ShinobiSystems
/
Shinobi
mirror of https://gitlab.com/Shinobi-Systems/Shinobi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix API Permissions for Session Key

rkmpp-v4l2m2m-decode
Moe 2022-11-28 15:54:27 -08:00
parent f621e85f34
commit 83d9a52a94
2 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
libs/auth.js
View File

@ -99,12 +99,13 @@ module.exports = function(s,config,lang){
}else{ }else{
getUserBySessionKey(params,function(err,user){ getUserBySessionKey(params,function(err,user){
if(user){ if(user){
isSessionKey = true createSession(user,{
createSession(apiKey,{ auth: params.auth,
details: JSON.parse(user.details), details: JSON.parse(user.details),
isSessionKey: true,
permissions: {} permissions: {}
}) })
callback(err,user,isSessionKey) callback(err,user,true)
} }
}) })
} }
@ -122,7 +123,7 @@ module.exports = function(s,config,lang){
} }
user.details = s.parseJSON(user.details) user.details = s.parseJSON(user.details)
user.permissions = {} user.permissions = {}
s.api[generatedId] = Object.assign(user,additionalData) s.api[generatedId] = Object.assign({},user,additionalData)
return generatedId return generatedId
} }
} }
@ -204,9 +205,9 @@ module.exports = function(s,config,lang){
}) })
}else if(params.auth && params.ke){ }else if(params.auth && params.ke){
loginWithApiKey(params,function(err,user,isSessionKey){ loginWithApiKey(params,function(err,user,isSessionKey){
if(isSessionKey)resetActiveSessionTimer(user) if(isSessionKey)resetActiveSessionTimer(s.api[params.auth])
if(user){ if(user){
onSuccess(user) onSuccess(s.api[params.auth])
}else{ }else{
onFail() onFail()
} }

5
libs/monitor.js
View File

@ -1839,6 +1839,7 @@ module.exports = function(s,config,lang){
// provide "user" object given from "s.auth" // provide "user" object given from "s.auth"
const isSubAccount = !!user.details.sub const isSubAccount = !!user.details.sub
const isApiKey = !user.login_type; const isApiKey = !user.login_type;
const isSessionKey = user.isSessionKey;
const response = { const response = {
isSubAccount, isSubAccount,
hasAllPermissions: isSubAccount && user.details.allmonitors === '1', hasAllPermissions: isSubAccount && user.details.allmonitors === '1',
@ -1859,8 +1860,8 @@ module.exports = function(s,config,lang){
'watch_videos', 'watch_videos',
'delete_videos', 'delete_videos',
].forEach((key) => { ].forEach((key) => {
const permissionOff = isApiKey && permissions[key] !== '1'; const permissionOff = !isSessionKey && isApiKey && permissions[key] !== '1';
response.apiKeyPermissions[key] = permissions[key] === '1'; response.apiKeyPermissions[key] = isSessionKey || permissions[key] === '1';
response.apiKeyPermissions[`${key}_disallowed`] = permissionOff; response.apiKeyPermissions[`${key}_disallowed`] = permissionOff;
response.isRestrictedApiKey = response.isRestrictedApiKey || permissionOff; response.isRestrictedApiKey = response.isRestrictedApiKey || permissionOff;
}); });