Qortal/qortal
Qortal/qortal
3
0
Fork 3
mirror of https://github.com/Qortal/qortal.git synced 2025-02-14 11:15:49 +00:00
Code Issues Projects Releases Wiki Activity

General API key / security-related updates

Browse Source
This commit is contained in:
CalDescent 2021-11-14 15:59:08 +00:00
parent 06e122f303
commit 1397cbeac2
3 changed files with 12 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/java/org/qortal/api/ApiKey.java
View File

@ -86,7 +86,8 @@ public class ApiKey {
return (this.apiKey != null);
}
public String getApiKey() {
@Override
public String toString() {
return this.apiKey;
}

2
src/main/java/org/qortal/api/resource/AdminResource.java
View File

@ -748,7 +748,7 @@ public class AdminResource {
throw ApiExceptionFactory.INSTANCE.createCustomException(request, ApiError.UNAUTHORIZED, "Unable to generate API key");
}
return apiKey.getApiKey();
return apiKey.toString();
}
}

26
src/main/java/org/qortal/api/resource/ArbitraryResource.java
View File

@ -7,10 +7,9 @@ import io.swagger.v3.oas.annotations.media.Content;
import io.swagger.v3.oas.annotations.media.Schema;
import io.swagger.v3.oas.annotations.parameters.RequestBody;
import io.swagger.v3.oas.annotations.responses.ApiResponse;
import io.swagger.v3.oas.annotations.security.SecurityRequirement;
import io.swagger.v3.oas.annotations.tags.Tag;
import java.net.InetSocketAddress;
import java.net.UnknownHostException;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.ArrayList;
@ -22,7 +21,6 @@ import javax.servlet.http.HttpServletResponse;
import javax.ws.rs.*;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.commons.lang3.ArrayUtils;
import org.apache.logging.log4j.LogManager;
@ -39,20 +37,11 @@ import org.qortal.data.naming.NameData;
import org.qortal.data.transaction.ArbitraryTransactionData;
import org.qortal.data.transaction.ArbitraryTransactionData.*;
import org.qortal.data.transaction.TransactionData;
import org.qortal.data.transaction.ArbitraryTransactionData.DataType;
import org.qortal.network.Network;
import org.qortal.network.Peer;
import org.qortal.network.PeerAddress;
import org.qortal.network.message.ArbitraryDataFileMessage;
import org.qortal.network.message.GetArbitraryDataFileMessage;
import org.qortal.network.message.Message;
import org.qortal.repository.DataException;
import org.qortal.repository.Repository;
import org.qortal.repository.RepositoryManager;
import org.qortal.settings.Settings;
import org.qortal.arbitrary.ArbitraryDataFile;
import org.qortal.arbitrary.ArbitraryDataFileChunk;
import org.qortal.transaction.ArbitraryTransaction;
import org.qortal.transaction.Transaction;
import org.qortal.transaction.Transaction.TransactionType;
import org.qortal.transaction.Transaction.ValidationResult;
@ -233,6 +222,7 @@ public class ArbitraryResource {
)
}
)
@SecurityRequirement(name = "apiKey")
public HttpServletResponse get(@PathParam("service") String serviceString,
@PathParam("name") String name,
@QueryParam("filepath") String filepath,
@ -259,6 +249,7 @@ public class ArbitraryResource {
)
}
)
@SecurityRequirement(name = "apiKey")
public HttpServletResponse get(@PathParam("service") String serviceString,
@PathParam("name") String name,
@PathParam("identifier") String identifier,
@ -295,6 +286,7 @@ public class ArbitraryResource {
)
}
)
@SecurityRequirement(name = "apiKey")
public String post(@PathParam("service") String serviceString,
@PathParam("name") String name,
String path) {
@ -329,6 +321,7 @@ public class ArbitraryResource {
)
}
)
@SecurityRequirement(name = "apiKey")
public String put(@PathParam("service") String serviceString,
@PathParam("name") String name,
String path) {
@ -364,6 +357,7 @@ public class ArbitraryResource {
)
}
)
@SecurityRequirement(name = "apiKey")
public String patch(@PathParam("service") String serviceString,
@PathParam("name") String name,
String path) {
@ -399,6 +393,7 @@ public class ArbitraryResource {
)
}
)
@SecurityRequirement(name = "apiKey")
public String post(@PathParam("service") String serviceString,
@PathParam("name") String name,
@PathParam("identifier") String identifier,
@ -434,6 +429,7 @@ public class ArbitraryResource {
)
}
)
@SecurityRequirement(name = "apiKey")
public String put(@PathParam("service") String serviceString,
@PathParam("name") String name,
@PathParam("identifier") String identifier,
@ -470,6 +466,7 @@ public class ArbitraryResource {
)
}
)
@SecurityRequirement(name = "apiKey")
public String patch(@PathParam("service") String serviceString,
@PathParam("name") String name,
@PathParam("identifier") String identifier,
@ -481,11 +478,6 @@ public class ArbitraryResource {
private String upload(Method method, Service service, String name, String identifier, String path) {
// It's too dangerous to allow user-supplied file paths in weaker security contexts
if (Settings.getInstance().isApiRestricted()) {
throw ApiExceptionFactory.INSTANCE.createException(request, ApiError.NON_PRODUCTION);
}
// Fetch public key from registered name
try (final Repository repository = RepositoryManager.getRepository()) {
NameData nameData = repository.getNameRepository().fromName(name);