Merging main branch into v4.3.2-dev

2026-04-10 23:06:17 +00:00 · 2026-03-29 23:05:29 +08:00
parent f58226e398 0a33132d26
commit 21bea56426
2 changed files with 22 additions and 11 deletions
--- a/README.md
+++ b/README.md
@@ -1,3 +1,6 @@
+> [!WARNING]
+> All users running WGDashboard v4.2.x or later and hosted on the public internet are strongly advised to update to the latest release immediately. For more information: [v4.3.2 Release](https://github.com/WGDashboard/WGDashboard/releases/tag/v4.3.2)
+
 > [!TIP]
 > 🎉 To help us better understand and improve WGDashboard’s performance, we’re launching the **WGDashboard Testing Program**. As part of this program, participants will receive free WireGuard VPN access to our server in Toronto, Canada, valid for **24 hours** or up to **1GB of total traffic**—whichever comes first. If you’d like to join, visit [https://wg.wgdashboard.dev/](https://wg.wgdashboard.dev/) for more details!

--- a/src/dashboard.py
+++ b/src/dashboard.py
@@ -251,18 +251,26 @@ def auth_req():
            DashboardConfig.APIAccessed = True
        else:
            DashboardConfig.APIAccessed = False
+            appPrefix = APP_PREFIX if len(APP_PREFIX) > 0 else ''
            whiteList = [
-                '/static/', 'validateAuthentication', 'authenticate', 'getDashboardConfiguration',
-                'getDashboardTheme', 'getDashboardVersion', 'sharePeer/get', 'isTotpEnabled', 'locale',
-                '/client',
-                '/assets/', '/img/', '/json/',
-                '/client/assets/', '/client/img/'
+                # f'/static/', 
+                f'{appPrefix}/api/validateAuthentication', 
+                f'{appPrefix}/api/authenticate', 
+                # f'{appPrefix}/api/getDashboardConfiguration',
+                f'{appPrefix}/api/getDashboardTheme', 
+                f'{appPrefix}/api/getDashboardVersion', 
+                f'{appPrefix}/api/sharePeer/get', 
+                f'{appPrefix}/api/isTotpEnabled', 
+                f'{appPrefix}/api/locale',
            ]
        
-            if (("username" not in session or session.get("role") != "admin") 
-                    and (f"{(APP_PREFIX if len(APP_PREFIX) > 0 else '')}/" != request.path 
-                    and f"{(APP_PREFIX if len(APP_PREFIX) > 0 else '')}" != request.path)
-                    and len(list(filter(lambda x : x not in request.path, whiteList))) == len(whiteList)
+
+            if (    
+                    ("username" not in session or session.get("role") != "admin")
+                    and (f"{appPrefix}/" != request.path and f"{appPrefix}" != request.path)
+                    and not request.path.startswith(f'{appPrefix}/client')
+                    and not request.path.startswith(f'{appPrefix}/static')
+                    and request.path not in whiteList
            ):
                response = Flask.make_response(app, {
                    "status": False,
@@ -1477,7 +1485,7 @@ def API_Locale_Update():

@app.get(f'{APP_PREFIX}/api/email/ready')
 def API_Email_Ready():
-    return ResponseObject(EmailSender.is_ready())
+    return ResponseObject(EmailSender.ready())

@app.post(f'{APP_PREFIX}/api/email/send')
 def API_Email_Send():