From c68b9fec422cb1c088759fce782aba2abd1ae3bc Mon Sep 17 00:00:00 2001 From: Jan Eitzinger Date: Thu, 7 Sep 2023 14:03:41 +0200 Subject: [PATCH 1/6] fix: Add documentation for apiAllowedIPs option --- configs/README.md | 1 + internal/api/rest.go | 4 ++++ pkg/schema/config.go | 4 ++-- 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/configs/README.md b/configs/README.md index 76029d1..1ee8cb8 100644 --- a/configs/README.md +++ b/configs/README.md @@ -9,6 +9,7 @@ It is supported to set these by means of a `.env` file in the project root. ## Configuration Options * `addr`: Type string. Address where the http (or https) server will listen on (for example: 'localhost:80'). Default `:8080`. +* `apiAllowedIPs`: Type string array. Addresses from which the secured API endpoints (/users and other auth related endpoints) can be reached * `user`: Type string. Drop root permissions once .env was read and the port was taken. Only applicable if using privileged port. * `group`: Type string. Drop root permissions once .env was read and the port was taken. Only applicable if using privileged port. * `disable-authentication`: Type bool. Disable authentication (for everything: API, Web-UI, ...). Default `false`. diff --git a/internal/api/rest.go b/internal/api/rest.go index 0d4ddb4..a6e33fc 100644 --- a/internal/api/rest.go +++ b/internal/api/rest.go @@ -957,6 +957,7 @@ func (api *RestApi) getJobMetrics(rw http.ResponseWriter, r *http.Request) { // @summary Adds a new user // @tags add and modify // @description User specified in form data will be saved to database. +// @description Only accessible from IPs registered with apiAllowedIPs configuration option. // @accept mpfd // @produce plain // @param username formData string true "Unique user ID" @@ -1024,6 +1025,7 @@ func (api *RestApi) createUser(rw http.ResponseWriter, r *http.Request) { // @summary Deletes a user // @tags remove // @description User defined by username in form data will be deleted from database. +// @description Only accessible from IPs registered with apiAllowedIPs configuration option. // @accept mpfd // @produce plain // @param username formData string true "User ID to delete" @@ -1061,6 +1063,7 @@ func (api *RestApi) deleteUser(rw http.ResponseWriter, r *http.Request) { // @tags query // @description Returns a JSON-encoded list of users. // @description Required query-parameter defines if all users or only users with additional special roles are returned. +// @description Only accessible from IPs registered with apiAllowedIPs configuration option. // @produce json // @param not-just-user query bool true "If returned list should contain all users or only users with additional special roles" // @success 200 {array} api.ApiReturnedUser "List of users returned successfully" @@ -1096,6 +1099,7 @@ func (api *RestApi) getUsers(rw http.ResponseWriter, r *http.Request) { // @tags add and modify // @description Modifies user defined by username (id) in one of four possible ways. // @description If more than one formValue is set then only the highest priority field is used. +// @description Only accessible from IPs registered with apiAllowedIPs configuration option. // @accept mpfd // @produce plain // @param id path string true "Database ID of User" diff --git a/pkg/schema/config.go b/pkg/schema/config.go index 50260ca..5f43fb7 100644 --- a/pkg/schema/config.go +++ b/pkg/schema/config.go @@ -15,7 +15,7 @@ type LdapConfig struct { SearchDN string `json:"search_dn"` UserBind string `json:"user_bind"` UserFilter string `json:"user_filter"` - UserAttr string `json:"username_attr"` + UserAttr string `json:"username_attr"` SyncInterval string `json:"sync_interval"` // Parsed using time.ParseDuration. SyncDelOldUsers bool `json:"sync_del_old_users"` @@ -76,7 +76,7 @@ type ProgramConfig struct { // Address where the http (or https) server will listen on (for example: 'localhost:80'). Addr string `json:"addr"` - // Addresses from which the /api/secured/* API endpoints can be reached + // Addresses from which secured API endpoints can be reached ApiAllowedIPs []string `json:"apiAllowedIPs"` // Drop root permissions once .env was read and the port was taken. From 2d4759114e31dc193da0be6df3e7775e022944a0 Mon Sep 17 00:00:00 2001 From: Jan Eitzinger Date: Thu, 7 Sep 2023 14:33:22 +0200 Subject: [PATCH 2/6] Add Release Notes link to release page --- .goreleaser.yaml | 1 + Makefile | 2 +- ReleaseNotes.md | 2 +- api/swagger.json | 8 ++++---- api/swagger.yaml | 10 ++++++++-- internal/api/docs.go | 13 ++++++++----- 6 files changed, 23 insertions(+), 13 deletions(-) diff --git a/.goreleaser.yaml b/.goreleaser.yaml index a17ce5c..19d29cf 100644 --- a/.goreleaser.yaml +++ b/.goreleaser.yaml @@ -101,5 +101,6 @@ release: draft: false footer: | Supports job archive version 1 and database version 6. + Please check out the [Release Notes](https://github.com/ClusterCockpit/cc-backend/blob/master/ReleaseNotes.md) for further details on breaking changes. # vim: set ts=2 sw=2 tw=0 fo=cnqoj diff --git a/Makefile b/Makefile index 3d44172..374d936 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ TARGET = ./cc-backend VAR = ./var CFG = config.json .env FRONTEND = ./web/frontend -VERSION = 1.2.0 +VERSION = 1.2.1 GIT_HASH := $(shell git rev-parse --short HEAD || echo 'development') CURRENT_TIME = $(shell date +"%Y-%m-%d:T%H:%M:%S") LD_FLAGS = '-s -X main.date=${CURRENT_TIME} -X main.version=${VERSION} -X main.commit=${GIT_HASH}' diff --git a/ReleaseNotes.md b/ReleaseNotes.md index c10ecd5..5ff796e 100644 --- a/ReleaseNotes.md +++ b/ReleaseNotes.md @@ -1,4 +1,4 @@ -# `cc-backend` version 1.2.0 +# `cc-backend` version 1.2.1 Supports job archive version 1 and database version 6. diff --git a/api/swagger.json b/api/swagger.json index dfc2f75..69d80ba 100644 --- a/api/swagger.json +++ b/api/swagger.json @@ -715,7 +715,7 @@ "ApiKeyAuth": [] } ], - "description": "Modifies user defined by username (id) in one of four possible ways.\nIf more than one formValue is set then only the highest priority field is used.", + "description": "Modifies user defined by username (id) in one of four possible ways.\nIf more than one formValue is set then only the highest priority field is used.\nOnly accessible from IPs registered with apiAllowedIPs configuration option.", "consumes": [ "multipart/form-data" ], @@ -820,7 +820,7 @@ "ApiKeyAuth": [] } ], - "description": "Returns a JSON-encoded list of users.\nRequired query-parameter defines if all users or only users with additional special roles are returned.", + "description": "Returns a JSON-encoded list of users.\nRequired query-parameter defines if all users or only users with additional special roles are returned.\nOnly accessible from IPs registered with apiAllowedIPs configuration option.", "produces": [ "application/json" ], @@ -879,7 +879,7 @@ "ApiKeyAuth": [] } ], - "description": "User specified in form data will be saved to database.", + "description": "User specified in form data will be saved to database.\nOnly accessible from IPs registered with apiAllowedIPs configuration option.", "consumes": [ "multipart/form-data" ], @@ -983,7 +983,7 @@ "ApiKeyAuth": [] } ], - "description": "User defined by username in form data will be deleted from database.", + "description": "User defined by username in form data will be deleted from database.\nOnly accessible from IPs registered with apiAllowedIPs configuration option.", "consumes": [ "multipart/form-data" ], diff --git a/api/swagger.yaml b/api/swagger.yaml index 2ba47a0..532d5d0 100644 --- a/api/swagger.yaml +++ b/api/swagger.yaml @@ -1018,6 +1018,7 @@ paths: description: |- Modifies user defined by username (id) in one of four possible ways. If more than one formValue is set then only the highest priority field is used. + Only accessible from IPs registered with apiAllowedIPs configuration option. parameters: - description: Database ID of User in: path @@ -1088,7 +1089,9 @@ paths: delete: consumes: - multipart/form-data - description: User defined by username in form data will be deleted from database. + description: |- + User defined by username in form data will be deleted from database. + Only accessible from IPs registered with apiAllowedIPs configuration option. parameters: - description: User ID to delete in: formData @@ -1129,6 +1132,7 @@ paths: description: |- Returns a JSON-encoded list of users. Required query-parameter defines if all users or only users with additional special roles are returned. + Only accessible from IPs registered with apiAllowedIPs configuration option. parameters: - description: If returned list should contain all users or only users with additional special roles @@ -1169,7 +1173,9 @@ paths: post: consumes: - multipart/form-data - description: User specified in form data will be saved to database. + description: |- + User specified in form data will be saved to database. + Only accessible from IPs registered with apiAllowedIPs configuration option. parameters: - description: Unique user ID in: formData diff --git a/internal/api/docs.go b/internal/api/docs.go index f3bcf5e..009b64a 100644 --- a/internal/api/docs.go +++ b/internal/api/docs.go @@ -1,4 +1,5 @@ -// Code generated by swaggo/swag. DO NOT EDIT +// Code generated by swaggo/swag. DO NOT EDIT. + package api import "github.com/swaggo/swag" @@ -721,7 +722,7 @@ const docTemplate = `{ "ApiKeyAuth": [] } ], - "description": "Modifies user defined by username (id) in one of four possible ways.\nIf more than one formValue is set then only the highest priority field is used.", + "description": "Modifies user defined by username (id) in one of four possible ways.\nIf more than one formValue is set then only the highest priority field is used.\nOnly accessible from IPs registered with apiAllowedIPs configuration option.", "consumes": [ "multipart/form-data" ], @@ -826,7 +827,7 @@ const docTemplate = `{ "ApiKeyAuth": [] } ], - "description": "Returns a JSON-encoded list of users.\nRequired query-parameter defines if all users or only users with additional special roles are returned.", + "description": "Returns a JSON-encoded list of users.\nRequired query-parameter defines if all users or only users with additional special roles are returned.\nOnly accessible from IPs registered with apiAllowedIPs configuration option.", "produces": [ "application/json" ], @@ -885,7 +886,7 @@ const docTemplate = `{ "ApiKeyAuth": [] } ], - "description": "User specified in form data will be saved to database.", + "description": "User specified in form data will be saved to database.\nOnly accessible from IPs registered with apiAllowedIPs configuration option.", "consumes": [ "multipart/form-data" ], @@ -989,7 +990,7 @@ const docTemplate = `{ "ApiKeyAuth": [] } ], - "description": "User defined by username in form data will be deleted from database.", + "description": "User defined by username in form data will be deleted from database.\nOnly accessible from IPs registered with apiAllowedIPs configuration option.", "consumes": [ "multipart/form-data" ], @@ -1781,6 +1782,8 @@ var SwaggerInfo = &swag.Spec{ Description: "API for batch job control.", InfoInstanceName: "swagger", SwaggerTemplate: docTemplate, + LeftDelim: "{{", + RightDelim: "}}", } func init() { From ed5ecbd91454dddb4f96229a75cecfa734ebc424 Mon Sep 17 00:00:00 2001 From: Jan Eitzinger Date: Thu, 7 Sep 2023 15:14:09 +0200 Subject: [PATCH 3/6] fix: Restructure swagger docs --- api/swagger.json | 33 ++++++++++++++------------------- api/swagger.yaml | 28 +++++++++++++--------------- internal/api/docs.go | 33 ++++++++++++++------------------- internal/api/rest.go | 28 +++++++++++++--------------- 4 files changed, 54 insertions(+), 68 deletions(-) diff --git a/api/swagger.json b/api/swagger.json index 69d80ba..6c3bc5c 100644 --- a/api/swagger.json +++ b/api/swagger.json @@ -29,7 +29,7 @@ "application/json" ], "tags": [ - "query" + "Job query" ], "summary": "Lists all jobs", "parameters": [ @@ -127,7 +127,7 @@ "application/json" ], "tags": [ - "remove" + "Job remove" ], "summary": "Remove a job from the sql database", "parameters": [ @@ -199,7 +199,7 @@ "application/json" ], "tags": [ - "remove" + "Job remove" ], "summary": "Remove a job from the sql database", "parameters": [ @@ -269,7 +269,7 @@ "application/json" ], "tags": [ - "remove" + "Job remove" ], "summary": "Remove a job from the sql database", "parameters": [ @@ -342,7 +342,7 @@ "application/json" ], "tags": [ - "add and modify" + "Job add and modify" ], "summary": "Adds a new job as \"running\"", "parameters": [ @@ -408,7 +408,7 @@ "application/json" ], "tags": [ - "add and modify" + "Job add and modify" ], "summary": "Marks job as completed and triggers archiving", "parameters": [ @@ -483,7 +483,7 @@ "application/json" ], "tags": [ - "add and modify" + "Job add and modify" ], "summary": "Marks job as completed and triggers archiving", "parameters": [ @@ -565,7 +565,7 @@ "application/json" ], "tags": [ - "add and modify" + "Job add and modify" ], "summary": "Adds one or more tags to a job", "parameters": [ @@ -638,7 +638,7 @@ "application/json" ], "tags": [ - "query" + "Job query" ], "summary": "Get complete job meta and metric data", "parameters": [ @@ -723,7 +723,7 @@ "text/plain" ], "tags": [ - "add and modify" + "User" ], "summary": "Updates an existing user", "parameters": [ @@ -825,7 +825,7 @@ "application/json" ], "tags": [ - "query" + "User" ], "summary": "Returns a list of users", "parameters": [ @@ -887,7 +887,7 @@ "text/plain" ], "tags": [ - "add and modify" + "User" ], "summary": "Adds a new user", "parameters": [ @@ -991,7 +991,7 @@ "text/plain" ], "tags": [ - "remove" + "User" ], "summary": "Deletes a user", "parameters": [ @@ -1757,10 +1757,5 @@ "name": "X-Auth-Token", "in": "header" } - }, - "tags": [ - { - "name": "Job API" - } - ] + } } \ No newline at end of file diff --git a/api/swagger.yaml b/api/swagger.yaml index 532d5d0..cf3b3e3 100644 --- a/api/swagger.yaml +++ b/api/swagger.yaml @@ -607,7 +607,7 @@ paths: - ApiKeyAuth: [] summary: Lists all jobs tags: - - query + - Job query /jobs/{id}: post: consumes: @@ -665,7 +665,7 @@ paths: - ApiKeyAuth: [] summary: Get complete job meta and metric data tags: - - query + - Job query /jobs/delete_job/: delete: consumes: @@ -715,7 +715,7 @@ paths: - ApiKeyAuth: [] summary: Remove a job from the sql database tags: - - remove + - Job remove /jobs/delete_job/{id}: delete: description: Job to remove is specified by database ID. This will not remove @@ -762,7 +762,7 @@ paths: - ApiKeyAuth: [] summary: Remove a job from the sql database tags: - - remove + - Job remove /jobs/delete_job_before/{ts}: delete: description: Remove all jobs with start time before timestamp. The jobs will @@ -809,7 +809,7 @@ paths: - ApiKeyAuth: [] summary: Remove a job from the sql database tags: - - remove + - Job remove /jobs/start_job/: post: consumes: @@ -856,7 +856,7 @@ paths: - ApiKeyAuth: [] summary: Adds a new job as "running" tags: - - add and modify + - Job add and modify /jobs/stop_job/: post: description: |- @@ -905,7 +905,7 @@ paths: - ApiKeyAuth: [] summary: Marks job as completed and triggers archiving tags: - - add and modify + - Job add and modify /jobs/stop_job/{id}: post: consumes: @@ -961,7 +961,7 @@ paths: - ApiKeyAuth: [] summary: Marks job as completed and triggers archiving tags: - - add and modify + - Job add and modify /jobs/tag_job/{id}: post: consumes: @@ -1010,7 +1010,7 @@ paths: - ApiKeyAuth: [] summary: Adds one or more tags to a job tags: - - add and modify + - Job add and modify /user/{id}: post: consumes: @@ -1084,7 +1084,7 @@ paths: - ApiKeyAuth: [] summary: Updates an existing user tags: - - add and modify + - User /users/: delete: consumes: @@ -1127,7 +1127,7 @@ paths: - ApiKeyAuth: [] summary: Deletes a user tags: - - remove + - User get: description: |- Returns a JSON-encoded list of users. @@ -1169,7 +1169,7 @@ paths: - ApiKeyAuth: [] summary: Returns a list of users tags: - - query + - User post: consumes: - multipart/form-data @@ -1241,12 +1241,10 @@ paths: - ApiKeyAuth: [] summary: Adds a new user tags: - - add and modify + - User securityDefinitions: ApiKeyAuth: in: header name: X-Auth-Token type: apiKey swagger: "2.0" -tags: -- name: Job API diff --git a/internal/api/docs.go b/internal/api/docs.go index 009b64a..bf70cdb 100644 --- a/internal/api/docs.go +++ b/internal/api/docs.go @@ -36,7 +36,7 @@ const docTemplate = `{ "application/json" ], "tags": [ - "query" + "Job query" ], "summary": "Lists all jobs", "parameters": [ @@ -134,7 +134,7 @@ const docTemplate = `{ "application/json" ], "tags": [ - "remove" + "Job remove" ], "summary": "Remove a job from the sql database", "parameters": [ @@ -206,7 +206,7 @@ const docTemplate = `{ "application/json" ], "tags": [ - "remove" + "Job remove" ], "summary": "Remove a job from the sql database", "parameters": [ @@ -276,7 +276,7 @@ const docTemplate = `{ "application/json" ], "tags": [ - "remove" + "Job remove" ], "summary": "Remove a job from the sql database", "parameters": [ @@ -349,7 +349,7 @@ const docTemplate = `{ "application/json" ], "tags": [ - "add and modify" + "Job add and modify" ], "summary": "Adds a new job as \"running\"", "parameters": [ @@ -415,7 +415,7 @@ const docTemplate = `{ "application/json" ], "tags": [ - "add and modify" + "Job add and modify" ], "summary": "Marks job as completed and triggers archiving", "parameters": [ @@ -490,7 +490,7 @@ const docTemplate = `{ "application/json" ], "tags": [ - "add and modify" + "Job add and modify" ], "summary": "Marks job as completed and triggers archiving", "parameters": [ @@ -572,7 +572,7 @@ const docTemplate = `{ "application/json" ], "tags": [ - "add and modify" + "Job add and modify" ], "summary": "Adds one or more tags to a job", "parameters": [ @@ -645,7 +645,7 @@ const docTemplate = `{ "application/json" ], "tags": [ - "query" + "Job query" ], "summary": "Get complete job meta and metric data", "parameters": [ @@ -730,7 +730,7 @@ const docTemplate = `{ "text/plain" ], "tags": [ - "add and modify" + "User" ], "summary": "Updates an existing user", "parameters": [ @@ -832,7 +832,7 @@ const docTemplate = `{ "application/json" ], "tags": [ - "query" + "User" ], "summary": "Returns a list of users", "parameters": [ @@ -894,7 +894,7 @@ const docTemplate = `{ "text/plain" ], "tags": [ - "add and modify" + "User" ], "summary": "Adds a new user", "parameters": [ @@ -998,7 +998,7 @@ const docTemplate = `{ "text/plain" ], "tags": [ - "remove" + "User" ], "summary": "Deletes a user", "parameters": [ @@ -1764,12 +1764,7 @@ const docTemplate = `{ "name": "X-Auth-Token", "in": "header" } - }, - "tags": [ - { - "name": "Job API" - } - ] + } }` // SwaggerInfo holds exported Swagger Info so clients can modify it diff --git a/internal/api/rest.go b/internal/api/rest.go index a6e33fc..1cb2cac 100644 --- a/internal/api/rest.go +++ b/internal/api/rest.go @@ -37,8 +37,6 @@ import ( // @version 1.0.0 // @description API for batch job control. -// @tag.name Job API - // @contact.name ClusterCockpit Project // @contact.url https://github.com/ClusterCockpit // @contact.email support@clustercockpit.org @@ -223,7 +221,7 @@ func securedCheck(r *http.Request) error { // getJobs godoc // @summary Lists all jobs -// @tags query +// @tags Job query // @description Get a list of all jobs. Filters can be applied using query parameters. // @description Number of results can be limited by page. Results are sorted by descending startTime. // @produce json @@ -369,7 +367,7 @@ func (api *RestApi) getJobs(rw http.ResponseWriter, r *http.Request) { // getJobById godoc // @summary Get complete job meta and metric data -// @tags query +// @tags Job query // @description Job to get is specified by database ID // @description Returns full job resource information according to 'JobMeta' scheme and all metrics according to 'JobData'. // @accept json @@ -464,7 +462,7 @@ func (api *RestApi) getJobById(rw http.ResponseWriter, r *http.Request) { // tagJob godoc // @summary Adds one or more tags to a job -// @tags add and modify +// @tags Job add and modify // @description Adds tag(s) to a job specified by DB ID. Name and Type of Tag(s) can be chosen freely. // @description If tagged job is already finished: Tag will be written directly to respective archive files. // @accept json @@ -531,7 +529,7 @@ func (api *RestApi) tagJob(rw http.ResponseWriter, r *http.Request) { // startJob godoc // @summary Adds a new job as "running" -// @tags add and modify +// @tags Job add and modify // @description Job specified in request body will be saved to database as "running" with new DB ID. // @description Job specifications follow the 'JobMeta' scheme, API will fail to execute if requirements are not met. // @accept json @@ -612,7 +610,7 @@ func (api *RestApi) startJob(rw http.ResponseWriter, r *http.Request) { // stopJobById godoc // @summary Marks job as completed and triggers archiving -// @tags add and modify +// @tags Job add and modify // @description Job to stop is specified by database ID. Only stopTime and final state are required in request body. // @description Returns full job resource information according to 'JobMeta' scheme. // @accept json @@ -669,7 +667,7 @@ func (api *RestApi) stopJobById(rw http.ResponseWriter, r *http.Request) { // stopJobByRequest godoc // @summary Marks job as completed and triggers archiving -// @tags add and modify +// @tags Job add and modify // @description Job to stop is specified by request body. All fields are required in this case. // @description Returns full job resource information according to 'JobMeta' scheme. // @produce json @@ -718,7 +716,7 @@ func (api *RestApi) stopJobByRequest(rw http.ResponseWriter, r *http.Request) { // deleteJobById godoc // @summary Remove a job from the sql database -// @tags remove +// @tags Job remove // @description Job to remove is specified by database ID. This will not remove the job from the job archive. // @produce json // @param id path int true "Database ID of Job" @@ -765,7 +763,7 @@ func (api *RestApi) deleteJobById(rw http.ResponseWriter, r *http.Request) { // deleteJobByRequest godoc // @summary Remove a job from the sql database -// @tags remove +// @tags Job remove // @description Job to delete is specified by request body. All fields are required in this case. // @accept json // @produce json @@ -823,7 +821,7 @@ func (api *RestApi) deleteJobByRequest(rw http.ResponseWriter, r *http.Request) // deleteJobBefore godoc // @summary Remove a job from the sql database -// @tags remove +// @tags Job remove // @description Remove all jobs with start time before timestamp. The jobs will not be removed from the job archive. // @produce json // @param ts path int true "Unix epoch timestamp" @@ -955,7 +953,7 @@ func (api *RestApi) getJobMetrics(rw http.ResponseWriter, r *http.Request) { // createUser godoc // @summary Adds a new user -// @tags add and modify +// @tags User // @description User specified in form data will be saved to database. // @description Only accessible from IPs registered with apiAllowedIPs configuration option. // @accept mpfd @@ -1023,7 +1021,7 @@ func (api *RestApi) createUser(rw http.ResponseWriter, r *http.Request) { // deleteUser godoc // @summary Deletes a user -// @tags remove +// @tags User // @description User defined by username in form data will be deleted from database. // @description Only accessible from IPs registered with apiAllowedIPs configuration option. // @accept mpfd @@ -1060,7 +1058,7 @@ func (api *RestApi) deleteUser(rw http.ResponseWriter, r *http.Request) { // getUsers godoc // @summary Returns a list of users -// @tags query +// @tags User // @description Returns a JSON-encoded list of users. // @description Required query-parameter defines if all users or only users with additional special roles are returned. // @description Only accessible from IPs registered with apiAllowedIPs configuration option. @@ -1096,7 +1094,7 @@ func (api *RestApi) getUsers(rw http.ResponseWriter, r *http.Request) { // updateUser godoc // @summary Updates an existing user -// @tags add and modify +// @tags User // @description Modifies user defined by username (id) in one of four possible ways. // @description If more than one formValue is set then only the highest priority field is used. // @description Only accessible from IPs registered with apiAllowedIPs configuration option. From 2b3e2f25ecd95e6c139581b577f05db247bd68cf Mon Sep 17 00:00:00 2001 From: Jan Eitzinger Date: Thu, 7 Sep 2023 15:25:22 +0200 Subject: [PATCH 4/6] fix: Add correct duration string for max-age option --- configs/config-demo.json | 2 +- configs/config.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/configs/config-demo.json b/configs/config-demo.json index 578aa37..8423758 100644 --- a/configs/config-demo.json +++ b/configs/config-demo.json @@ -5,7 +5,7 @@ "path": "./var/job-archive" }, "jwts": { - "max-age": "2m" + "max-age": "2000h" }, "clusters": [ { diff --git a/configs/config.json b/configs/config.json index fbc3343..d5b8ada 100644 --- a/configs/config.json +++ b/configs/config.json @@ -43,7 +43,7 @@ "jwts": { "cookieName": "", "validateUser": false, - "max-age": "2m", + "max-age": "2000h", "trustedIssuer": "" }, "short-running-jobs-duration": 300 From a407a5cf01ca3d9c203a09a227b87f1026fca6a8 Mon Sep 17 00:00:00 2001 From: Jan Eitzinger Date: Thu, 7 Sep 2023 15:27:46 +0200 Subject: [PATCH 5/6] Add note on apiAllowedIPs to Release Notes --- ReleaseNotes.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ReleaseNotes.md b/ReleaseNotes.md index 5ff796e..f655b13 100644 --- a/ReleaseNotes.md +++ b/ReleaseNotes.md @@ -25,6 +25,10 @@ is not the number of cores the core hours will be too high by a factor! validity. Some key names have changed, please refer to [config documentation](./configs/README.md) for details. +* The following API endpoints are only accessible from IPs registered using the apiAllowedIPs configuration option: + - `/users/` [GET, POST, DELETE] + - `/user/{id}` [POST] + ** NOTE ** If you are using the sqlite3 backend the `PRAGMA` option `foreign_keys` must be explicitly set to ON. If using the sqlite3 console it is per default set to From 7a5ccff6da0957f38dbde2c66c899da455a735a4 Mon Sep 17 00:00:00 2001 From: Jan Eitzinger Date: Thu, 7 Sep 2023 16:36:47 +0200 Subject: [PATCH 6/6] fix: Remove port before IP check --- internal/api/rest.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/internal/api/rest.go b/internal/api/rest.go index 1cb2cac..11682ee 100644 --- a/internal/api/rest.go +++ b/internal/api/rest.go @@ -210,6 +210,10 @@ func securedCheck(r *http.Request) error { IPAddress = r.RemoteAddr } + if strings.Contains(IPAddress, ":") { + IPAddress = strings.Split(IPAddress, ":")[0] + } + // check if IP is allowed if !util.Contains(config.Keys.ApiAllowedIPs, IPAddress) { return fmt.Errorf("unknown ip: %v", IPAddress)