Skip to content

Commit edce598

Browse files
NihlusNihlus
committed
Add authentication to sensitive tag endpoints.
1 parent e48103a commit edce598

File tree

1 file changed

+27
-1
lines changed

1 file changed

+27
-1
lines changed

daemon/src/api/v1/tag.rs

Lines changed: 27 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,10 @@
1+
use crate::api::v1::util::auth;
2+
use crate::config::Config;
13
use crate::db::Pool;
24
use crate::models::{NewSourcePackageTagRule, NewTag};
35
use crate::schema::{tag_rules, tags};
46
use crate::web;
5-
use actix_web::{delete, get, post, HttpResponse, Responder};
7+
use actix_web::{delete, get, post, HttpRequest, HttpResponse, Responder};
68
use diesel::{delete, ExpressionMethods};
79
use diesel::{QueryDsl, RunQueryDsl};
810
use rebuilderd_common::api::v1::{CreateTagRequest, CreateTagRuleRequest, TagRule};
@@ -22,9 +24,15 @@ pub async fn get_tags(pool: web::Data<Pool>) -> web::Result<impl Responder> {
2224

2325
#[post("")]
2426
pub async fn create_tag(
27+
req: HttpRequest,
28+
cfg: web::Data<Config>,
2529
pool: web::Data<Pool>,
2630
request: web::Json<CreateTagRequest>,
2731
) -> web::Result<impl Responder> {
32+
if auth::admin(&cfg, &req).is_err() {
33+
return Ok(HttpResponse::Forbidden().finish());
34+
}
35+
2836
let mut connection = pool.get().map_err(Error::from)?;
2937

3038
let tag = NewTag {
@@ -37,9 +45,15 @@ pub async fn create_tag(
3745

3846
#[delete("/{tag}")]
3947
pub async fn delete_tag(
48+
req: HttpRequest,
49+
cfg: web::Data<Config>,
4050
pool: web::Data<Pool>,
4151
tag: web::Path<String>,
4252
) -> web::Result<impl Responder> {
53+
if auth::admin(&cfg, &req).is_err() {
54+
return Ok(HttpResponse::Forbidden().finish());
55+
}
56+
4357
let mut connection = pool.get().map_err(Error::from)?;
4458

4559
delete(tags::table.filter(tags::tag.eq(tag.into_inner())))
@@ -72,10 +86,16 @@ pub async fn get_tag_rules(
7286

7387
#[post("/{tag}")]
7488
pub async fn create_tag_rule(
89+
req: HttpRequest,
90+
cfg: web::Data<Config>,
7591
pool: web::Data<Pool>,
7692
tag: web::Path<String>,
7793
request: web::Json<CreateTagRuleRequest>,
7894
) -> web::Result<impl Responder> {
95+
if auth::admin(&cfg, &req).is_err() {
96+
return Ok(HttpResponse::Forbidden().finish());
97+
}
98+
7999
let mut connection = pool.get().map_err(Error::from)?;
80100

81101
let tag_id = tags::table
@@ -96,9 +116,15 @@ pub async fn create_tag_rule(
96116

97117
#[delete("/{tag}/{id}")]
98118
pub async fn delete_tag_rule(
119+
req: HttpRequest,
120+
cfg: web::Data<Config>,
99121
pool: web::Data<Pool>,
100122
parameters: web::Path<(String, i32)>,
101123
) -> web::Result<impl Responder> {
124+
if auth::admin(&cfg, &req).is_err() {
125+
return Ok(HttpResponse::Forbidden().finish());
126+
}
127+
102128
let mut connection = pool.get().map_err(Error::from)?;
103129
let (tag, tag_rule_id) = parameters.into_inner();
104130

0 commit comments

Comments
 (0)