API key change should take effect on restart only
This commit is contained in:
parent
20a018db2e
commit
1cff9ccc63
|
@ -40,6 +40,7 @@ var (
|
||||||
guiErrors = []guiError{}
|
guiErrors = []guiError{}
|
||||||
guiErrorsMut sync.Mutex
|
guiErrorsMut sync.Mutex
|
||||||
static func(http.ResponseWriter, *http.Request, *log.Logger)
|
static func(http.ResponseWriter, *http.Request, *log.Logger)
|
||||||
|
apiKey string
|
||||||
)
|
)
|
||||||
|
|
||||||
const (
|
const (
|
||||||
|
@ -115,6 +116,7 @@ func startGUI(cfg config.GUIConfiguration, assetDir string, m *model.Model) erro
|
||||||
mr.Action(router.Handle)
|
mr.Action(router.Handle)
|
||||||
mr.Map(m)
|
mr.Map(m)
|
||||||
|
|
||||||
|
apiKey = cfg.APIKey
|
||||||
loadCsrfTokens()
|
loadCsrfTokens()
|
||||||
|
|
||||||
go http.Serve(listener, mr)
|
go http.Serve(listener, mr)
|
||||||
|
@ -363,7 +365,7 @@ func basic(username string, passhash string) http.HandlerFunc {
|
||||||
}
|
}
|
||||||
|
|
||||||
func validAPIKey(k string) bool {
|
func validAPIKey(k string) bool {
|
||||||
return len(cfg.GUI.APIKey) > 0 && k == cfg.GUI.APIKey
|
return len(apiKey) > 0 && k == apiKey
|
||||||
}
|
}
|
||||||
|
|
||||||
func embeddedStatic() func(http.ResponseWriter, *http.Request, *log.Logger) {
|
func embeddedStatic() func(http.ResponseWriter, *http.Request, *log.Logger) {
|
||||||
|
|
|
@ -25,6 +25,7 @@ func csrfMiddleware(w http.ResponseWriter, r *http.Request) {
|
||||||
if validAPIKey(r.Header.Get("X-API-Key")) {
|
if validAPIKey(r.Header.Get("X-API-Key")) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
if strings.HasPrefix(r.URL.Path, "/rest/") {
|
if strings.HasPrefix(r.URL.Path, "/rest/") {
|
||||||
token := r.Header.Get("X-CSRF-Token")
|
token := r.Header.Get("X-CSRF-Token")
|
||||||
if !validCsrfToken(token) {
|
if !validCsrfToken(token) {
|
||||||
|
|
Loading…
Reference in New Issue