feat(api tokens): check permissions when saving

2023-09-01 08:52:57 +02:00
parent e4c71123ef
commit e3dac16398
4 changed files with 85 additions and 10 deletions
--- a/pkg/routes/routes.go
+++ b/pkg/routes/routes.go
@ -204,7 +204,7 @@ func RegisterRoutes(e *echo.Echo) {
 	// API Routes
 	a := e.Group("/api/v1")
 	e.OnAddRouteHandler = func(host string, route echo.Route, handler echo.HandlerFunc, middleware []echo.MiddlewareFunc) {
-		collectRoutesForAPITokenUsage(route)
+		models.CollectRoutesForAPITokenUsage(route)
 	}
 	registerAPIRoutes(a)
 }
@ -316,7 +316,7 @@ func registerAPIRoutes(a *echo.Group) {
 				return echo.NewHTTPError(http.StatusUnauthorized)
 			}

-			if !CanDoAPIRoute(c, token) {
+			if !models.CanDoAPIRoute(c, token) {
 				return echo.NewHTTPError(http.StatusUnauthorized)
 			}

@ -333,7 +333,7 @@ func registerAPIRoutes(a *echo.Group) {
 	setupMetricsMiddleware(a)

 	a.POST("/tokenTest", apiv1.CheckToken)
-	a.GET("/routes", GetAvailableAPIRoutesForToken)
+	a.GET("/routes", models.GetAvailableAPIRoutesForToken)

 	// User stuff
 	u := a.Group("/user")