Snapshot: Fix http api (#18830)

(cherry picked from commit be2e2330f5)
2025-02-13 00:55:47 -06:00 · 2019-09-02 15:15:46 +02:00 · 2019-09-02 15:15:46 +02:00 · 964c2e722f
commit 964c2e722f
parent 2672b92206
6 changed files with 47 additions and 7 deletions
--- a/conf/defaults.ini
+++ b/conf/defaults.ini
@ -214,6 +214,10 @@ external_enabled = true
 external_snapshot_url = https://snapshots-origin.raintank.io
 external_snapshot_name = Publish to snapshot.raintank.io

+# Set to true to enable this Grafana instance act as an external snapshot server and allow unauthenticated requests for
+# creating and deleting snapshots.
+public_mode = false
+
 # remove expired snapshot
 snapshot_remove_expired = true

--- a/conf/sample.ini
+++ b/conf/sample.ini
@ -209,6 +209,10 @@
 ;external_snapshot_url = https://snapshots-origin.raintank.io
 ;external_snapshot_name = Publish to snapshot.raintank.io

+# Set to true to enable this Grafana instance act as an external snapshot server and allow unauthenticated requests for
+# creating and deleting snapshots.
+;public_mode = false
+
 # remove expired snapshot
 ;snapshot_remove_expired = true

--- a/pkg/api/api.go
+++ b/pkg/api/api.go
@ -15,6 +15,7 @@ func (hs *HTTPServer) registerRoutes() {
 	reqEditorRole := middleware.ReqEditorRole
 	reqOrgAdmin := middleware.ReqOrgAdmin
 	reqCanAccessTeams := middleware.AdminOrFeatureEnabled(hs.Cfg.EditorsCanAdmin)
+	reqSnapshotPublicModeOrSignedIn := middleware.SnapshotPublicModeOrSignedIn()
 	redirectFromLegacyDashboardURL := middleware.RedirectFromLegacyDashboardURL()
 	redirectFromLegacyDashboardSoloURL := middleware.RedirectFromLegacyDashboardSoloURL()
 	quota := middleware.Quota(hs.QuotaService)
@ -104,13 +105,6 @@ func (hs *HTTPServer) registerRoutes() {
 	r.Get("/dashboard/snapshot/*", hs.Index)
 	r.Get("/dashboard/snapshots/", reqSignedIn, hs.Index)

-	// api for dashboard snapshots
-	r.Post("/api/snapshots/", bind(models.CreateDashboardSnapshotCommand{}), CreateDashboardSnapshot)
-	r.Get("/api/snapshot/shared-options/", GetSharingOptions)
-	r.Get("/api/snapshots/:key", GetDashboardSnapshot)
-	r.Get("/api/snapshots-delete/:deleteKey", Wrap(DeleteDashboardSnapshotByDeleteKey))
-	r.Delete("/api/snapshots/:key", reqEditorRole, Wrap(DeleteDashboardSnapshot))
-
 	// api renew session based on cookie
 	r.Get("/api/login/ping", quota("session"), Wrap(hs.LoginAPIPing))

@ -418,4 +412,11 @@ func (hs *HTTPServer) registerRoutes() {

 	// streams
 	//r.Post("/api/streams/push", reqSignedIn, bind(dtos.StreamMessage{}), liveConn.PushToStream)
+
+	// Snapshots
+	r.Post("/api/snapshots/", reqSnapshotPublicModeOrSignedIn, bind(models.CreateDashboardSnapshotCommand{}), CreateDashboardSnapshot)
+	r.Get("/api/snapshot/shared-options/", reqSignedIn, GetSharingOptions)
+	r.Get("/api/snapshots/:key", GetDashboardSnapshot)
+	r.Get("/api/snapshots-delete/:deleteKey", reqSnapshotPublicModeOrSignedIn, Wrap(DeleteDashboardSnapshotByDeleteKey))
+	r.Delete("/api/snapshots/:key", reqEditorRole, Wrap(DeleteDashboardSnapshot))
 }
--- a/pkg/middleware/auth.go
+++ b/pkg/middleware/auth.go
@ -103,3 +103,16 @@ func AdminOrFeatureEnabled(enabled bool) macaron.Handler {
 		}
 	}
 }
+
+func SnapshotPublicModeOrSignedIn() macaron.Handler {
+	return func(c *m.ReqContext) {
+		if setting.SnapshotPublicMode {
+			return
+		}
+
+		_, err := c.Invoke(ReqSignedIn)
+		if err != nil {
+			c.JsonApiErr(500, "Failed to invoke required signed in middleware", err)
+		}
+	}
+}
--- a/pkg/middleware/auth_test.go
+++ b/pkg/middleware/auth_test.go
@ -3,6 +3,8 @@ package middleware
 import (
 	"testing"

+	"github.com/grafana/grafana/pkg/setting"
+
 	. "github.com/smartystreets/goconvey/convey"
 )

@ -31,5 +33,19 @@ func TestMiddlewareAuth(t *testing.T) {
 			})
 		})

+		Convey("snapshot public mode or signed in", func() {
+			middlewareScenario(t, "Snapshot public mode disabled and unauthenticated request should return 401", func(sc *scenarioContext) {
+				sc.m.Get("/api/snapshot", SnapshotPublicModeOrSignedIn(), sc.defaultHandler)
+				sc.fakeReq("GET", "/api/snapshot").exec()
+				So(sc.resp.Code, ShouldEqual, 401)
+			})
+
+			middlewareScenario(t, "Snapshot public mode enabled and unauthenticated request should return 200", func(sc *scenarioContext) {
+				setting.SnapshotPublicMode = true
+				sc.m.Get("/api/snapshot", SnapshotPublicModeOrSignedIn(), sc.defaultHandler)
+				sc.fakeReq("GET", "/api/snapshot").exec()
+				So(sc.resp.Code, ShouldEqual, 200)
+			})
+		})
 	})
 }
--- a/pkg/setting/setting.go
+++ b/pkg/setting/setting.go
@ -108,6 +108,7 @@ var (
 	ExternalSnapshotName  string
 	ExternalEnabled       bool
 	SnapShotRemoveExpired bool
+	SnapshotPublicMode    bool

 	// Dashboard history
 	DashboardVersionsToKeep int
@ -734,6 +735,7 @@ func (cfg *Cfg) Load(args *CommandLineArgs) error {
 	}
 	ExternalEnabled = snapshots.Key("external_enabled").MustBool(true)
 	SnapShotRemoveExpired = snapshots.Key("snapshot_remove_expired").MustBool(true)
+	SnapshotPublicMode = snapshots.Key("public_mode").MustBool(false)

 	// read dashboard settings
 	dashboards := iniFile.Section("dashboards")