Allow access to /features endpoint without login

This commit is contained in:
Tulir Asokan 2019-01-07 08:13:27 +02:00
parent a9ffaed51f
commit 400c9aaebc
5 changed files with 15 additions and 8 deletions

View file

@ -19,12 +19,20 @@ import importlib
from ...config import Config
from .base import routes, get_config, set_config, set_loop
from .auth import check_token
from .middleware import auth, error
@routes.get("/features")
def features(_: web.Request) -> web.Response:
return web.json_response(get_config()["api_features"])
def features(request: web.Request) -> web.Response:
data = get_config()["api_features"]
err = check_token(request)
if err is None:
return web.json_response(data)
else:
return web.json_response({
"login": data["login"],
})
def init(cfg: Config, loop: AbstractEventLoop) -> web.Application:

View file

@ -69,4 +69,4 @@ async def ping(request: web.Request) -> web.Response:
user = data.get("user_id", None)
if not get_config().is_admin(user):
return resp.invalid_token
return resp.pong(user)
return resp.pong(user, get_config()["api_features"])

View file

@ -29,7 +29,7 @@ log = logging.getLogger("maubot.server")
@web.middleware
async def auth(request: web.Request, handler: Handler) -> web.Response:
subpath = request.path[len(get_config()["server.base_path"]):]
if subpath.startswith("/auth/") or subpath == "/logs":
if subpath.startswith("/auth/") or subpath == "/features" or subpath == "/logs":
return await handler(request)
err = check_token(request)
if err is not None:

View file

@ -294,9 +294,10 @@ class _Response:
"token": token,
})
def pong(self, user: str) -> web.Response:
def pong(self, user: str, features: dict) -> web.Response:
return self.found({
"username": user,
"features": features,
})
@staticmethod

View file

@ -64,15 +64,13 @@ export async function login(username, password) {
let features = null
export async function ping() {
if (!features) {
await remoteGetFeatures()
}
const response = await fetch(`${BASE_PATH}/auth/ping`, {
method: "POST",
headers: getHeaders(),
})
const json = await response.json()
if (json.username) {
features = json.features
return json.username
} else if (json.errcode === "auth_token_missing" || json.errcode === "auth_token_invalid") {
return null