sam/pronounscc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

feat: restrict certain endpoints from API tokens and/or read-only tokens

Browse source
This commit is contained in:
Sam 2023-03-30 16:58:35 +02:00
parent 2716471fa9
commit ff75075b81
Signed by: sam
GPG key ID: B4EF20DDE721CAA1
13 changed files with 62 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

8
backend/routes/auth/tokens.go
View file

@ -33,6 +33,10 @@ func (s *Server) getTokens(w http.ResponseWriter, r *http.Request) error {
ctx := r.Context()
claims, _ := server.ClaimsFromContext(ctx)
if claims.APIToken {
return server.APIError{Code: server.ErrMissingPermissions, Details: "This endpoint cannot be used by API tokens"}
}
tokens, err := s.DB.Tokens(ctx, claims.UserID)
if err != nil {
return errors.Wrap(err, "getting tokens")
@ -52,7 +56,7 @@ func (s *Server) deleteToken(w http.ResponseWriter, r *http.Request) error {
claims, _ := server.ClaimsFromContext(ctx)
if claims.APIToken {
return server.APIError{Code: server.ErrInvalidToken}
return server.APIError{Code: server.ErrMissingPermissions, Details: "This endpoint cannot be used by API tokens"}
}
tx, err := s.DB.Begin(ctx)
@ -89,7 +93,7 @@ func (s *Server) createToken(w http.ResponseWriter, r *http.Request) error {
claims, _ := server.ClaimsFromContext(ctx)
if claims.APIToken {
return server.APIError{Code: server.ErrInvalidToken}
return server.APIError{Code: server.ErrMissingPermissions, Details: "This endpoint cannot be used by API tokens"}
}
readOnly := r.FormValue("read_only") == "true"