vikarti.anatra/safing-portbase
1
0
Fork 0
mirror of https://github.com/safing/portbase synced 2025-09-04 03:29:59 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add support for API token expiration

Browse source
This commit is contained in:
Patrick Pacher 2022-07-13 00:26:19 +02:00
parent 5007ced908
commit 4c6b834ae5
No known key found for this signature in database
GPG key ID: E8CD2DA160925A6D
1 changed files with 19 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
api/authentication.go
View file

@ -83,8 +83,9 @@ type AuthenticatorFunc func(r *http.Request, s *http.Server) (*AuthToken, error)
// later. Functions may be called at any time. // later. Functions may be called at any time.
// The Write permission implicitly also includes reading. // The Write permission implicitly also includes reading.
type AuthToken struct { type AuthToken struct {
Read Permission Read Permission
Write Permission Write Permission
ValidUntil *time.Time
} }
type session struct { type session struct {
@ -340,6 +341,12 @@ func checkAPIKey(r *http.Request) *AuthToken {
return nil return nil
} }
// Abort if the token is expired.
if token.ValidUntil != nil && time.Now().After(*token.ValidUntil) {
log.Tracer(r.Context()).Warningf("api: denying api access from %s using expired token", r.RemoteAddr)
return nil
}
return token return token
} }
@ -389,6 +396,16 @@ func updateAPIKeys(_ context.Context, _ interface{}) error {
} }
token.Write = writePermission token.Write = writePermission
expireStr := q.Get("expires")
if expireStr != "" {
validUntil, err := time.Parse(time.RFC3339, expireStr)
if err != nil {
log.Errorf("api: invalid API key %s: %s", key, err)
continue
}
token.ValidUntil = &validUntil
}
// Save token. // Save token.
apiKeys[u.Path] = token apiKeys[u.Path] = token
} }