Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-06 22:30:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

REST API: add support for API key authentication

Browse Source
This commit is contained in:
Nicola Murino
2021-08-17 18:08:32 +02:00
parent 05c62b9f40
commit fe953d6b38
41 changed files with 3620 additions and 274 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
httpd/api_admin.go
View File

@@ -13,6 +13,7 @@ import (
)
func getAdmins(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
limit, offset, order, err := getSearchFilters(w, r)
if err != nil {
return
@@ -27,6 +28,7 @@ func getAdmins(w http.ResponseWriter, r *http.Request) {
}
func getAdminByUsername(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
username := getURLParam(r, "username")
renderAdmin(w, r, username, http.StatusOK)
}
@@ -84,6 +86,11 @@ func updateAdmin(w http.ResponseWriter, r *http.Request) {
return
}
if username == claims.Username {
if claims.APIKeyID != "" {
sendAPIResponse(w, r, errors.New("updating the admin impersonated with an API key is not allowed"), "",
http.StatusBadRequest)
return
}
if claims.isCriticalPermRemoved(admin.Permissions) {
sendAPIResponse(w, r, errors.New("you cannot remove these permissions to yourself"), "", http.StatusBadRequest)
return
@@ -103,6 +110,7 @@ func updateAdmin(w http.ResponseWriter, r *http.Request) {
}
func deleteAdmin(w http.ResponseWriter, r *http.Request) {
r.Body = http.MaxBytesReader(w, r.Body, maxRequestSize)
username := getURLParam(r, "username")
claims, err := getTokenClaims(r)
if err != nil || claims.Username == "" {