1
0
mirror of https://github.com/mattermost/focalboard.git synced 2024-12-24 13:43:12 +02:00

Check local conn for admin APIs

This commit is contained in:
Chen-I Lim 2021-01-22 14:14:12 -08:00
parent 6e1548773d
commit 22e3e03c39
4 changed files with 48 additions and 2 deletions

View File

@ -61,7 +61,7 @@ func (a *API) RegisterRoutes(r *mux.Router) {
}
func (a *API) RegisterAdminRoutes(r *mux.Router) {
r.HandleFunc("/api/v1/admin/users/{username}/password", a.handleAdminSetPassword).Methods("POST")
r.HandleFunc("/api/v1/admin/users/{username}/password", a.adminRequired(a.handleAdminSetPassword)).Methods("POST")
}
func (a *API) handleGetBlocks(w http.ResponseWriter, r *http.Request) {

View File

@ -6,11 +6,13 @@ import (
"errors"
"io/ioutil"
"log"
"net"
"net/http"
"strings"
"time"
"github.com/gorilla/mux"
serverContext "github.com/mattermost/mattermost-octo-tasks/server/context"
"github.com/mattermost/mattermost-octo-tasks/server/model"
"github.com/mattermost/mattermost-octo-tasks/server/services/auth"
)
@ -226,3 +228,17 @@ func (a *API) attachSession(handler func(w http.ResponseWriter, r *http.Request)
handler(w, r.WithContext(ctx))
}
}
func (a *API) adminRequired(handler func(w http.ResponseWriter, r *http.Request)) func(w http.ResponseWriter, r *http.Request) {
return func(w http.ResponseWriter, r *http.Request) {
// Currently, admin APIs require local unix connections
conn := serverContext.GetContextConn(r)
if _, isUnix := conn.(*net.UnixConn); !isUnix {
errorResponse(w, http.StatusUnauthorized, nil, nil)
return
}
handler(w, r)
return
}
}

28
server/context/context.go Normal file
View File

@ -0,0 +1,28 @@
package context
import (
"context"
"net"
"net/http"
)
type contextKey struct {
key string
}
var connContextKey = &contextKey{"http-conn"}
// SetContextConn stores the connection in the request context
func SetContextConn(ctx context.Context, c net.Conn) context.Context {
return context.WithValue(ctx, connContextKey, c)
}
// GetContextConn gets the stored connection from the request context
func GetContextConn(r *http.Request) net.Conn {
value := r.Context().Value(connContextKey)
if value == nil {
return nil
}
return value.(net.Conn)
}

View File

@ -17,6 +17,7 @@ import (
"github.com/mattermost/mattermost-octo-tasks/server/api"
"github.com/mattermost/mattermost-octo-tasks/server/app"
"github.com/mattermost/mattermost-octo-tasks/server/context"
appModel "github.com/mattermost/mattermost-octo-tasks/server/model"
"github.com/mattermost/mattermost-octo-tasks/server/services/config"
"github.com/mattermost/mattermost-octo-tasks/server/services/scheduler"
@ -200,7 +201,8 @@ func (s *Server) Config() *config.Configuration {
func (s *Server) startLocalModeServer() error {
s.localModeServer = &http.Server{
Handler: s.localRouter,
Handler: s.localRouter,
ConnContext: context.SetContextConn,
}
// TODO: Close and delete socket file on shutdown