8000 Add permissions for API keys by justinclift · Pull Request #156 · sqlitebrowser/dbhub.io · GitHub
[go: up one dir, main page]
Skip to content
This repository was archived by the owner on Mar 4, 2025. It is now read-only.

Add permissions for API keys #156

Draft
wants to merge 23 commits into
base: master
Choose a base branch
from
Draft

Add permissions for API keys #156

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
2ae5b5e
Add initial API function call permission toggles to setting page
justinclift May 31, 2021
f56b156
Initial code to send api permission button toggles to the server
justinclift Jun 1, 2021
d482e34
Save point. Start working out the right PG table structure
justinclift Jun 2, 2021
046e861
Early stage code for saving the permissions in the database
justinclift Jun 5, 2021
0f3a233
Save point. Working function to save API permissions in the database
justinclift Jun 6, 2021
9871e8d
Save point. Initial working code to save api key database change to …
justinclift Jun 6, 2021
6bf5532
Display list of user databases to choose from
justinclift Jun 6, 2021
ca26fb4
Add extra validation of user supplied api keys
justinclift Jun 7, 2021
f06b1c2
Add some further input validation and similar
justinclift Jun 7, 2021
5052d6d
Save point. Adding db and perms to existing API key structures
justinclift Jun 8, 2021
98e8d0e
Save point. Start moving the API key DB and permissions changing to a…
justinclift Jun 10, 2021
2ea5683
Save point. Changed perms from uint to string, added initial api per…
justinclift Jun 11, 2021
a37f257
Save point. Returning a map of api keys instead of a string slice
justinclift Jun 12, 2021
fd821eb
Permission toggles now reflect their saved database values
justinclift Jun 12, 2021
872b542
Select the "All databases" option in the webUI correctly
justinclift Jun 12, 2021
81f9160
Default api keys to all permissions enabled.
justinclift Jun 12, 2021
24f056e
No need for a separate api permissions page yet
justinclift Jun 12, 2021
74bf0b2
Initial concept code adding permission checks to the api end point
justinclift Jun 13, 2021
f9b4a3f
Trivial wording tweak
justinclift Jun 13, 2021
376ebb4
WIP. Fix SQL query for retrieving permission data
justinclift Jun 19, 2021
9df8d5e
WIP. Remove some code duplication, make progress with fetching API ke…
justinclift Jun 19, 2021
d71bb03
WIP. Stub test go file, for fleshing out once we have the Docker bit …
justinclift Jun 24, 2021
a1a8af3
WIP. Some database schema updates.
justinclift Jul 10, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
No need for a separate api permissions page yet
  • Loading branch information
@justinclift
justinclift committed Jun 12, 2021
commit 24f056eeca920fa8dcbb37ccd9e8cde37188d792
1 change: 0 additions & 1 deletion webui/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3330,7 +3330,6 @@ func main() {
// Our pages
http.Handle("/", gz.GzipHandler(logReq(mainHandler)))
http.Handle("/about", gz.GzipHandler(logReq(aboutPage)))
http.Handle("/apiperms", gz.GzipHandler(logReq(apiPermissionsPage)))
http.Handle("/branches/", gz.GzipHandler(logReq(branchesPage)))
http.Handle("/commits/", gz.GzipHandler(logReq(commitsPage)))
http.Handle("/compare/", gz.GzipHandler(logReq(comparePage)))
Expand Down
67 changes: 0 additions & 67 deletions webui/pages.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,6 @@ import (
"fmt"
"log"
"net/http"
"net/url"
"strconv"
"strings"
"time"
Expand Down Expand Up @@ -39,72 +38,6 @@ func aboutPage(w http.ResponseWriter, r *http.Request) {
}
}

// Renders the "API Key permissions" page.
func apiPermissionsPage(w http.ResponseWriter, r *http.Request) {
var pageData struct {
Auth0 com.Auth0Set
Meta com.MetaInfo
KeyInfo com.APIKey
}

// Get all meta information
errCode, err := collectPageMetaInfo(r, &pageData.Meta, true, false)
if err != nil {
errorPage(w, r, errCode, err.Error())
return
}
pageData.Meta.Title = "What is DBHub.io?"

// Add Auth0 info to the page data
pageData.Auth0 = collectPageAuth0Info()

// Get the API key from the user provided data
a := r.PostFormValue("apikey")
apiKey, err := url.QueryUnescape(a)
if err != nil {
errorPage(w, r, http.StatusInternalServerError, err.Error())
return
}

// Validate the API key
err = com.CheckAPIKey(apiKey)
if err != nil {
errorPage(w, r, http.StatusBadRequest, err.Error())
return
}

// If no API key was provided, display an error instead of the page content
if apiKey == "" {
errorPage(w, r, http.StatusBadRequest, "No API key provided")
return
}

// Verify the API key belongs to the logged in user. eg don't allow looking at other people's API keys
keyOwner, err := com.GetAPIKeyUser(apiKey)
if err != nil {
errorPage(w, r, http.StatusInternalServerError, err.Error())
return
}
if keyOwner != pageData.Meta.LoggedInUser {
errorPage(w, r, http.StatusBadRequest, "Unknown API key")
return
}

// Retrieve the API key details
pageData.KeyInfo, err = com.GetAPIKey(apiKey)
if err != nil {
errorPage(w, r, http.StatusBadRequest, err.Error())
return
}

// Render the page
t := tmpl.Lookup("apipermsPage")
err = t.Execute(w, pageData)
if err != nil {
log.Printf("Error: %s", err)
}
}

// Render the branches page, which lists the branches for a database.
func branchesPage(w http.ResponseWriter, r *http.Request) {
// Structure to hold page data
Expand Down
280 changes: 0 additions & 280 deletions webui/templates/apiperms.html
View file
Open in desktop

This file was deleted.

0