The /execute endpoint should require authentication as well

This commit is contained in:
Fabio Manganiello 2020-11-28 15:28:09 +01:00
parent dea547a491
commit 229b2de566
3 changed files with 4 additions and 10 deletions

View file

@ -1,4 +1,4 @@
from flask import Blueprint, request, render_template
from flask import Blueprint, render_template
from platypush.backend.http.app import template_folder
from platypush.backend.http.app.utils import authenticate, get_websocket_port
@ -12,9 +12,10 @@ __routes__ = [
]
# noinspection PyUnusedLocal
@dashboard.route('/dashboard/<name>', methods=['GET'])
@authenticate()
def render_dashboard(*_, **__):
def render_dashboard(name):
""" Route for the dashboard """
return render_template('index.html',
utils=HttpUtils,

View file

@ -14,7 +14,7 @@ __routes__ = [
@execute.route('/execute', methods=['POST'])
@authenticate(skip_auth_methods=['session'])
@authenticate()
def execute():
""" Endpoint to execute commands """
try:

View file

@ -15,13 +15,6 @@ export default {
request['type'] = 'request'
}
// TODO Proper auth/token management
// if (window.config.token) {
// opts.headers = {
// 'X-Token': window.config.token
// }
// }
if (timeout) {
opts.timeout = timeout
}