From c63791c7ffacb7c6cfc685e2654ffe66f0a6b185 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Sun, 20 Mar 2016 01:13:24 -0700
Subject: api tokens: allow for special api tokens that work like session
 tokens but are configured in the static config, to be used for infrastructure
 monitoring.

---
 config/defaults.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'config')

diff --git a/config/defaults.yml b/config/defaults.yml
index 906b446..84ee4c9 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -117,6 +117,9 @@ development:
   <<: *common
   <<: *service_levels
   admins: [blue, red, staff]
+  api_tokens:
+    test: nil
+    admin: nil
   domain: example.org
   secret_token: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
   reraise_errors: true
@@ -128,6 +131,9 @@ test:
   <<: *common
   <<: *service_levels
   admins: [admin, admin2]
+  api_tokens:
+    test: "212da28a59dcaca487365309dc93aa09"
+    admin: nil
   domain: test.me
   secret_token: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
   reraise_errors: true
@@ -142,6 +148,9 @@ production:
   <<: *cert_options
   <<: *common
   admins: []
+  api_tokens:
+    test: nil
+    admin: nil
   domain: example.net
   engines:
     - support
-- 
cgit v1.2.3


From 67b5aa4198e0f6ab2cd29767aedcb4bf5b5dc4d9 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Mon, 28 Mar 2016 15:52:21 -0700
Subject: api tokens - clarify terms: "monitors" are admins that authenticated
 via api token, "tmp" users are users that exist only in tmp db, "test" users
 are either tmp users or users named "test_user_x"

---
 config/defaults.yml | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'config')

diff --git a/config/defaults.yml b/config/defaults.yml
index 84ee4c9..844adaa 100644
--- a/config/defaults.yml
+++ b/config/defaults.yml
@@ -118,7 +118,7 @@ development:
   <<: *service_levels
   admins: [blue, red, staff]
   api_tokens:
-    test: nil
+    monitor: nil
     admin: nil
   domain: example.org
   secret_token: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
@@ -132,8 +132,10 @@ test:
   <<: *service_levels
   admins: [admin, admin2]
   api_tokens:
-    test: "212da28a59dcaca487365309dc93aa09"
+    monitor: "212da28a59dcaca487365309dc93aa09"
     admin: nil
+    allowed_ips:
+      - 0.0.0.0
   domain: test.me
   secret_token: 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
   reraise_errors: true
@@ -149,7 +151,7 @@ production:
   <<: *common
   admins: []
   api_tokens:
-    test: nil
+    monitor: nil
     admin: nil
   domain: example.net
   engines:
-- 
cgit v1.2.3


From e072ac2fa8bc93ed782df1ff95130f4794f9640f Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Mon, 28 Mar 2016 15:55:19 -0700
Subject: api: added allow ability to limit what IPs can access api using a
 static configured auth token.

---
 config/routes.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/routes.rb b/config/routes.rb
index da6edce..c455dd7 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -30,12 +30,13 @@ LeapWeb::Application.routes.draw do
     resources :sessions, :only => [:new, :create, :update],
       :constraints => { :id => /[^\/]+(?=\.json\z)|[^\/]+/ }
     delete "logout" => "sessions#destroy", :as => "logout"
-    resources :users, :only => [:create, :update, :destroy, :index]
+    resources :users, :only => [:create, :update, :destroy, :index, :show]
     resources :messages, :only => [:index, :update]
     resource :cert, :only => [:show, :create]
     resource :smtp_cert, :only => [:create]
     resource :service, :only => [:show]
     resources :configs, :only => [:index, :show]
+    resources :identities, :only => [:show]
   end
 
   scope "(:locale)", :locale => CommonLanguages.match_available do
-- 
cgit v1.2.3


From bd5ffce445fd91eac32ac1309297e7e3cf05ead8 Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Wed, 30 Mar 2016 15:38:50 -0700
Subject: api: added json error pages, allow "." in the :id param of all api
 routes

---
 config/routes.rb | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

(limited to 'config')

diff --git a/config/routes.rb b/config/routes.rb
index c455dd7..e370aa4 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -26,9 +26,10 @@ LeapWeb::Application.routes.draw do
 
   namespace "api", { module: "v1",
       path: "/1/",
-      defaults: {format: 'json'} } do
-    resources :sessions, :only => [:new, :create, :update],
+      defaults: {format: 'json'},
       :constraints => { :id => /[^\/]+(?=\.json\z)|[^\/]+/ }
+      } do
+    resources :sessions, :only => [:new, :create, :update]
     delete "logout" => "sessions#destroy", :as => "logout"
     resources :users, :only => [:create, :update, :destroy, :index, :show]
     resources :messages, :only => [:index, :update]
-- 
cgit v1.2.3