Firepup650/bitbot-3.11-fork
2
0
Fork 0
Code Issues Pull requests Activity Actions

Add basic access controls to modules/rest_api.py

Browse source
This commit is contained in:
jesopo 2018-11-10 21:54:08 +00:00
parent 22660067d5
commit 07c813cc1f
1 changed files with 5 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
modules/rest_api.py
View file

@ -23,10 +23,9 @@ class Handler(http.server.BaseHTTPRequestHandler):
hook = hooks[0] hook = hooks[0]
authenticated = hook.get_kwarg("authenticated", True) authenticated = hook.get_kwarg("authenticated", True)
key = params.get("key", None) key = params.get("key", None)
if authenticated and (not key or not _bot.get_setting( permissions = _bot.get_setting("api-key-%s" % key, [])
"api-key-%s" % key, False)):
code = 401 if not authenticated or path in permimssions or "*" in permissions:
else:
if path.startswith("/api/"): if path.startswith("/api/"):
event_response = None event_response = None
try: try:
@ -42,6 +41,8 @@ class Handler(http.server.BaseHTTPRequestHandler):
response = json.dumps(event_response, response = json.dumps(event_response,
sort_keys=True, indent=4) sort_keys=True, indent=4)
code = 200 code = 200
else:
code = 401
self.send_response(code) self.send_response(code)
self.send_header("Content-type", "application/json") self.send_header("Content-type", "application/json")