Authenticate plugin routes (#2720)

Author: code-asher

src/node/plugin.ts

@@ -6,7 +6,7 @@ import * as semver from "semver"
 import * as pluginapi from "../../typings/pluginapi"
 import { HttpCode, HttpError } from "../common/http"
 import { version } from "./constants"
-import { replaceTemplates } from "./http"
+import { ensureAuthenticated, replaceTemplates } from "./http"
 import { proxy } from "./proxy"
 import * as util from "./util"
 import { Router as WsRouter, WebsocketRouter, wss } from "./wsRouter"
@@ -122,10 +122,10 @@ export class PluginAPI {
   public mount(r: express.Router, wr: express.Router): void {
     for (const [, p] of this.plugins) {
       if (p.router) {
-        r.use(`${p.routerPath}`, p.router())
+        r.use(`${p.routerPath}`, ensureAuthenticated, p.router())
       }
       if (p.wsRouter) {
-        wr.use(`${p.routerPath}`, (p.wsRouter() as WebsocketRouter).router)
+        wr.use(`${p.routerPath}`, ensureAuthenticated, (p.wsRouter() as WebsocketRouter).router)
       }
     }
   }

src/node/routes/index.ts

@@ -12,7 +12,7 @@ import { plural } from "../../common/util"
 import { AuthType, DefaultedArgs } from "../cli"
 import { rootPath } from "../constants"
 import { Heart } from "../heart"
-import { redirect, replaceTemplates } from "../http"
+import { ensureAuthenticated, redirect, replaceTemplates } from "../http"
 import { PluginAPI } from "../plugin"
 import { getMediaMime, paths } from "../util"
 import { wrapper } from "../wrapper"
@@ -119,7 +119,7 @@ export const register = async (
     const pluginApi = new PluginAPI(logger, process.env.CS_PLUGIN, process.env.CS_PLUGIN_PATH, workingDir)
     await pluginApi.loadPlugins()
     pluginApi.mount(app, wsApp)
-    app.use("/api/applications", apps.router(pluginApi))
+    app.use("/api/applications", ensureAuthenticated, apps.router(pluginApi))
     wrapper.onDispose(() => pluginApi.dispose())
   }