crowetic/qortal
1
0
Fork 0
forked from Qortal/qortal
Code Pull Requests Activity

Added POST /render/authorize/{resourceId} endpoint

Browse Source 
This allows an entire registered name to be preauthorized, therefore allowing for instance a website to automatically request other resources from the same author, such as videos.
This commit is contained in:
CalDescent 2022-01-02 18:23:27 +00:00
parent 75d9347d23
commit 17fe94fa46
2 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/main/java/org/qortal/api/resource/RenderResource.java
View File

@ -95,6 +95,16 @@ public class RenderResource {
return "Unable to generate preview URL"; return "Unable to generate preview URL";
} }
@POST
@Path("/authorize/{resourceId}")
@SecurityRequirement(name = "apiKey")
public boolean authorizeResource(@PathParam("resourceId") String resourceId) {
Security.checkApiCallAllowed(request);
ArbitraryDataResource resource = new ArbitraryDataResource(resourceId, null, null, null);
ArbitraryDataRenderManager.getInstance().addToAuthorizedResources(resource);
return true;
}
@POST @POST
@Path("authorize/{service}/{resourceId}") @Path("authorize/{service}/{resourceId}")
@SecurityRequirement(name = "apiKey") @SecurityRequirement(name = "apiKey")

11
src/main/java/org/qortal/controller/arbitrary/ArbitraryDataRenderManager.java
View File

@ -1,8 +1,6 @@
package org.qortal.controller.arbitrary; package org.qortal.controller.arbitrary;
import org.qortal.arbitrary.ArbitraryDataFile;
import org.qortal.arbitrary.ArbitraryDataResource; import org.qortal.arbitrary.ArbitraryDataResource;
import org.qortal.arbitrary.misc.Service;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
@ -31,9 +29,16 @@ public class ArbitraryDataRenderManager {
} }
public boolean isAuthorized(ArbitraryDataResource resource) { public boolean isAuthorized(ArbitraryDataResource resource) {
ArbitraryDataResource broadResource = new ArbitraryDataResource(resource.getResourceId(), null, null, null);
for (ArbitraryDataResource authorizedResource : this.authorizedResources) { for (ArbitraryDataResource authorizedResource : this.authorizedResources) {
if (authorizedResource != null && resource != null) { if (authorizedResource != null && resource != null) {
if (Objects.equals(authorizedResource.toString(), resource.toString())) { // Check for exact match
if (Objects.equals(authorizedResource.getUniqueKey(), resource.getUniqueKey())) {
return true;
}
// Check for a broad authorization (which applies to all services and identifiers under an authorized name)
if (Objects.equals(authorizedResource.getUniqueKey(), broadResource.getUniqueKey())) {
return true; return true;
} }
} }