ospab
/
ostp
mirror of https://github.com/ospab/ostp.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

security: send license key via Authorization header instead of query param

This commit is contained in:
ospab 2026-06-17 14:00:02 +03:00
parent 7ceabebf02
commit 303515cfba
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
ostp/src/main.rs
View File

@ -957,8 +957,9 @@ fn run_setup_wizard(config_path: &std::path::Path) -> Result<()> {
println!();
wizard_section("Downloading control panel...");
let download_url = format!("https://ostp.ospab.lol/download?key={}", license_key);
match reqwest::blocking::get(&download_url) {
let download_url = "https://ostp.ospab.lol/download";
let client = reqwest::blocking::Client::new();
match client.get(download_url).header("Authorization", format!("Bearer {}", license_key)).send() {
Ok(mut response) => {
if response.status().is_success() {
let mut file = std::fs::File::create("ostp-control.zip").expect("Failed to create file");
@ -966,12 +967,14 @@ fn run_setup_wizard(config_path: &std::path::Path) -> Result<()> {
wizard_ok("Downloaded ostp-control.zip successfully! Please extract it.");
} else {
tracing::warn!("Failed to download panel: HTTP {}", response.status());
println!(" Please download ostp-control manually from: {}", download_url);
println!(" Please download ostp-control manually using:");
println!(" curl -H \"Authorization: Bearer {}\" -o ostp-control.zip {}", license_key, download_url);
}
}
Err(e) => {
tracing::warn!("Failed to download panel: {}", e);
println!(" Please download ostp-control manually from: {}", download_url);
println!(" Please download ostp-control manually using:");
println!(" curl -H \"Authorization: Bearer {}\" -o ostp-control.zip {}", license_key, download_url);
}
}