Mercurial > kallithea
changeset 3751:78c7e8efe658 beta
new feature: API access white list definition from .ini files
author | Marcin Kuzminski <marcin@python-works.com> |
---|---|
date | Mon, 15 Apr 2013 01:46:32 +0200 |
parents | 244f184f5fc3 |
children | 1e5bb8ed77d6 |
files | development.ini production.ini rhodecode/config/deployment.ini_tmpl rhodecode/lib/auth.py |
diffstat | 4 files changed, 26 insertions(+), 3 deletions(-) [+] |
line wrap: on
line diff
--- a/development.ini Mon Apr 15 01:01:47 2013 +0200 +++ b/development.ini Mon Apr 15 01:46:32 2013 +0200 @@ -111,6 +111,12 @@ show_sha_length = 12 show_revision_number = true +## white list of API enabled controllers. This allows to add list of +## controllers to which access will be enabled by api_key. eg: to enable +## api access to raw_files put `FilesController:raw`, to enable access to patches +## add `ChangesetController:changeset_patch`. This list should be "," separated +## Syntax is <ControllerClass>:<function>. Check debug logs for generated names +api_access_controllers_whitelist = ## alternative_gravatar_url allows you to use your own avatar server application ## the following parts of the URL will be replaced
--- a/production.ini Mon Apr 15 01:01:47 2013 +0200 +++ b/production.ini Mon Apr 15 01:46:32 2013 +0200 @@ -111,6 +111,12 @@ show_sha_length = 12 show_revision_number = true +## white list of API enabled controllers. This allows to add list of +## controllers to which access will be enabled by api_key. eg: to enable +## api access to raw_files put `FilesController:raw`, to enable access to patches +## add `ChangesetController:changeset_patch`. This list should be "," separated +## Syntax is <ControllerClass>:<function>. Check debug logs for generated names +api_access_controllers_whitelist = ## alternative_gravatar_url allows you to use your own avatar server application ## the following parts of the URL will be replaced
--- a/rhodecode/config/deployment.ini_tmpl Mon Apr 15 01:01:47 2013 +0200 +++ b/rhodecode/config/deployment.ini_tmpl Mon Apr 15 01:46:32 2013 +0200 @@ -111,6 +111,12 @@ show_sha_length = 12 show_revision_number = true +## white list of API enabled controllers. This allows to add list of +## controllers to which access will be enabled by api_key. eg: to enable +## api access to raw_files put `FilesController:raw`, to enable access to patches +## add `ChangesetController:changeset_patch`. This list should be "," separated +## Syntax is <ControllerClass>:<function>. Check debug logs for generated names +api_access_controllers_whitelist = ## alternative_gravatar_url allows you to use your own avatar server application ## the following parts of the URL will be replaced
--- a/rhodecode/lib/auth.py Mon Apr 15 01:01:47 2013 +0200 +++ b/rhodecode/lib/auth.py Mon Apr 15 01:46:32 2013 +0200 @@ -39,7 +39,7 @@ from rhodecode import __platform__, is_windows, is_unix from rhodecode.model.meta import Session -from rhodecode.lib.utils2 import str2bool, safe_unicode +from rhodecode.lib.utils2 import str2bool, safe_unicode, aslist from rhodecode.lib.exceptions import LdapPasswordError, LdapUsernameError,\ LdapImportError from rhodecode.lib.utils import get_repo_slug, get_repos_group_slug,\ @@ -531,7 +531,12 @@ cls = fargs[0] user = cls.rhodecode_user loc = "%s:%s" % (cls.__class__.__name__, func.__name__) - + # defined whitelist of controllers which API access will be enabled + whitelist = aslist(config.get('api_access_controllers_whitelist'), + sep=',') + api_access_whitelist = loc in whitelist + log.debug('loc:%s is in API whitelist:%s:%s' % (loc, whitelist, + api_access_whitelist)) #check IP ip_access_ok = True if not user.ip_allowed: @@ -541,7 +546,7 @@ ip_access_ok = False api_access_ok = False - if self.api_access: + if self.api_access or api_access_whitelist: log.debug('Checking API KEY access for %s' % cls) if user.api_key == request.GET.get('api_key'): api_access_ok = True