add config option for api keys
This commit is contained in:
@@ -732,6 +732,9 @@ export default router => {
|
||||
// GET /api/v2/settings/api-key
|
||||
// Returns whether the user has an API key, when it was created, and the last 8 chars (masked preview).
|
||||
group.get(/\/api-key$/, lib.loggedin, async (req, res) => {
|
||||
if (cfg.websrv.enable_user_api_keys === false) {
|
||||
return res.json({ success: false, msg: 'API keys are disabled' }, 403);
|
||||
}
|
||||
try {
|
||||
const row = (await db`
|
||||
SELECT api_key, created_at
|
||||
@@ -759,6 +762,9 @@ export default router => {
|
||||
// POST /api/v2/settings/api-key/regenerate
|
||||
// Generates a new key (or replaces an existing one). Returns the full key — only shown once.
|
||||
group.post(/\/api-key\/regenerate$/, lib.loggedin, async (req, res) => {
|
||||
if (cfg.websrv.enable_user_api_keys === false) {
|
||||
return res.json({ success: false, msg: 'API keys are disabled' }, 403);
|
||||
}
|
||||
try {
|
||||
const newKey = crypto.randomBytes(32).toString('hex');
|
||||
|
||||
@@ -784,6 +790,9 @@ export default router => {
|
||||
// DELETE /api/v2/settings/api-key
|
||||
// Revokes (deletes) the user's API key.
|
||||
group.delete(/\/api-key$/, lib.loggedin, async (req, res) => {
|
||||
if (cfg.websrv.enable_user_api_keys === false) {
|
||||
return res.json({ success: false, msg: 'API keys are disabled' }, 403);
|
||||
}
|
||||
try {
|
||||
const result = await db`
|
||||
DELETE FROM user_api_keys
|
||||
|
||||
@@ -50,6 +50,7 @@ export default (router, tpl) => {
|
||||
joined: user?.created_at || null,
|
||||
enable_swf: cfg.enable_swf,
|
||||
enable_data_export: cfg.websrv.enable_data_export,
|
||||
enable_user_api_keys: cfg.websrv.enable_user_api_keys !== false,
|
||||
site_domain: cfg.main.url.domain,
|
||||
session: (req.session && req.session.user) ? { ...req.session } : false,
|
||||
page_meta: {
|
||||
|
||||
@@ -38,7 +38,7 @@ export const handleUpload = async (req, res, self) => {
|
||||
}
|
||||
|
||||
// Fallback: authenticate via X-Api-Key header (upload-only; no CSRF required)
|
||||
if (!req.session && req.headers['x-api-key']) {
|
||||
if (!req.session && req.headers['x-api-key'] && cfg.websrv.enable_user_api_keys !== false) {
|
||||
const key = req.headers['x-api-key'];
|
||||
try {
|
||||
const rows = await db`
|
||||
@@ -108,7 +108,7 @@ export const handleUpload = async (req, res, self) => {
|
||||
|
||||
const is_oc = (parts.is_oc === 'true' || parts.is_oc === '1');
|
||||
|
||||
const is_shitpost = (parts.is_shitpost === 'true' || parts.is_shitpost === '1');
|
||||
const is_shitpost = (parts.is_shitpost === 'true' || parts.is_shitpost === '1') || cfg.websrv.shitpost_mode === true;
|
||||
|
||||
const maxLen = cfg.main.comment_max_length;
|
||||
if (comment && maxLen !== null && maxLen !== undefined && comment.length > maxLen) {
|
||||
|
||||
Reference in New Issue
Block a user