crowetic/qortal
1
0
Fork 0
forked from Qortal/qortal
Code Pull Requests Activity

Don't require prior authorization of QDN resources if qdnAuthBypassEnabled is true. Necessary for resource linking.

Browse Source
This commit is contained in:
CalDescent 2023-01-28 14:14:44 +00:00
parent d7b1615d4f
commit 4a42dc2d00
2 changed files with 25 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/java/org/qortal/api/resource/ArbitraryResource.java
View File

@ -266,7 +266,9 @@ public class ArbitraryResource {
@PathParam("name") String name, @PathParam("name") String name,
@QueryParam("build") Boolean build) { @QueryParam("build") Boolean build) {
Security.requirePriorAuthorizationOrApiKey(request, name, service, null, apiKey); if (!Settings.getInstance().isQDNAuthBypassEnabled())
Security.requirePriorAuthorizationOrApiKey(request, name, service, null, apiKey);
return ArbitraryTransactionUtils.getStatus(service, name, null, build); return ArbitraryTransactionUtils.getStatus(service, name, null, build);
} }
@ -288,7 +290,9 @@ public class ArbitraryResource {
@PathParam("identifier") String identifier, @PathParam("identifier") String identifier,
@QueryParam("build") Boolean build) { @QueryParam("build") Boolean build) {
Security.requirePriorAuthorizationOrApiKey(request, name, service, identifier, apiKey); if (!Settings.getInstance().isQDNAuthBypassEnabled())
Security.requirePriorAuthorizationOrApiKey(request, name, service, identifier, apiKey);
return ArbitraryTransactionUtils.getStatus(service, name, identifier, build); return ArbitraryTransactionUtils.getStatus(service, name, identifier, build);
} }

25
src/main/java/org/qortal/api/resource/RenderResource.java
View File

@ -28,6 +28,7 @@ import org.qortal.controller.arbitrary.ArbitraryDataRenderManager;
import org.qortal.data.transaction.ArbitraryTransactionData.*; import org.qortal.data.transaction.ArbitraryTransactionData.*;
import org.qortal.repository.DataException; import org.qortal.repository.DataException;
import org.qortal.arbitrary.ArbitraryDataFile.*; import org.qortal.arbitrary.ArbitraryDataFile.*;
import org.qortal.settings.Settings;
import org.qortal.utils.Base58; import org.qortal.utils.Base58;
@ -142,7 +143,9 @@ public class RenderResource {
@SecurityRequirement(name = "apiKey") @SecurityRequirement(name = "apiKey")
public HttpServletResponse getIndexBySignature(@PathParam("signature") String signature, public HttpServletResponse getIndexBySignature(@PathParam("signature") String signature,
@QueryParam("theme") String theme) { @QueryParam("theme") String theme) {
Security.requirePriorAuthorization(request, signature, Service.WEBSITE, null); if (!Settings.getInstance().isQDNAuthBypassEnabled())
Security.requirePriorAuthorization(request, signature, Service.WEBSITE, null);
return this.get(signature, ResourceIdType.SIGNATURE, null, "/", null, "/render/signature", true, true, theme); return this.get(signature, ResourceIdType.SIGNATURE, null, "/", null, "/render/signature", true, true, theme);
} }
@ -151,7 +154,9 @@ public class RenderResource {
@SecurityRequirement(name = "apiKey") @SecurityRequirement(name = "apiKey")
public HttpServletResponse getPathBySignature(@PathParam("signature") String signature, @PathParam("path") String inPath, public HttpServletResponse getPathBySignature(@PathParam("signature") String signature, @PathParam("path") String inPath,
@QueryParam("theme") String theme) { @QueryParam("theme") String theme) {
Security.requirePriorAuthorization(request, signature, Service.WEBSITE, null); if (!Settings.getInstance().isQDNAuthBypassEnabled())
Security.requirePriorAuthorization(request, signature, Service.WEBSITE, null);
return this.get(signature, ResourceIdType.SIGNATURE, null, inPath,null, "/render/signature", true, true, theme); return this.get(signature, ResourceIdType.SIGNATURE, null, inPath,null, "/render/signature", true, true, theme);
} }
@ -160,7 +165,9 @@ public class RenderResource {
@SecurityRequirement(name = "apiKey") @SecurityRequirement(name = "apiKey")
public HttpServletResponse getIndexByHash(@PathParam("hash") String hash58, @QueryParam("secret") String secret58, public HttpServletResponse getIndexByHash(@PathParam("hash") String hash58, @QueryParam("secret") String secret58,
@QueryParam("theme") String theme) { @QueryParam("theme") String theme) {
Security.requirePriorAuthorization(request, hash58, Service.WEBSITE, null); if (!Settings.getInstance().isQDNAuthBypassEnabled())
Security.requirePriorAuthorization(request, hash58, Service.WEBSITE, null);
return this.get(hash58, ResourceIdType.FILE_HASH, Service.WEBSITE, "/", secret58, "/render/hash", true, false, theme); return this.get(hash58, ResourceIdType.FILE_HASH, Service.WEBSITE, "/", secret58, "/render/hash", true, false, theme);
} }
@ -170,7 +177,9 @@ public class RenderResource {
public HttpServletResponse getPathByHash(@PathParam("hash") String hash58, @PathParam("path") String inPath, public HttpServletResponse getPathByHash(@PathParam("hash") String hash58, @PathParam("path") String inPath,
@QueryParam("secret") String secret58, @QueryParam("secret") String secret58,
@QueryParam("theme") String theme) { @QueryParam("theme") String theme) {
Security.requirePriorAuthorization(request, hash58, Service.WEBSITE, null); if (!Settings.getInstance().isQDNAuthBypassEnabled())
Security.requirePriorAuthorization(request, hash58, Service.WEBSITE, null);
return this.get(hash58, ResourceIdType.FILE_HASH, Service.WEBSITE, inPath, secret58, "/render/hash", true, false, theme); return this.get(hash58, ResourceIdType.FILE_HASH, Service.WEBSITE, inPath, secret58, "/render/hash", true, false, theme);
} }
@ -181,7 +190,9 @@ public class RenderResource {
@PathParam("name") String name, @PathParam("name") String name,
@PathParam("path") String inPath, @PathParam("path") String inPath,
@QueryParam("theme") String theme) { @QueryParam("theme") String theme) {
Security.requirePriorAuthorization(request, name, service, null); if (!Settings.getInstance().isQDNAuthBypassEnabled())
Security.requirePriorAuthorization(request, name, service, null);
String prefix = String.format("/render/%s", service); String prefix = String.format("/render/%s", service);
return this.get(name, ResourceIdType.NAME, service, inPath, null, prefix, true, true, theme); return this.get(name, ResourceIdType.NAME, service, inPath, null, prefix, true, true, theme);
} }
@ -192,7 +203,9 @@ public class RenderResource {
public HttpServletResponse getIndexByName(@PathParam("service") Service service, public HttpServletResponse getIndexByName(@PathParam("service") Service service,
@PathParam("name") String name, @PathParam("name") String name,
@QueryParam("theme") String theme) { @QueryParam("theme") String theme) {
Security.requirePriorAuthorization(request, name, service, null); if (!Settings.getInstance().isQDNAuthBypassEnabled())
Security.requirePriorAuthorization(request, name, service, null);
String prefix = String.format("/render/%s", service); String prefix = String.format("/render/%s", service);
return this.get(name, ResourceIdType.NAME, service, "/", null, prefix, true, true, theme); return this.get(name, ResourceIdType.NAME, service, "/", null, prefix, true, true, theme);
} }