Firepup650/bitbot-3.11-fork
2
0
Fork 0
Code Issues Pull requests Activity Actions

Change API key checking on-request to match what the values should be in the

Browse source 
database (dict of '{"name": , "permissions": }')
This commit is contained in:
jesopo 2018-11-12 18:06:02 +00:00
parent a943e69cee
commit a0e86f79c3
1 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
modules/rest_api.py
View file

@ -23,7 +23,8 @@ class Handler(http.server.BaseHTTPRequestHandler):
hook = hooks[0]
authenticated = hook.get_kwarg("authenticated", True)
key = params.get("key", None)
permissions = _bot.get_setting("api-key-%s" % key, [])
key_setting = = _bot.get_setting("api-key-%s" % key, {})
permissions = key_seting.get("permissions", [])
if not authenticated or path in permissions or "*" in permissions:
if path.startswith("/api/"):