From 5b2c7a62417a0861c56e1023d239684c47bd6c3b Mon Sep 17 00:00:00 2001
From: Rafael Calpena Rodrigues <rafael.calpena@gmail.com>
Date: Wed, 10 Aug 2022 18:53:47 -0300
Subject: [PATCH 1/2] Wait for Authenticated Function

`proxy` should `await` for result of `authenticated` call to avoid security issues.
---
 src/node/routes/pathProxy.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/node/routes/pathProxy.ts b/src/node/routes/pathProxy.ts
index 6c20ab6b3e0f..85ac96d18e80 100644
--- a/src/node/routes/pathProxy.ts
+++ b/src/node/routes/pathProxy.ts
@@ -14,14 +14,14 @@ const getProxyTarget = (req: Request, passthroughPath?: boolean): string => {
   return `http://0.0.0.0:${req.params.port}/${req.params[0] || ""}${query ? `?${query}` : ""}`
 }
 
-export function proxy(
+export async function proxy(
   req: Request,
   res: Response,
   opts?: {
     passthroughPath?: boolean
   },
 ): void {
-  if (!authenticated(req)) {
+  if (!(await authenticated(req))) {
     // If visiting the root (/:port only) redirect to the login page.
     if (!req.params[0] || req.params[0] === "/") {
       const to = self(req)

From f5893488ce12f7606a1db1910cb99aeb9b3227c1 Mon Sep 17 00:00:00 2001
From: Asher <ash@coder.com>
Date: Wed, 10 Aug 2022 18:29:22 -0500
Subject: [PATCH 2/2] Make path proxy async

---
 src/node/routes/index.ts     | 8 ++++----
 src/node/routes/pathProxy.ts | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/node/routes/index.ts b/src/node/routes/index.ts
index 13d53df86fb3..a2046b6a7dc8 100644
--- a/src/node/routes/index.ts
+++ b/src/node/routes/index.ts
@@ -94,8 +94,8 @@ export const register = async (app: App, args: DefaultedArgs): Promise<Disposabl
   app.router.use("/", domainProxy.router)
   app.wsRouter.use("/", domainProxy.wsRouter.router)
 
-  app.router.all("/proxy/(:port)(/*)?", (req, res) => {
-    pathProxy.proxy(req, res)
+  app.router.all("/proxy/(:port)(/*)?", async (req, res) => {
+    await pathProxy.proxy(req, res)
   })
   app.wsRouter.get("/proxy/(:port)(/*)?", async (req) => {
     await pathProxy.wsProxy(req as pluginapi.WebsocketRequest)
@@ -103,8 +103,8 @@ export const register = async (app: App, args: DefaultedArgs): Promise<Disposabl
   // These two routes pass through the path directly.
   // So the proxied app must be aware it is running
   // under /absproxy/<someport>/
-  app.router.all("/absproxy/(:port)(/*)?", (req, res) => {
-    pathProxy.proxy(req, res, {
+  app.router.all("/absproxy/(:port)(/*)?", async (req, res) => {
+    await pathProxy.proxy(req, res, {
       passthroughPath: true,
     })
   })
diff --git a/src/node/routes/pathProxy.ts b/src/node/routes/pathProxy.ts
index 85ac96d18e80..e21b849ecca6 100644
--- a/src/node/routes/pathProxy.ts
+++ b/src/node/routes/pathProxy.ts
@@ -20,7 +20,7 @@ export async function proxy(
   opts?: {
     passthroughPath?: boolean
   },
-): void {
+): Promise<void> {
   if (!(await authenticated(req))) {
     // If visiting the root (/:port only) redirect to the login page.
     if (!req.params[0] || req.params[0] === "/") {