ClusterCockpit/cc-backend
1
0
Fork 0
mirror of https://github.com/ClusterCockpit/cc-backend synced 2024-11-10 08:57:25 +01:00
Code Issues Packages Releases Activity

fix: Add documentation for apiAllowedIPs option

Browse Source
This commit is contained in:
Jan Eitzinger 2023-09-07 14:03:41 +02:00
parent 0f34c8cac6
commit c68b9fec42
3 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
configs/README.md
View File

@ -9,6 +9,7 @@ It is supported to set these by means of a `.env` file in the project root.
## Configuration Options ## Configuration Options
* `addr`: Type string. Address where the http (or https) server will listen on (for example: 'localhost:80'). Default `:8080`. * `addr`: Type string. Address where the http (or https) server will listen on (for example: 'localhost:80'). Default `:8080`.
* `apiAllowedIPs`: Type string array. Addresses from which the secured API endpoints (/users and other auth related endpoints) can be reached
* `user`: Type string. Drop root permissions once .env was read and the port was taken. Only applicable if using privileged port. * `user`: Type string. Drop root permissions once .env was read and the port was taken. Only applicable if using privileged port.
* `group`: Type string. Drop root permissions once .env was read and the port was taken. Only applicable if using privileged port. * `group`: Type string. Drop root permissions once .env was read and the port was taken. Only applicable if using privileged port.
* `disable-authentication`: Type bool. Disable authentication (for everything: API, Web-UI, ...). Default `false`. * `disable-authentication`: Type bool. Disable authentication (for everything: API, Web-UI, ...). Default `false`.

4
internal/api/rest.go
View File

@ -957,6 +957,7 @@ func (api *RestApi) getJobMetrics(rw http.ResponseWriter, r *http.Request) {
// @summary Adds a new user // @summary Adds a new user
// @tags add and modify // @tags add and modify
// @description User specified in form data will be saved to database. // @description User specified in form data will be saved to database.
// @description Only accessible from IPs registered with apiAllowedIPs configuration option.
// @accept mpfd // @accept mpfd
// @produce plain // @produce plain
// @param username formData string true "Unique user ID" // @param username formData string true "Unique user ID"
@ -1024,6 +1025,7 @@ func (api *RestApi) createUser(rw http.ResponseWriter, r *http.Request) {
// @summary Deletes a user // @summary Deletes a user
// @tags remove // @tags remove
// @description User defined by username in form data will be deleted from database. // @description User defined by username in form data will be deleted from database.
// @description Only accessible from IPs registered with apiAllowedIPs configuration option.
// @accept mpfd // @accept mpfd
// @produce plain // @produce plain
// @param username formData string true "User ID to delete" // @param username formData string true "User ID to delete"
@ -1061,6 +1063,7 @@ func (api *RestApi) deleteUser(rw http.ResponseWriter, r *http.Request) {
// @tags query // @tags query
// @description Returns a JSON-encoded list of users. // @description Returns a JSON-encoded list of users.
// @description Required query-parameter defines if all users or only users with additional special roles are returned. // @description Required query-parameter defines if all users or only users with additional special roles are returned.
// @description Only accessible from IPs registered with apiAllowedIPs configuration option.
// @produce json // @produce json
// @param not-just-user query bool true "If returned list should contain all users or only users with additional special roles" // @param not-just-user query bool true "If returned list should contain all users or only users with additional special roles"
// @success 200 {array} api.ApiReturnedUser "List of users returned successfully" // @success 200 {array} api.ApiReturnedUser "List of users returned successfully"
@ -1096,6 +1099,7 @@ func (api *RestApi) getUsers(rw http.ResponseWriter, r *http.Request) {
// @tags add and modify // @tags add and modify
// @description Modifies user defined by username (id) in one of four possible ways. // @description Modifies user defined by username (id) in one of four possible ways.
// @description If more than one formValue is set then only the highest priority field is used. // @description If more than one formValue is set then only the highest priority field is used.
// @description Only accessible from IPs registered with apiAllowedIPs configuration option.
// @accept mpfd // @accept mpfd
// @produce plain // @produce plain
// @param id path string true "Database ID of User" // @param id path string true "Database ID of User"

2
pkg/schema/config.go
View File

@ -76,7 +76,7 @@ type ProgramConfig struct {
// Address where the http (or https) server will listen on (for example: 'localhost:80'). // Address where the http (or https) server will listen on (for example: 'localhost:80').
Addr string `json:"addr"` Addr string `json:"addr"`
// Addresses from which the /api/secured/* API endpoints can be reached // Addresses from which secured API endpoints can be reached
ApiAllowedIPs []string `json:"apiAllowedIPs"` ApiAllowedIPs []string `json:"apiAllowedIPs"`
// Drop root permissions once .env was read and the port was taken. // Drop root permissions once .env was read and the port was taken.