diff options
Diffstat (limited to 'lib/api/api.go')
-rw-r--r-- | lib/api/api.go | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/lib/api/api.go b/lib/api/api.go index c316310c8..b96fc14ee 100644 --- a/lib/api/api.go +++ b/lib/api/api.go @@ -91,6 +91,7 @@ type service struct { startupErr error listenerAddr net.Addr exitChan chan *svcutil.FatalErr + miscDB *db.NamespacedKV guiErrors logger.Recorder systemLog logger.Recorder @@ -104,7 +105,7 @@ type Service interface { WaitForStart() error } -func New(id protocol.DeviceID, cfg config.Wrapper, assetDir, tlsDefaultCommonName string, m model.Model, defaultSub, diskSub events.BufferedSubscription, evLogger events.Logger, discoverer discover.Manager, connectionsService connections.Service, urService *ur.Service, fss model.FolderSummaryService, errors, systemLog logger.Recorder, noUpgrade bool) Service { +func New(id protocol.DeviceID, cfg config.Wrapper, assetDir, tlsDefaultCommonName string, m model.Model, defaultSub, diskSub events.BufferedSubscription, evLogger events.Logger, discoverer discover.Manager, connectionsService connections.Service, urService *ur.Service, fss model.FolderSummaryService, errors, systemLog logger.Recorder, noUpgrade bool, miscDB *db.NamespacedKV) Service { return &service{ id: id, cfg: cfg, @@ -127,6 +128,7 @@ func New(id protocol.DeviceID, cfg config.Wrapper, assetDir, tlsDefaultCommonNam configChanged: make(chan struct{}), startedOnce: make(chan struct{}), exitChan: make(chan *svcutil.FatalErr, 1), + miscDB: miscDB, } } @@ -364,7 +366,7 @@ func (s *service) Serve(ctx context.Context) error { // Wrap everything in CSRF protection. The /rest prefix should be // protected, other requests will grant cookies. - var handler http.Handler = newCsrfManager(s.id.Short().String(), "/rest", guiCfg, mux, locations.Get(locations.CsrfTokens)) + var handler http.Handler = newCsrfManager(s.id.Short().String(), "/rest", guiCfg, mux, s.miscDB) // Add our version and ID as a header to responses handler = withDetailsMiddleware(s.id, handler) @@ -372,12 +374,13 @@ func (s *service) Serve(ctx context.Context) error { // Wrap everything in basic auth, if user/password is set. if guiCfg.IsAuthEnabled() { sessionCookieName := "sessionid-" + s.id.Short().String() - handler = basicAuthAndSessionMiddleware(sessionCookieName, s.id.Short().String(), guiCfg, s.cfg.LDAP(), handler, s.evLogger) - handlePasswordAuth := passwordAuthHandler(sessionCookieName, guiCfg, s.cfg.LDAP(), s.evLogger) - restMux.Handler(http.MethodPost, "/rest/noauth/auth/password", handlePasswordAuth) + authMW := newBasicAuthAndSessionMiddleware(sessionCookieName, s.id.Short().String(), guiCfg, s.cfg.LDAP(), handler, s.evLogger, s.miscDB) + handler = authMW + + restMux.Handler(http.MethodPost, "/rest/noauth/auth/password", http.HandlerFunc(authMW.passwordAuthHandler)) // Logout is a no-op without a valid session cookie, so /noauth/ is fine here - restMux.Handler(http.MethodPost, "/rest/noauth/auth/logout", handleLogout(sessionCookieName)) + restMux.Handler(http.MethodPost, "/rest/noauth/auth/logout", http.HandlerFunc(authMW.handleLogout)) } // Redirect to HTTPS if we are supposed to |