diff --git a/src/main/java/org/qortal/api/resource/AddressesResource.java b/src/main/java/org/qortal/api/resource/AddressesResource.java index 4dfa52d6..abe1960c 100644 --- a/src/main/java/org/qortal/api/resource/AddressesResource.java +++ b/src/main/java/org/qortal/api/resource/AddressesResource.java @@ -16,11 +16,7 @@ import java.util.Comparator; import java.util.List; import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.QueryParam; +import javax.ws.rs.*; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; @@ -537,7 +533,7 @@ public class AddressesResource { ) @ApiErrors({ApiError.TRANSACTION_INVALID, ApiError.INVALID_DATA, ApiError.TRANSFORMATION_ERROR, ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public String computePublicize(String rawBytes58) { + public String computePublicize(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String rawBytes58) { Security.checkApiCallAllowed(request); try (final Repository repository = RepositoryManager.getRepository()) { diff --git a/src/main/java/org/qortal/api/resource/AdminResource.java b/src/main/java/org/qortal/api/resource/AdminResource.java index d9f35550..8d00c751 100644 --- a/src/main/java/org/qortal/api/resource/AdminResource.java +++ b/src/main/java/org/qortal/api/resource/AdminResource.java @@ -27,11 +27,7 @@ import java.util.concurrent.locks.ReentrantLock; import java.util.stream.Collectors; import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.DELETE; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.Path; -import javax.ws.rs.QueryParam; +import javax.ws.rs.*; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; @@ -156,7 +152,7 @@ public class AdminResource { } ) @SecurityRequirement(name = "apiKey") - public String shutdown() { + public String shutdown(@HeaderParam(Security.API_KEY_HEADER) String apiKey) { Security.checkApiCallAllowed(request); new Thread(() -> { @@ -185,7 +181,7 @@ public class AdminResource { ) @ApiErrors({ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public ActivitySummary summary() { + public ActivitySummary summary(@HeaderParam(Security.API_KEY_HEADER) String apiKey) { Security.checkApiCallAllowed(request); ActivitySummary summary = new ActivitySummary(); @@ -231,7 +227,7 @@ public class AdminResource { } ) @SecurityRequirement(name = "apiKey") - public Controller.StatsSnapshot getEngineStats() { + public Controller.StatsSnapshot getEngineStats(@HeaderParam(Security.API_KEY_HEADER) String apiKey) { Security.checkApiCallAllowed(request); return Controller.getInstance().getStatsSnapshot(); @@ -295,7 +291,7 @@ public class AdminResource { ) @ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.REPOSITORY_ISSUE, ApiError.CANNOT_MINT}) @SecurityRequirement(name = "apiKey") - public String addMintingAccount(String seed58) { + public String addMintingAccount(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String seed58) { Security.checkApiCallAllowed(request); try (final Repository repository = RepositoryManager.getRepository()) { @@ -348,7 +344,7 @@ public class AdminResource { ) @ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public String deleteMintingAccount(String key58) { + public String deleteMintingAccount(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String key58) { Security.checkApiCallAllowed(request); try (final Repository repository = RepositoryManager.getRepository()) { @@ -448,7 +444,7 @@ public class AdminResource { ) @ApiErrors({ApiError.INVALID_HEIGHT, ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public String orphan(String targetHeightString) { + public String orphan(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String targetHeightString) { Security.checkApiCallAllowed(request); try { @@ -507,7 +503,7 @@ public class AdminResource { ) @ApiErrors({ApiError.INVALID_DATA, ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public String forceSync(String targetPeerAddress) { + public String forceSync(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String targetPeerAddress) { Security.checkApiCallAllowed(request); try { @@ -553,7 +549,7 @@ public class AdminResource { ) @ApiErrors({ApiError.INVALID_DATA, ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public String exportRepository() { + public String exportRepository(@HeaderParam(Security.API_KEY_HEADER) String apiKey) { Security.checkApiCallAllowed(request); try (final Repository repository = RepositoryManager.getRepository()) { @@ -587,7 +583,7 @@ public class AdminResource { ) @ApiErrors({ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public String importRepository(String filename) { + public String importRepository(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String filename) { Security.checkApiCallAllowed(request); // Hard-coded because it's too dangerous to allow user-supplied filenames in weaker security contexts @@ -633,7 +629,7 @@ public class AdminResource { ) @ApiErrors({ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public String checkpointRepository() { + public String checkpointRepository(@HeaderParam(Security.API_KEY_HEADER) String apiKey) { Security.checkApiCallAllowed(request); RepositoryManager.setRequestedCheckpoint(Boolean.TRUE); @@ -654,7 +650,7 @@ public class AdminResource { ) @ApiErrors({ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public String backupRepository() { + public String backupRepository(@HeaderParam(Security.API_KEY_HEADER) String apiKey) { Security.checkApiCallAllowed(request); try (final Repository repository = RepositoryManager.getRepository()) { @@ -688,7 +684,7 @@ public class AdminResource { ) @ApiErrors({ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public void performRepositoryMaintenance() { + public void performRepositoryMaintenance(@HeaderParam(Security.API_KEY_HEADER) String apiKey) { Security.checkApiCallAllowed(request); try (final Repository repository = RepositoryManager.getRepository()) { @@ -726,7 +722,7 @@ public class AdminResource { } ) @SecurityRequirement(name = "apiKey") - public String generateApiKey() { + public String generateApiKey(@HeaderParam(Security.API_KEY_HEADER) String apiKeyHeader) { ApiKey apiKey = Security.getApiKey(request); // If the API key is already generated, we need to authenticate this request @@ -758,7 +754,7 @@ public class AdminResource { } ) @SecurityRequirement(name = "apiKey") - public String testApiKey() { + public String testApiKey(@HeaderParam(Security.API_KEY_HEADER) String apiKey) { Security.checkApiCallAllowed(request); return "true"; diff --git a/src/main/java/org/qortal/api/resource/ArbitraryResource.java b/src/main/java/org/qortal/api/resource/ArbitraryResource.java index 57d39867..f1202ac1 100644 --- a/src/main/java/org/qortal/api/resource/ArbitraryResource.java +++ b/src/main/java/org/qortal/api/resource/ArbitraryResource.java @@ -339,7 +339,7 @@ public class ArbitraryResource { } ) @ApiErrors({ApiError.REPOSITORY_ISSUE}) - public boolean getRelayMode() { + public boolean getRelayMode(@HeaderParam(Security.API_KEY_HEADER) String apiKey) { Security.checkApiCallAllowed(request); return Settings.getInstance().isRelayModeEnabled(); @@ -356,7 +356,7 @@ public class ArbitraryResource { } ) @ApiErrors({ApiError.REPOSITORY_ISSUE}) - public List getHostedTransactions() { + public List getHostedTransactions(@HeaderParam(Security.API_KEY_HEADER) String apiKey) { Security.checkApiCallAllowed(request); try (final Repository repository = RepositoryManager.getRepository()) { @@ -382,6 +382,7 @@ public class ArbitraryResource { ) @ApiErrors({ApiError.REPOSITORY_ISSUE}) public List getHostedResources( + @HeaderParam(Security.API_KEY_HEADER) String apiKey, @Parameter(description = "Include status") @QueryParam("includestatus") Boolean includeStatus) { Security.checkApiCallAllowed(request); @@ -429,7 +430,8 @@ public class ArbitraryResource { } ) @SecurityRequirement(name = "apiKey") - public boolean deleteResource(@PathParam("service") Service service, + public boolean deleteResource(@HeaderParam(Security.API_KEY_HEADER) String apiKey, + @PathParam("service") Service service, @PathParam("name") String name, @PathParam("identifier") String identifier) { @@ -467,7 +469,7 @@ public class ArbitraryResource { ) @ApiErrors({ApiError.TRANSACTION_INVALID, ApiError.INVALID_DATA, ApiError.TRANSFORMATION_ERROR, ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public String computeNonce(String rawBytes58) { + public String computeNonce(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String rawBytes58) { Security.checkApiCallAllowed(request); try (final Repository repository = RepositoryManager.getRepository()) { @@ -528,7 +530,8 @@ public class ArbitraryResource { } ) @SecurityRequirement(name = "apiKey") - public HttpServletResponse get(@PathParam("service") Service service, + public HttpServletResponse get(@HeaderParam(Security.API_KEY_HEADER) String apiKey, + @PathParam("service") Service service, @PathParam("name") String name, @QueryParam("filepath") String filepath, @QueryParam("rebuild") boolean rebuild) { @@ -555,7 +558,8 @@ public class ArbitraryResource { } ) @SecurityRequirement(name = "apiKey") - public HttpServletResponse get(@PathParam("service") Service service, + public HttpServletResponse get(@HeaderParam(Security.API_KEY_HEADER) String apiKey, + @PathParam("service") Service service, @PathParam("name") String name, @PathParam("identifier") String identifier, @QueryParam("filepath") String filepath, @@ -595,7 +599,8 @@ public class ArbitraryResource { } ) @SecurityRequirement(name = "apiKey") - public String post(@PathParam("service") String serviceString, + public String post(@HeaderParam(Security.API_KEY_HEADER) String apiKey, + @PathParam("service") String serviceString, @PathParam("name") String name, String path) { Security.checkApiCallAllowed(request); @@ -633,7 +638,8 @@ public class ArbitraryResource { } ) @SecurityRequirement(name = "apiKey") - public String post(@PathParam("service") String serviceString, + public String post(@HeaderParam(Security.API_KEY_HEADER) String apiKey, + @PathParam("service") String serviceString, @PathParam("name") String name, @PathParam("identifier") String identifier, String path) { @@ -674,7 +680,8 @@ public class ArbitraryResource { } ) @SecurityRequirement(name = "apiKey") - public String postBase64EncodedData(@PathParam("service") String serviceString, + public String postBase64EncodedData(@HeaderParam(Security.API_KEY_HEADER) String apiKey, + @PathParam("service") String serviceString, @PathParam("name") String name, String base64) { Security.checkApiCallAllowed(request); @@ -710,7 +717,8 @@ public class ArbitraryResource { } ) @SecurityRequirement(name = "apiKey") - public String postBase64EncodedData(@PathParam("service") String serviceString, + public String postBase64EncodedData(@HeaderParam(Security.API_KEY_HEADER) String apiKey, + @PathParam("service") String serviceString, @PathParam("name") String name, @PathParam("identifier") String identifier, String base64) { @@ -750,7 +758,8 @@ public class ArbitraryResource { } ) @SecurityRequirement(name = "apiKey") - public String postZippedData(@PathParam("service") String serviceString, + public String postZippedData(@HeaderParam(Security.API_KEY_HEADER) String apiKey, + @PathParam("service") String serviceString, @PathParam("name") String name, String base64Zip) { Security.checkApiCallAllowed(request); @@ -786,7 +795,8 @@ public class ArbitraryResource { } ) @SecurityRequirement(name = "apiKey") - public String postZippedData(@PathParam("service") String serviceString, + public String postZippedData(@HeaderParam(Security.API_KEY_HEADER) String apiKey, + @PathParam("service") String serviceString, @PathParam("name") String name, @PathParam("identifier") String identifier, String base64Zip) { @@ -829,7 +839,8 @@ public class ArbitraryResource { } ) @SecurityRequirement(name = "apiKey") - public String postString(@PathParam("service") String serviceString, + public String postString(@HeaderParam(Security.API_KEY_HEADER) String apiKey, + @PathParam("service") String serviceString, @PathParam("name") String name, String string) { Security.checkApiCallAllowed(request); @@ -867,7 +878,8 @@ public class ArbitraryResource { } ) @SecurityRequirement(name = "apiKey") - public String postString(@PathParam("service") String serviceString, + public String postString(@HeaderParam(Security.API_KEY_HEADER) String apiKey, + @PathParam("service") String serviceString, @PathParam("name") String name, @PathParam("identifier") String identifier, String string) { diff --git a/src/main/java/org/qortal/api/resource/BootstrapResource.java b/src/main/java/org/qortal/api/resource/BootstrapResource.java index 2832f8bb..b9382dcb 100644 --- a/src/main/java/org/qortal/api/resource/BootstrapResource.java +++ b/src/main/java/org/qortal/api/resource/BootstrapResource.java @@ -45,7 +45,7 @@ public class BootstrapResource { } ) @SecurityRequirement(name = "apiKey") - public String createBootstrap() { + public String createBootstrap(@HeaderParam(Security.API_KEY_HEADER) String apiKey) { Security.checkApiCallAllowed(request); try (final Repository repository = RepositoryManager.getRepository()) { @@ -80,7 +80,7 @@ public class BootstrapResource { } ) @SecurityRequirement(name = "apiKey") - public boolean validateBootstrap() { + public boolean validateBootstrap(@HeaderParam(Security.API_KEY_HEADER) String apiKey) { Security.checkApiCallAllowed(request); try (final Repository repository = RepositoryManager.getRepository()) { diff --git a/src/main/java/org/qortal/api/resource/ChatResource.java b/src/main/java/org/qortal/api/resource/ChatResource.java index 6ad7d6ea..be8bd7d7 100644 --- a/src/main/java/org/qortal/api/resource/ChatResource.java +++ b/src/main/java/org/qortal/api/resource/ChatResource.java @@ -13,11 +13,7 @@ import io.swagger.v3.oas.annotations.tags.Tag; import java.util.List; import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.QueryParam; +import javax.ws.rs.*; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; @@ -158,7 +154,7 @@ public class ChatResource { ) @ApiErrors({ApiError.TRANSACTION_INVALID, ApiError.TRANSFORMATION_ERROR, ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public String buildChat(ChatTransactionData transactionData) { + public String buildChat(@HeaderParam(Security.API_KEY_HEADER) String apiKey, ChatTransactionData transactionData) { Security.checkApiCallAllowed(request); try (final Repository repository = RepositoryManager.getRepository()) { @@ -206,7 +202,7 @@ public class ChatResource { ) @ApiErrors({ApiError.TRANSACTION_INVALID, ApiError.INVALID_DATA, ApiError.TRANSFORMATION_ERROR, ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public String buildChat(String rawBytes58) { + public String buildChat(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String rawBytes58) { Security.checkApiCallAllowed(request); try (final Repository repository = RepositoryManager.getRepository()) { diff --git a/src/main/java/org/qortal/api/resource/CrossChainBitcoinACCTv1Resource.java b/src/main/java/org/qortal/api/resource/CrossChainBitcoinACCTv1Resource.java index df368970..6cfa130a 100644 --- a/src/main/java/org/qortal/api/resource/CrossChainBitcoinACCTv1Resource.java +++ b/src/main/java/org/qortal/api/resource/CrossChainBitcoinACCTv1Resource.java @@ -12,6 +12,7 @@ import java.util.Arrays; import java.util.Random; import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.HeaderParam; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.core.Context; @@ -81,7 +82,7 @@ public class CrossChainBitcoinACCTv1Resource { ) @ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_DATA, ApiError.INVALID_REFERENCE, ApiError.TRANSFORMATION_ERROR, ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public String buildTrade(CrossChainBuildRequest tradeRequest) { + public String buildTrade(@HeaderParam(Security.API_KEY_HEADER) String apiKey, CrossChainBuildRequest tradeRequest) { Security.checkApiCallAllowed(request); byte[] creatorPublicKey = tradeRequest.creatorPublicKey; @@ -177,7 +178,7 @@ public class CrossChainBitcoinACCTv1Resource { ) @ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public String buildTradeMessage(CrossChainTradeRequest tradeRequest) { + public String buildTradeMessage(@HeaderParam(Security.API_KEY_HEADER) String apiKey, CrossChainTradeRequest tradeRequest) { Security.checkApiCallAllowed(request); byte[] tradePublicKey = tradeRequest.tradePublicKey; @@ -261,7 +262,7 @@ public class CrossChainBitcoinACCTv1Resource { ) @ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_DATA, ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public String buildRedeemMessage(CrossChainDualSecretRequest secretRequest) { + public String buildRedeemMessage(@HeaderParam(Security.API_KEY_HEADER) String apiKey, CrossChainDualSecretRequest secretRequest) { Security.checkApiCallAllowed(request); byte[] partnerPublicKey = secretRequest.partnerPublicKey; diff --git a/src/main/java/org/qortal/api/resource/CrossChainBitcoinResource.java b/src/main/java/org/qortal/api/resource/CrossChainBitcoinResource.java index ecbaf840..9bbf0e43 100644 --- a/src/main/java/org/qortal/api/resource/CrossChainBitcoinResource.java +++ b/src/main/java/org/qortal/api/resource/CrossChainBitcoinResource.java @@ -12,6 +12,7 @@ import io.swagger.v3.oas.annotations.tags.Tag; import java.util.List; import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.HeaderParam; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.core.Context; @@ -58,7 +59,7 @@ public class CrossChainBitcoinResource { ) @ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE}) @SecurityRequirement(name = "apiKey") - public String getBitcoinWalletBalance(String key58) { + public String getBitcoinWalletBalance(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String key58) { Security.checkApiCallAllowed(request); Bitcoin bitcoin = Bitcoin.getInstance(); @@ -97,7 +98,7 @@ public class CrossChainBitcoinResource { ) @ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE}) @SecurityRequirement(name = "apiKey") - public List getBitcoinWalletTransactions(String key58) { + public List getBitcoinWalletTransactions(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String key58) { Security.checkApiCallAllowed(request); Bitcoin bitcoin = Bitcoin.getInstance(); @@ -134,7 +135,7 @@ public class CrossChainBitcoinResource { ) @ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE}) @SecurityRequirement(name = "apiKey") - public String sendBitcoin(BitcoinSendRequest bitcoinSendRequest) { + public String sendBitcoin(@HeaderParam(Security.API_KEY_HEADER) String apiKey, BitcoinSendRequest bitcoinSendRequest) { Security.checkApiCallAllowed(request); if (bitcoinSendRequest.bitcoinAmount <= 0) diff --git a/src/main/java/org/qortal/api/resource/CrossChainDogecoinACCTv1Resource.java b/src/main/java/org/qortal/api/resource/CrossChainDogecoinACCTv1Resource.java index b13c6644..c00874b4 100644 --- a/src/main/java/org/qortal/api/resource/CrossChainDogecoinACCTv1Resource.java +++ b/src/main/java/org/qortal/api/resource/CrossChainDogecoinACCTv1Resource.java @@ -27,6 +27,7 @@ import org.qortal.transaction.Transaction.ValidationResult; import org.qortal.transform.Transformer; import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.HeaderParam; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.core.Context; @@ -69,7 +70,7 @@ public class CrossChainDogecoinACCTv1Resource { ) @ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_DATA, ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public boolean buildRedeemMessage(CrossChainSecretRequest secretRequest) { + public boolean buildRedeemMessage(@HeaderParam(Security.API_KEY_HEADER) String apiKey, CrossChainSecretRequest secretRequest) { Security.checkApiCallAllowed(request); byte[] partnerPrivateKey = secretRequest.partnerPrivateKey; diff --git a/src/main/java/org/qortal/api/resource/CrossChainDogecoinResource.java b/src/main/java/org/qortal/api/resource/CrossChainDogecoinResource.java index d6b186d0..bb2dcbbc 100644 --- a/src/main/java/org/qortal/api/resource/CrossChainDogecoinResource.java +++ b/src/main/java/org/qortal/api/resource/CrossChainDogecoinResource.java @@ -19,6 +19,7 @@ import org.qortal.crosschain.Dogecoin; import org.qortal.crosschain.SimpleTransaction; import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.HeaderParam; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.core.Context; @@ -56,7 +57,7 @@ public class CrossChainDogecoinResource { ) @ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE}) @SecurityRequirement(name = "apiKey") - public String getDogecoinWalletBalance(String key58) { + public String getDogecoinWalletBalance(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String key58) { Security.checkApiCallAllowed(request); Dogecoin dogecoin = Dogecoin.getInstance(); @@ -95,7 +96,7 @@ public class CrossChainDogecoinResource { ) @ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE}) @SecurityRequirement(name = "apiKey") - public List getDogecoinWalletTransactions(String key58) { + public List getDogecoinWalletTransactions(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String key58) { Security.checkApiCallAllowed(request); Dogecoin dogecoin = Dogecoin.getInstance(); @@ -132,7 +133,7 @@ public class CrossChainDogecoinResource { ) @ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE}) @SecurityRequirement(name = "apiKey") - public String sendBitcoin(DogecoinSendRequest dogecoinSendRequest) { + public String sendBitcoin(@HeaderParam(Security.API_KEY_HEADER) String apiKey, DogecoinSendRequest dogecoinSendRequest) { Security.checkApiCallAllowed(request); if (dogecoinSendRequest.dogecoinAmount <= 0) diff --git a/src/main/java/org/qortal/api/resource/CrossChainHtlcResource.java b/src/main/java/org/qortal/api/resource/CrossChainHtlcResource.java index e0bca8d3..fbcde1a6 100644 --- a/src/main/java/org/qortal/api/resource/CrossChainHtlcResource.java +++ b/src/main/java/org/qortal/api/resource/CrossChainHtlcResource.java @@ -11,10 +11,7 @@ import java.math.BigDecimal; import java.util.List; import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; +import javax.ws.rs.*; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; @@ -107,7 +104,8 @@ public class CrossChainHtlcResource { ) @ApiErrors({ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN}) @SecurityRequirement(name = "apiKey") - public CrossChainBitcoinyHTLCStatus checkHtlcStatus(@PathParam("blockchain") String blockchainName, + public CrossChainBitcoinyHTLCStatus checkHtlcStatus(@HeaderParam(Security.API_KEY_HEADER) String apiKey, + @PathParam("blockchain") String blockchainName, @PathParam("refundPKH") String refundPKH, @PathParam("locktime") int lockTime, @PathParam("redeemPKH") String redeemPKH, @@ -191,7 +189,7 @@ public class CrossChainHtlcResource { ) @ApiErrors({ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN}) @SecurityRequirement(name = "apiKey") - public boolean redeemHtlc(@PathParam("ataddress") String atAddress) { + public boolean redeemHtlc(@HeaderParam(Security.API_KEY_HEADER) String apiKey, @PathParam("ataddress") String atAddress) { Security.checkApiCallAllowed(request); try (final Repository repository = RepositoryManager.getRepository()) { @@ -250,7 +248,7 @@ public class CrossChainHtlcResource { ) @ApiErrors({ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN}) @SecurityRequirement(name = "apiKey") - public boolean redeemAllHtlc() { + public boolean redeemAllHtlc(@HeaderParam(Security.API_KEY_HEADER) String apiKey) { Security.checkApiCallAllowed(request); boolean success = false; @@ -435,7 +433,7 @@ public class CrossChainHtlcResource { ) @ApiErrors({ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN}) @SecurityRequirement(name = "apiKey") - public boolean refundHtlc(@PathParam("ataddress") String atAddress) { + public boolean refundHtlc(@HeaderParam(Security.API_KEY_HEADER) String apiKey, @PathParam("ataddress") String atAddress) { Security.checkApiCallAllowed(request); try (final Repository repository = RepositoryManager.getRepository()) { @@ -484,7 +482,7 @@ public class CrossChainHtlcResource { ) @ApiErrors({ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.ADDRESS_UNKNOWN}) @SecurityRequirement(name = "apiKey") - public boolean refundAllHtlc() { + public boolean refundAllHtlc(@HeaderParam(Security.API_KEY_HEADER) String apiKey) { Security.checkApiCallAllowed(request); boolean success = false; diff --git a/src/main/java/org/qortal/api/resource/CrossChainLitecoinACCTv1Resource.java b/src/main/java/org/qortal/api/resource/CrossChainLitecoinACCTv1Resource.java index 38cb763e..7b6bc962 100644 --- a/src/main/java/org/qortal/api/resource/CrossChainLitecoinACCTv1Resource.java +++ b/src/main/java/org/qortal/api/resource/CrossChainLitecoinACCTv1Resource.java @@ -31,6 +31,7 @@ import org.qortal.utils.Base58; import org.qortal.utils.NTP; import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.HeaderParam; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.core.Context; @@ -74,7 +75,7 @@ public class CrossChainLitecoinACCTv1Resource { ) @ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_DATA, ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public boolean buildRedeemMessage(CrossChainSecretRequest secretRequest) { + public boolean buildRedeemMessage(@HeaderParam(Security.API_KEY_HEADER) String apiKey, CrossChainSecretRequest secretRequest) { Security.checkApiCallAllowed(request); byte[] partnerPrivateKey = secretRequest.partnerPrivateKey; diff --git a/src/main/java/org/qortal/api/resource/CrossChainLitecoinResource.java b/src/main/java/org/qortal/api/resource/CrossChainLitecoinResource.java index 6055942a..8f6fa582 100644 --- a/src/main/java/org/qortal/api/resource/CrossChainLitecoinResource.java +++ b/src/main/java/org/qortal/api/resource/CrossChainLitecoinResource.java @@ -12,6 +12,7 @@ import io.swagger.v3.oas.annotations.tags.Tag; import java.util.List; import javax.servlet.http.HttpServletRequest; +import javax.ws.rs.HeaderParam; import javax.ws.rs.POST; import javax.ws.rs.Path; import javax.ws.rs.core.Context; @@ -58,7 +59,7 @@ public class CrossChainLitecoinResource { ) @ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE}) @SecurityRequirement(name = "apiKey") - public String getLitecoinWalletBalance(String key58) { + public String getLitecoinWalletBalance(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String key58) { Security.checkApiCallAllowed(request); Litecoin litecoin = Litecoin.getInstance(); @@ -97,7 +98,7 @@ public class CrossChainLitecoinResource { ) @ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE}) @SecurityRequirement(name = "apiKey") - public List getLitecoinWalletTransactions(String key58) { + public List getLitecoinWalletTransactions(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String key58) { Security.checkApiCallAllowed(request); Litecoin litecoin = Litecoin.getInstance(); @@ -134,7 +135,7 @@ public class CrossChainLitecoinResource { ) @ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.INVALID_CRITERIA, ApiError.INVALID_ADDRESS, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE}) @SecurityRequirement(name = "apiKey") - public String sendBitcoin(LitecoinSendRequest litecoinSendRequest) { + public String sendBitcoin(@HeaderParam(Security.API_KEY_HEADER) String apiKey, LitecoinSendRequest litecoinSendRequest) { Security.checkApiCallAllowed(request); if (litecoinSendRequest.litecoinAmount <= 0) diff --git a/src/main/java/org/qortal/api/resource/CrossChainResource.java b/src/main/java/org/qortal/api/resource/CrossChainResource.java index 1041fe26..47eee301 100644 --- a/src/main/java/org/qortal/api/resource/CrossChainResource.java +++ b/src/main/java/org/qortal/api/resource/CrossChainResource.java @@ -15,11 +15,7 @@ import java.util.*; import java.util.function.Supplier; import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.DELETE; -import javax.ws.rs.GET; -import javax.ws.rs.Path; -import javax.ws.rs.PathParam; -import javax.ws.rs.QueryParam; +import javax.ws.rs.*; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; @@ -395,7 +391,7 @@ public class CrossChainResource { ) @ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public String cancelTrade(CrossChainCancelRequest cancelRequest) { + public String cancelTrade(@HeaderParam(Security.API_KEY_HEADER) String apiKey, CrossChainCancelRequest cancelRequest) { Security.checkApiCallAllowed(request); byte[] creatorPublicKey = cancelRequest.creatorPublicKey; diff --git a/src/main/java/org/qortal/api/resource/CrossChainTradeBotResource.java b/src/main/java/org/qortal/api/resource/CrossChainTradeBotResource.java index 1a098d5e..35a678f2 100644 --- a/src/main/java/org/qortal/api/resource/CrossChainTradeBotResource.java +++ b/src/main/java/org/qortal/api/resource/CrossChainTradeBotResource.java @@ -14,11 +14,7 @@ import java.util.List; import java.util.stream.Collectors; import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.DELETE; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.Path; -import javax.ws.rs.QueryParam; +import javax.ws.rs.*; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; @@ -72,6 +68,7 @@ public class CrossChainTradeBotResource { @ApiErrors({ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") public List getTradeBotStates( + @HeaderParam(Security.API_KEY_HEADER) String apiKey, @Parameter( description = "Limit to specific blockchain", example = "LITECOIN", @@ -113,7 +110,7 @@ public class CrossChainTradeBotResource { @ApiErrors({ApiError.INVALID_PUBLIC_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_CRITERIA, ApiError.INSUFFICIENT_BALANCE, ApiError.REPOSITORY_ISSUE, ApiError.ORDER_SIZE_TOO_SMALL}) @SuppressWarnings("deprecation") @SecurityRequirement(name = "apiKey") - public String tradeBotCreator(TradeBotCreateRequest tradeBotCreateRequest) { + public String tradeBotCreator(@HeaderParam(Security.API_KEY_HEADER) String apiKey, TradeBotCreateRequest tradeBotCreateRequest) { Security.checkApiCallAllowed(request); if (tradeBotCreateRequest.foreignBlockchain == null) @@ -183,7 +180,7 @@ public class CrossChainTradeBotResource { @ApiErrors({ApiError.INVALID_PRIVATE_KEY, ApiError.INVALID_ADDRESS, ApiError.INVALID_CRITERIA, ApiError.FOREIGN_BLOCKCHAIN_BALANCE_ISSUE, ApiError.FOREIGN_BLOCKCHAIN_NETWORK_ISSUE, ApiError.REPOSITORY_ISSUE}) @SuppressWarnings("deprecation") @SecurityRequirement(name = "apiKey") - public String tradeBotResponder(TradeBotRespondRequest tradeBotRespondRequest) { + public String tradeBotResponder(@HeaderParam(Security.API_KEY_HEADER) String apiKey, TradeBotRespondRequest tradeBotRespondRequest) { Security.checkApiCallAllowed(request); final String atAddress = tradeBotRespondRequest.atAddress; @@ -265,7 +262,7 @@ public class CrossChainTradeBotResource { ) @ApiErrors({ApiError.INVALID_ADDRESS, ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public String tradeBotDelete(String tradePrivateKey58) { + public String tradeBotDelete(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String tradePrivateKey58) { Security.checkApiCallAllowed(request); final byte[] tradePrivateKey; diff --git a/src/main/java/org/qortal/api/resource/ListsResource.java b/src/main/java/org/qortal/api/resource/ListsResource.java index 485dbb84..e0f558df 100644 --- a/src/main/java/org/qortal/api/resource/ListsResource.java +++ b/src/main/java/org/qortal/api/resource/ListsResource.java @@ -56,7 +56,8 @@ public class ListsResource { ) @ApiErrors({ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public String addItemstoList(@PathParam("listName") String listName, + public String addItemstoList(@HeaderParam(Security.API_KEY_HEADER) String apiKey, + @PathParam("listName") String listName, ListRequest listRequest) { Security.checkApiCallAllowed(request); @@ -118,7 +119,8 @@ public class ListsResource { ) @ApiErrors({ApiError.INVALID_CRITERIA, ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public String removeItemsFromList(@PathParam("listName") String listName, + public String removeItemsFromList(@HeaderParam(Security.API_KEY_HEADER) String apiKey, + @PathParam("listName") String listName, ListRequest listRequest) { Security.checkApiCallAllowed(request); @@ -166,7 +168,7 @@ public class ListsResource { } ) @SecurityRequirement(name = "apiKey") - public String getItemsInList(@PathParam("listName") String listName) { + public String getItemsInList(@HeaderParam(Security.API_KEY_HEADER) String apiKey, @PathParam("listName") String listName) { Security.checkApiCallAllowed(request); return ResourceListManager.getInstance().getJSONStringForList(listName); } diff --git a/src/main/java/org/qortal/api/resource/PeersResource.java b/src/main/java/org/qortal/api/resource/PeersResource.java index 1cf5ff16..97e2644e 100644 --- a/src/main/java/org/qortal/api/resource/PeersResource.java +++ b/src/main/java/org/qortal/api/resource/PeersResource.java @@ -16,10 +16,7 @@ import java.util.List; import java.util.stream.Collectors; import javax.servlet.http.HttpServletRequest; -import javax.ws.rs.DELETE; -import javax.ws.rs.GET; -import javax.ws.rs.POST; -import javax.ws.rs.Path; +import javax.ws.rs.*; import javax.ws.rs.core.Context; import javax.ws.rs.core.MediaType; @@ -130,7 +127,7 @@ public class PeersResource { } ) @SecurityRequirement(name = "apiKey") - public ExecuteProduceConsume.StatsSnapshot getEngineStats() { + public ExecuteProduceConsume.StatsSnapshot getEngineStats(@HeaderParam(Security.API_KEY_HEADER) String apiKey) { Security.checkApiCallAllowed(request); return Network.getInstance().getStatsSnapshot(); @@ -168,7 +165,7 @@ public class PeersResource { ApiError.INVALID_NETWORK_ADDRESS, ApiError.REPOSITORY_ISSUE }) @SecurityRequirement(name = "apiKey") - public String addPeer(String address) { + public String addPeer(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String address) { Security.checkApiCallAllowed(request); final Long addedWhen = NTP.getTime(); @@ -223,7 +220,7 @@ public class PeersResource { ApiError.INVALID_NETWORK_ADDRESS, ApiError.REPOSITORY_ISSUE }) @SecurityRequirement(name = "apiKey") - public String removePeer(String address) { + public String removePeer(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String address) { Security.checkApiCallAllowed(request); try { @@ -259,7 +256,7 @@ public class PeersResource { ApiError.REPOSITORY_ISSUE }) @SecurityRequirement(name = "apiKey") - public String removeKnownPeers(String address) { + public String removeKnownPeers(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String address) { Security.checkApiCallAllowed(request); try { @@ -299,7 +296,7 @@ public class PeersResource { ) @ApiErrors({ApiError.INVALID_DATA, ApiError.REPOSITORY_ISSUE}) @SecurityRequirement(name = "apiKey") - public List commonBlock(String targetPeerAddress) { + public List commonBlock(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String targetPeerAddress) { Security.checkApiCallAllowed(request); try { diff --git a/src/main/java/org/qortal/api/resource/RenderResource.java b/src/main/java/org/qortal/api/resource/RenderResource.java index 3a543ee4..49743159 100644 --- a/src/main/java/org/qortal/api/resource/RenderResource.java +++ b/src/main/java/org/qortal/api/resource/RenderResource.java @@ -69,7 +69,7 @@ public class RenderResource { } ) @SecurityRequirement(name = "apiKey") - public String preview(String directoryPath) { + public String preview(@HeaderParam(Security.API_KEY_HEADER) String apiKey, String directoryPath) { Security.checkApiCallAllowed(request); Method method = Method.PUT; Compression compression = Compression.ZIP; @@ -98,7 +98,7 @@ public class RenderResource { @POST @Path("/authorize/{resourceId}") @SecurityRequirement(name = "apiKey") - public boolean authorizeResource(@PathParam("resourceId") String resourceId) { + public boolean authorizeResource(@HeaderParam(Security.API_KEY_HEADER) String apiKey, @PathParam("resourceId") String resourceId) { Security.checkApiCallAllowed(request); ArbitraryDataResource resource = new ArbitraryDataResource(resourceId, null, null, null); ArbitraryDataRenderManager.getInstance().addToAuthorizedResources(resource); @@ -108,7 +108,8 @@ public class RenderResource { @POST @Path("authorize/{service}/{resourceId}") @SecurityRequirement(name = "apiKey") - public boolean authorizeResource(@PathParam("service") Service service, + public boolean authorizeResource(@HeaderParam(Security.API_KEY_HEADER) String apiKey, + @PathParam("service") Service service, @PathParam("resourceId") String resourceId) { Security.checkApiCallAllowed(request); ArbitraryDataResource resource = new ArbitraryDataResource(resourceId, null, service, null); @@ -119,7 +120,8 @@ public class RenderResource { @POST @Path("authorize/{service}/{resourceId}/{identifier}") @SecurityRequirement(name = "apiKey") - public boolean authorizeResource(@PathParam("service") Service service, + public boolean authorizeResource(@HeaderParam(Security.API_KEY_HEADER) String apiKey, + @PathParam("service") Service service, @PathParam("resourceId") String resourceId, @PathParam("identifier") String identifier) { Security.checkApiCallAllowed(request); diff --git a/src/test/java/org/qortal/test/api/AdminApiTests.java b/src/test/java/org/qortal/test/api/AdminApiTests.java index 8fb8bb52..89b1464a 100644 --- a/src/test/java/org/qortal/test/api/AdminApiTests.java +++ b/src/test/java/org/qortal/test/api/AdminApiTests.java @@ -30,7 +30,7 @@ public class AdminApiTests extends ApiCommon { @Test public void testSummary() { - assertNotNull(this.adminResource.summary()); + assertNotNull(this.adminResource.summary("testApiKey")); } @Test