diff options
| author | Kali Kaneko (leap communications) <kali@leap.se> | 2017-02-23 00:35:33 +0100 |
|---|---|---|
| committer | Kali Kaneko (leap communications) <kali@leap.se> | 2017-02-24 16:20:52 +0100 |
| commit | e3999c4906348dadcc85eec1df9a48e776deccd5 (patch) | |
| tree | 7f8156ba80f367df22c4e823c301360706e06e8d /src/leap/bitmask/core/web/api.py | |
| parent | 6b3ea883a62d40f8e2d68ce95bbefa2ac64b95de (diff) | |
[feature] require authentication token for api
implements a global auth token for the app.
this token is written to .config/leap/authtoken, and passed to the
anchor part of the landing URI when opening the index resource by the
browser.
- Resolves: #8765
Diffstat (limited to 'src/leap/bitmask/core/web/api.py')
| -rw-r--r-- | src/leap/bitmask/core/web/api.py | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/src/leap/bitmask/core/web/api.py b/src/leap/bitmask/core/web/api.py index d31afa50..01c65bae 100644 --- a/src/leap/bitmask/core/web/api.py +++ b/src/leap/bitmask/core/web/api.py @@ -11,11 +11,20 @@ class Api(Resource): isLeaf = True - def __init__(self, dispatcher): + def __init__(self, dispatcher, global_tokens): Resource.__init__(self) self.dispatcher = dispatcher + self.global_tokens = global_tokens def render_POST(self, request): + token = request.getHeader('x-bitmask-auth') + if not token: + request.setResponseCode(401) + return 'unauthorized: no app token' + elif token.strip() not in self.global_tokens: + request.setResponseCode(401) + return 'unauthorized: bad app token' + command = request.uri.split('/')[2:] params = request.content.getvalue() if params: |