##// END OF EJS Templates
upstream » kallithea
RSS

Clone from https://kallithea-scm.org/repos/kallithea

new feature: API access white list definition from .ini files
marcink -
r3751:78c7e8ef beta
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -111,6 +111,12 b' rss_include_diff = false'
111 111 show_sha_length = 12
112 112 show_revision_number = true
113 113
114 ## white list of API enabled controllers. This allows to add list of
115 ## controllers to which access will be enabled by api_key. eg: to enable
116 ## api access to raw_files put `FilesController:raw`, to enable access to patches
117 ## add `ChangesetController:changeset_patch`. This list should be "," separated
118 ## Syntax is <ControllerClass>:<function>. Check debug logs for generated names
119 api_access_controllers_whitelist =
114 120
115 121 ## alternative_gravatar_url allows you to use your own avatar server application
116 122 ## the following parts of the URL will be replaced
Show file before | Show file after | Hide comments
@@ -111,6 +111,12 b' rss_include_diff = false'
111 111 show_sha_length = 12
112 112 show_revision_number = true
113 113
114 ## white list of API enabled controllers. This allows to add list of
115 ## controllers to which access will be enabled by api_key. eg: to enable
116 ## api access to raw_files put `FilesController:raw`, to enable access to patches
117 ## add `ChangesetController:changeset_patch`. This list should be "," separated
118 ## Syntax is <ControllerClass>:<function>. Check debug logs for generated names
119 api_access_controllers_whitelist =
114 120
115 121 ## alternative_gravatar_url allows you to use your own avatar server application
116 122 ## the following parts of the URL will be replaced
Show file before | Show file after | Hide comments
@@ -111,6 +111,12 b' rss_include_diff = false'
111 111 show_sha_length = 12
112 112 show_revision_number = true
113 113
114 ## white list of API enabled controllers. This allows to add list of
115 ## controllers to which access will be enabled by api_key. eg: to enable
116 ## api access to raw_files put `FilesController:raw`, to enable access to patches
117 ## add `ChangesetController:changeset_patch`. This list should be "," separated
118 ## Syntax is <ControllerClass>:<function>. Check debug logs for generated names
119 api_access_controllers_whitelist =
114 120
115 121 ## alternative_gravatar_url allows you to use your own avatar server application
116 122 ## the following parts of the URL will be replaced
Show file before | Show file after | Hide comments
@@ -39,7 +39,7 b' from sqlalchemy.orm.exc import ObjectDel'
39 39 from rhodecode import __platform__, is_windows, is_unix
40 40 from rhodecode.model.meta import Session
41 41
42 from rhodecode.lib.utils2 import str2bool, safe_unicode
42 from rhodecode.lib.utils2 import str2bool, safe_unicode, aslist
43 43 from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError,\
44 44 LdapImportError
45 45 from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug,\
@@ -531,7 +531,12 b' class LoginRequired(object):'
531 531 cls = fargs[0]
532 532 user = cls.rhodecode_user
533 533 loc = "%s:%s" % (cls.__class__.__name__, func.__name__)
534
534 # defined whitelist of controllers which API access will be enabled
535 whitelist = aslist(config.get('api_access_controllers_whitelist'),
536 sep=',')
537 api_access_whitelist = loc in whitelist
538 log.debug('loc:%s is in API whitelist:%s:%s' % (loc, whitelist,
539 api_access_whitelist))
535 540 #check IP
536 541 ip_access_ok = True
537 542 if not user.ip_allowed:
@@ -541,7 +546,7 b' class LoginRequired(object):'
541 546 ip_access_ok = False
542 547
543 548 api_access_ok = False
544 if self.api_access:
549 if self.api_access or api_access_whitelist:
545 550 log.debug('Checking API KEY access for %s' % cls)
546 551 if user.api_key == request.GET.get('api_key'):
547 552 api_access_ok = True
General Comments 0
You need to be logged in to leave comments. Login now