The /execute endpoint should require authentication as well

This commit is contained in:
Fabio Manganiello 2020-11-28 15:28:09 +01:00
parent dea547a491
commit 229b2de566
3 changed files with 4 additions and 10 deletions

View file

@ -1,4 +1,4 @@
from flask import Blueprint, request, render_template from flask import Blueprint, render_template
from platypush.backend.http.app import template_folder from platypush.backend.http.app import template_folder
from platypush.backend.http.app.utils import authenticate, get_websocket_port from platypush.backend.http.app.utils import authenticate, get_websocket_port
@ -12,9 +12,10 @@ __routes__ = [
] ]
# noinspection PyUnusedLocal
@dashboard.route('/dashboard/<name>', methods=['GET']) @dashboard.route('/dashboard/<name>', methods=['GET'])
@authenticate() @authenticate()
def render_dashboard(*_, **__): def render_dashboard(name):
""" Route for the dashboard """ """ Route for the dashboard """
return render_template('index.html', return render_template('index.html',
utils=HttpUtils, utils=HttpUtils,

View file

@ -14,7 +14,7 @@ __routes__ = [
@execute.route('/execute', methods=['POST']) @execute.route('/execute', methods=['POST'])
@authenticate(skip_auth_methods=['session']) @authenticate()
def execute(): def execute():
""" Endpoint to execute commands """ """ Endpoint to execute commands """
try: try:

View file

@ -15,13 +15,6 @@ export default {
request['type'] = 'request' request['type'] = 'request'
} }
// TODO Proper auth/token management
// if (window.config.token) {
// opts.headers = {
// 'X-Token': window.config.token
// }
// }
if (timeout) { if (timeout) {
opts.timeout = timeout opts.timeout = timeout
} }