR_API_KEY}', | |
| ); | |
| logger.warn('⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️⚠️'); | |
| }, 2000); | |
| return new PlainApiKeyAuth(apiKey); | |
| } | |