From a0e86f79c39ddde195ca75b4e83363ff2de87641 Mon Sep 17 00:00:00 2001
From: jesopo <github@lolnerd.net>
Date: Mon, 12 Nov 2018 18:06:02 +0000
Subject: [PATCH] Change API key checking on-request to match what the values
 should be in the database (dict of '{"name": , "permissions": }')

---
 modules/rest_api.py | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/modules/rest_api.py b/modules/rest_api.py
index 0bccb793..b4c35565 100644
--- a/modules/rest_api.py
+++ b/modules/rest_api.py
@@ -23,7 +23,8 @@ class Handler(http.server.BaseHTTPRequestHandler):
             hook = hooks[0]
             authenticated = hook.get_kwarg("authenticated", True)
             key = params.get("key", None)
-            permissions = _bot.get_setting("api-key-%s" % key, [])
+            key_setting = = _bot.get_setting("api-key-%s" % key, {})
+            permissions = key_seting.get("permissions", [])
 
             if not authenticated or path in permissions or "*" in permissions:
                 if path.startswith("/api/"):