vrr/Pulse
2
0
Fork 0
mirror of https://github.com/rcourtman/Pulse.git synced 2026-04-29 03:50:18 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Require proxy admin for token regeneration

Browse source
This commit is contained in:
rcourtman 2026-02-04 16:19:57 +00:00
parent 0867490ae0
commit a2f01f14af
2 changed files with 68 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

24
internal/api/security_setup_fix.go
View file

@ -525,6 +525,18 @@ func (r *Router) HandleRegenerateAPIToken(w http.ResponseWriter, rq *http.Reques
return
}
// Check proxy auth for admin status
if r.config.ProxyAuthSecret != "" {
if valid, username, isAdmin := CheckProxyAuth(r.config, rq); valid && !isAdmin {
log.Warn().
Str("ip", GetClientIP(rq)).
Str("username", username).
Msg("Non-admin user attempted API token regeneration")
http.Error(w, "Admin privileges required", http.StatusForbidden)
return
}
}
if !ensureSettingsWriteScope(w, rq) {
return
}
@ -643,6 +655,18 @@ func (r *Router) HandleValidateAPIToken(w http.ResponseWriter, rq *http.Request)
return
}
// Check proxy auth for admin status
if r.config.ProxyAuthSecret != "" {
if valid, username, isAdmin := CheckProxyAuth(r.config, rq); valid && !isAdmin {
log.Warn().
Str("ip", GetClientIP(rq)).
Str("username", username).
Msg("Non-admin user attempted API token validation")
http.Error(w, "Admin privileges required", http.StatusForbidden)
return
}
}
if !ensureSettingsWriteScope(w, rq) {
return
}