mirror of
https://github.com/minetest/contentdb.git
synced 2024-12-23 06:22:24 +01:00
Fix API auth crash and add more error messages
This commit is contained in:
parent
8484c0f0aa
commit
a36e233051
@ -16,6 +16,7 @@
|
|||||||
|
|
||||||
from flask import request, make_response, jsonify, abort
|
from flask import request, make_response, jsonify, abort
|
||||||
from app.models import APIToken
|
from app.models import APIToken
|
||||||
|
from .support import error
|
||||||
from functools import wraps
|
from functools import wraps
|
||||||
|
|
||||||
def is_api_authd(f):
|
def is_api_authd(f):
|
||||||
@ -29,13 +30,13 @@ def is_api_authd(f):
|
|||||||
elif value[0:7].lower() == "bearer ":
|
elif value[0:7].lower() == "bearer ":
|
||||||
access_token = value[7:]
|
access_token = value[7:]
|
||||||
if len(access_token) < 10:
|
if len(access_token) < 10:
|
||||||
abort(400)
|
error(400, "API token is too short")
|
||||||
|
|
||||||
token = APIToken.query.filter_by(access_token=access_token).first()
|
token = APIToken.query.filter_by(access_token=access_token).first()
|
||||||
if token is None:
|
if token is None:
|
||||||
abort(403)
|
error(403, "Unknown API token")
|
||||||
else:
|
else:
|
||||||
abort(403)
|
abort(403, "Unsupported authentication method")
|
||||||
|
|
||||||
return f(token=token, *args, **kwargs)
|
return f(token=token, *args, **kwargs)
|
||||||
|
|
||||||
|
@ -143,19 +143,21 @@ def markdown():
|
|||||||
@is_package_page
|
@is_package_page
|
||||||
@is_api_authd
|
@is_api_authd
|
||||||
def create_release(token, package):
|
def create_release(token, package):
|
||||||
|
if not token:
|
||||||
|
error(401, "Authentication needed")
|
||||||
|
|
||||||
if not package.checkPerm(token.owner, Permission.APPROVE_RELEASE):
|
if not package.checkPerm(token.owner, Permission.APPROVE_RELEASE):
|
||||||
return error(403, "You do not have the permission to approve releases")
|
error(403, "You do not have the permission to approve releases")
|
||||||
|
|
||||||
json = request.json
|
json = request.json
|
||||||
if json is None:
|
if json is None:
|
||||||
return error(400, "JSON post data is required")
|
error(400, "JSON post data is required")
|
||||||
|
|
||||||
for option in ["method", "title", "ref"]:
|
for option in ["method", "title", "ref"]:
|
||||||
if json.get(option) is None:
|
if json.get(option) is None:
|
||||||
return error(400, option + " is required in the POST data")
|
error(400, option + " is required in the POST data")
|
||||||
|
|
||||||
|
|
||||||
if json["method"].lower() != "git":
|
if json["method"].lower() != "git":
|
||||||
return error(400, "Release-creation methods other than git are not supported")
|
error(400, "Release-creation methods other than git are not supported")
|
||||||
|
|
||||||
return handleCreateRelease(token, package, json["title"], json["ref"])
|
return handleCreateRelease(token, package, json["title"], json["ref"])
|
||||||
|
@ -1,12 +1,12 @@
|
|||||||
from app.models import PackageRelease, db, Permission
|
from app.models import PackageRelease, db, Permission
|
||||||
from app.tasks.importtasks import makeVCSRelease
|
from app.tasks.importtasks import makeVCSRelease
|
||||||
from celery import uuid
|
from celery import uuid
|
||||||
from flask import jsonify, make_response, url_for
|
from flask import jsonify, abort, url_for
|
||||||
import datetime
|
import datetime
|
||||||
|
|
||||||
|
|
||||||
def error(status, message):
|
def error(status, message):
|
||||||
return make_response(jsonify({ "success": False, "error": message }), status)
|
abort(status, jsonify({ "success": False, "error": message }))
|
||||||
|
|
||||||
|
|
||||||
def handleCreateRelease(token, package, title, ref):
|
def handleCreateRelease(token, package, title, ref):
|
||||||
|
@ -9,6 +9,8 @@ Authentication is done using Bearer tokens:
|
|||||||
|
|
||||||
You can use the `/api/whoami` to check authentication.
|
You can use the `/api/whoami` to check authentication.
|
||||||
|
|
||||||
|
Tokens can be attained by visiting "API Tokens" on your profile page.
|
||||||
|
|
||||||
## Endpoints
|
## Endpoints
|
||||||
|
|
||||||
### Misc
|
### Misc
|
||||||
@ -16,7 +18,7 @@ You can use the `/api/whoami` to check authentication.
|
|||||||
* GET `/api/whoami/` - Json dictionary with the following keys:
|
* GET `/api/whoami/` - Json dictionary with the following keys:
|
||||||
* `is_authenticated` - True on successful API authentication
|
* `is_authenticated` - True on successful API authentication
|
||||||
* `username` - Username of the user authenticated as, null otherwise.
|
* `username` - Username of the user authenticated as, null otherwise.
|
||||||
* 403 will be thrown on unsupported authentication type, invalid access token, or other errors.
|
* 4xx status codes will be thrown on unsupported authentication type, invalid access token, or other errors.
|
||||||
|
|
||||||
### Packages
|
### Packages
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user