Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 14:50:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

validate API key scope

Browse Source 
Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2023-09-08 18:54:11 +02:00
parent 1cbaa7c77b
commit aefcea034a
2 changed files with 23 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
internal/httpd/middleware.go
View File

@@ -384,6 +384,13 @@ func checkAPIKeyAuth(tokenAuth *jwtauth.JWTAuth, scope dataprovider.APIKeyScope)
sendAPIResponse(w, r, errors.New("the provided api key is not valid"), "", http.StatusBadRequest)
return
}
if k.Scope != scope {
handleDefenderEventLoginFailed(util.GetIPFromRemoteAddress(r.RemoteAddr), dataprovider.ErrInvalidCredentials) //nolint:errcheck
logger.Debug(logSender, "", "unable to authenticate api key %q: invalid scope: got %d, wnated: %d",
apiKey, k.Scope, scope)
sendAPIResponse(w, r, fmt.Errorf("the provided api key is invalid for this request"), "", http.StatusForbidden)
return
}
if err := k.Authenticate(key); err != nil {
handleDefenderEventLoginFailed(util.GetIPFromRemoteAddress(r.RemoteAddr), dataprovider.ErrInvalidCredentials) //nolint:errcheck
logger.Debug(logSender, "", "unable to authenticate api key %q: %v", apiKey, err)