diff options
author | Mickael Remond <mremond@process-one.net> | 2016-03-30 14:23:09 +0200 |
---|---|---|
committer | Mickael Remond <mremond@process-one.net> | 2016-03-30 14:23:09 +0200 |
commit | ead83b008c25e2619cbc7cfbf4bde5fb46c4e677 (patch) | |
tree | 94d4484df4b3041475e3ef94466ff3cae158fa4d /src | |
parent | Support flagging so Elixir tests as pending (diff) |
HTTP ReST API now supports 'open' ejabberd commands
Diffstat (limited to '')
-rw-r--r-- | src/ejabberd_commands.erl | 12 | ||||
-rw-r--r-- | src/mod_http_api.erl | 18 |
2 files changed, 24 insertions, 6 deletions
diff --git a/src/ejabberd_commands.erl b/src/ejabberd_commands.erl index 21872aa33..57285d6c6 100644 --- a/src/ejabberd_commands.erl +++ b/src/ejabberd_commands.erl @@ -212,6 +212,7 @@ list_commands/0, get_command_format/1, get_command_format/2, + get_command_policy/1, get_command_definition/1, get_tags_commands/0, get_commands/0, @@ -338,6 +339,17 @@ get_command_format(Name, Auth) -> {Args, Result} end. +-spec get_command_policy(atom()) -> {ok, open|user|admin|restricted} | {error, command_not_found}. + +%% @doc return command policy. +get_command_policy(Name) -> + case get_command_definition(Name) of + #ejabberd_commands{policy = Policy} -> + {ok, Policy}; + command_not_found -> + {error, command_not_found} + end. + -spec get_command_definition(atom()) -> ejabberd_commands() | command_not_found. %% @doc Get the definition record of a command. diff --git a/src/mod_http_api.erl b/src/mod_http_api.erl index 15fe36364..96fa90735 100644 --- a/src/mod_http_api.erl +++ b/src/mod_http_api.erl @@ -116,7 +116,6 @@ start(_Host, _Opts) -> stop(_Host) -> ok. - %% ---------- %% basic auth %% ---------- @@ -124,12 +123,13 @@ stop(_Host) -> check_permissions(Request, Command) -> case catch binary_to_existing_atom(Command, utf8) of Call when is_atom(Call) -> - check_permissions2(Request, Call); + {ok, CommandPolicy} = ejabberd_commands:get_command_policy(Call), + check_permissions2(Request, Call, CommandPolicy); _ -> unauthorized_response() end. -check_permissions2(#request{auth = HTTPAuth, headers = Headers}, Call) +check_permissions2(#request{auth = HTTPAuth, headers = Headers}, Call, _) when HTTPAuth /= undefined -> Admin = case lists:keysearch(<<"X-Admin">>, 1, Headers) of @@ -162,7 +162,9 @@ check_permissions2(#request{auth = HTTPAuth, headers = Headers}, Call) {ok, A} -> {allowed, Call, A}; _ -> unauthorized_response() end; -check_permissions2(#request{ip={IP, _Port}}, Call) -> +check_permissions2(_Request, Call, open) -> + {allowed, Call, noauth}; +check_permissions2(#request{ip={IP, _Port}}, Call, _Policy) -> Access = gen_mod:get_module_opt(global, ?MODULE, admin_ip_access, mod_opt_type(admin_ip_access), none), @@ -207,7 +209,8 @@ process([Call], #request{method = 'POST', data = Data, ip = IP} = Req) -> {allowed, Cmd, Auth} -> {Code, Result} = handle(Cmd, Auth, Args), json_response(Code, jiffy:encode(Result)); - ErrorResponse -> %% Should we reply 403 ? + %% Warning: check_permission direcly formats 401 reply if not authorized + ErrorResponse -> ErrorResponse end catch _:Error -> @@ -225,6 +228,7 @@ process([Call], #request{method = 'GET', q = Data, ip = IP} = Req) -> {allowed, Cmd, Auth} -> {Code, Result} = handle(Cmd, Auth, Args), json_response(Code, jiffy:encode(Result)); + %% Warning: check_permission direcly formats 401 reply if not authorized ErrorResponse -> ErrorResponse end @@ -434,7 +438,9 @@ json_response(Code, Body) when is_integer(Code) -> log(Call, Args, {Addr, Port}) -> AddrS = jlib:ip_to_list({Addr, Port}), - ?INFO_MSG("API call ~s ~p from ~s:~p", [Call, Args, AddrS, Port]). + ?INFO_MSG("API call ~s ~p from ~s:~p", [Call, Args, AddrS, Port]); +log(Call, Args, IP) -> + ?INFO_MSG("API call ~s ~p (~p)", [Call, Args, IP]). mod_opt_type(admin_ip_access) -> fun(Access) when is_atom(Access) -> Access end; |