themaster1970sf/TShock
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages Wiki Activity Actions

Added Application tokens that can never be deleted, and are loaded either by the command line arg, or the list in the config file. Other plugins can easily add their own tokens into the dictionary as well, however, I believe the config file approach works best for transparency to the user.

Browse source 
Currently, this is an extremely complex looking field in the config file now.  I don't think we should add a placeholder tho as servers wouldn't realize they had a rest token there.  Perhaps when we do a dump of the config file, someone can add the format for this field.

Closes #520
This commit is contained in:
Zack Piispanen 2013-09-17 18:44:58 -04:00
parent d53bb4b59c
commit ef584c62d7
2 changed files with 14 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

11
TShockAPI/Rest/SecureRest.cs
View file

@ -37,11 +37,13 @@ namespace Rests
}
public Dictionary<string,TokenData> Tokens { get; protected set; }
public Dictionary<string, TokenData> AppTokens { get; protected set; }
public SecureRest(IPAddress ip, int port)
: base(ip, port)
{
Tokens = new Dictionary<string, TokenData>();
AppTokens = new Dictionary<string, TokenData>();
Register(new RestCommand("/token/create/{username}/{password}", NewToken) { DoLog = false });
Register(new RestCommand("/v2/token/create/{password}", NewTokenV2) { DoLog = false });
@ -50,9 +52,14 @@ namespace Rests
foreach (KeyValuePair<string, TokenData> t in TShockAPI.TShock.RESTStartupTokens)
{
Tokens.Add(t.Key, t.Value);
AppTokens.Add(t.Key, t.Value);
}
foreach (KeyValuePair<string, TokenData> t in TShock.Config.ApplicationRestTokens)
{
AppTokens.Add(t.Key, t.Value);
}
// TODO: Get rid of this when the old REST permission model is removed.
if (TShock.Config.RestApiEnabled && !TShock.Config.RestUseNewPermissionModel)
{
@ -163,7 +170,7 @@ namespace Rests
SecureRestCommand secureCmd = (SecureRestCommand)cmd;
TokenData tokenData;
if (!Tokens.TryGetValue(token, out tokenData))
if (!Tokens.TryGetValue(token, out tokenData) && !AppTokens.TryGetValue(token, out tokenData))
return new RestObject("403")
{ Error = "Not authorized. The specified API endpoint requires a token, but the provided token was not valid." };