add config option for api keys
This commit is contained in:
@@ -71,6 +71,7 @@
|
|||||||
"meme_creator": true,
|
"meme_creator": true,
|
||||||
"enable_cleanup": false,
|
"enable_cleanup": false,
|
||||||
"enable_data_export": true,
|
"enable_data_export": true,
|
||||||
|
"enable_user_api_keys": true,
|
||||||
"cleanup_timeframe_days": 30,
|
"cleanup_timeframe_days": 30,
|
||||||
"web_url_upload": true,
|
"web_url_upload": true,
|
||||||
"enable_youtube_upload": true,
|
"enable_youtube_upload": true,
|
||||||
|
|||||||
@@ -732,6 +732,9 @@ export default router => {
|
|||||||
// GET /api/v2/settings/api-key
|
// GET /api/v2/settings/api-key
|
||||||
// Returns whether the user has an API key, when it was created, and the last 8 chars (masked preview).
|
// Returns whether the user has an API key, when it was created, and the last 8 chars (masked preview).
|
||||||
group.get(/\/api-key$/, lib.loggedin, async (req, res) => {
|
group.get(/\/api-key$/, lib.loggedin, async (req, res) => {
|
||||||
|
if (cfg.websrv.enable_user_api_keys === false) {
|
||||||
|
return res.json({ success: false, msg: 'API keys are disabled' }, 403);
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
const row = (await db`
|
const row = (await db`
|
||||||
SELECT api_key, created_at
|
SELECT api_key, created_at
|
||||||
@@ -759,6 +762,9 @@ export default router => {
|
|||||||
// POST /api/v2/settings/api-key/regenerate
|
// POST /api/v2/settings/api-key/regenerate
|
||||||
// Generates a new key (or replaces an existing one). Returns the full key — only shown once.
|
// Generates a new key (or replaces an existing one). Returns the full key — only shown once.
|
||||||
group.post(/\/api-key\/regenerate$/, lib.loggedin, async (req, res) => {
|
group.post(/\/api-key\/regenerate$/, lib.loggedin, async (req, res) => {
|
||||||
|
if (cfg.websrv.enable_user_api_keys === false) {
|
||||||
|
return res.json({ success: false, msg: 'API keys are disabled' }, 403);
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
const newKey = crypto.randomBytes(32).toString('hex');
|
const newKey = crypto.randomBytes(32).toString('hex');
|
||||||
|
|
||||||
@@ -784,6 +790,9 @@ export default router => {
|
|||||||
// DELETE /api/v2/settings/api-key
|
// DELETE /api/v2/settings/api-key
|
||||||
// Revokes (deletes) the user's API key.
|
// Revokes (deletes) the user's API key.
|
||||||
group.delete(/\/api-key$/, lib.loggedin, async (req, res) => {
|
group.delete(/\/api-key$/, lib.loggedin, async (req, res) => {
|
||||||
|
if (cfg.websrv.enable_user_api_keys === false) {
|
||||||
|
return res.json({ success: false, msg: 'API keys are disabled' }, 403);
|
||||||
|
}
|
||||||
try {
|
try {
|
||||||
const result = await db`
|
const result = await db`
|
||||||
DELETE FROM user_api_keys
|
DELETE FROM user_api_keys
|
||||||
|
|||||||
@@ -50,6 +50,7 @@ export default (router, tpl) => {
|
|||||||
joined: user?.created_at || null,
|
joined: user?.created_at || null,
|
||||||
enable_swf: cfg.enable_swf,
|
enable_swf: cfg.enable_swf,
|
||||||
enable_data_export: cfg.websrv.enable_data_export,
|
enable_data_export: cfg.websrv.enable_data_export,
|
||||||
|
enable_user_api_keys: cfg.websrv.enable_user_api_keys !== false,
|
||||||
site_domain: cfg.main.url.domain,
|
site_domain: cfg.main.url.domain,
|
||||||
session: (req.session && req.session.user) ? { ...req.session } : false,
|
session: (req.session && req.session.user) ? { ...req.session } : false,
|
||||||
page_meta: {
|
page_meta: {
|
||||||
|
|||||||
@@ -38,7 +38,7 @@ export const handleUpload = async (req, res, self) => {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Fallback: authenticate via X-Api-Key header (upload-only; no CSRF required)
|
// Fallback: authenticate via X-Api-Key header (upload-only; no CSRF required)
|
||||||
if (!req.session && req.headers['x-api-key']) {
|
if (!req.session && req.headers['x-api-key'] && cfg.websrv.enable_user_api_keys !== false) {
|
||||||
const key = req.headers['x-api-key'];
|
const key = req.headers['x-api-key'];
|
||||||
try {
|
try {
|
||||||
const rows = await db`
|
const rows = await db`
|
||||||
@@ -108,7 +108,7 @@ export const handleUpload = async (req, res, self) => {
|
|||||||
|
|
||||||
const is_oc = (parts.is_oc === 'true' || parts.is_oc === '1');
|
const is_oc = (parts.is_oc === 'true' || parts.is_oc === '1');
|
||||||
|
|
||||||
const is_shitpost = (parts.is_shitpost === 'true' || parts.is_shitpost === '1');
|
const is_shitpost = (parts.is_shitpost === 'true' || parts.is_shitpost === '1') || cfg.websrv.shitpost_mode === true;
|
||||||
|
|
||||||
const maxLen = cfg.main.comment_max_length;
|
const maxLen = cfg.main.comment_max_length;
|
||||||
if (comment && maxLen !== null && maxLen !== undefined && comment.length > maxLen) {
|
if (comment && maxLen !== null && maxLen !== undefined && comment.length > maxLen) {
|
||||||
|
|||||||
@@ -407,6 +407,7 @@
|
|||||||
</div>
|
</div>
|
||||||
@endif
|
@endif
|
||||||
|
|
||||||
|
@if(enable_user_api_keys)
|
||||||
<h2>Upload API Key</h2>
|
<h2>Upload API Key</h2>
|
||||||
<div id="api-key-section" class="account-settings-wrapper"
|
<div id="api-key-section" class="account-settings-wrapper"
|
||||||
style="background: rgba(0,0,0,0.1); padding: 20px; border-radius: 4px; border: 1px solid var(--nav-border-color); margin-bottom: 30px;">
|
style="background: rgba(0,0,0,0.1); padding: 20px; border-radius: 4px; border: 1px solid var(--nav-border-color); margin-bottom: 30px;">
|
||||||
@@ -438,6 +439,7 @@
|
|||||||
</div>
|
</div>
|
||||||
<div id="api-key-action-status" class="avatar-status" style="margin-top: 10px;"></div>
|
<div id="api-key-action-status" class="avatar-status" style="margin-top: 10px;"></div>
|
||||||
</div>
|
</div>
|
||||||
|
@endif
|
||||||
|
|
||||||
<style>
|
<style>
|
||||||
@keyframes exportDotBounce {
|
@keyframes exportDotBounce {
|
||||||
|
|||||||
Reference in New Issue
Block a user