mirror of
https://github.com/mattermost/mattermost.git
synced 2025-02-25 18:55:24 -06:00
0d89ff5d0e
* [MM-24146] Add unix socket listener for mmctl local mode (#14296) * add unix socket listener for mmctl local mode * add a constant for local-mode socket path * reflect review comments * [MM-24401] Base approach for Local Mode (#14333) * add unix socket listener for mmctl local mode * First working PoC * Adds the channel list endpoint * Add team list endpoint * Add a LocalClient to the api test helper and start local mode * Add helper to test with both SystemAdmin and Local clients * Add some docs * Adds TestForAllClients test helper * Incorporating @ashishbhate's proposal for adding test names to the helpers * Fix init errors after merge * Adds create channel tests * Always init local mode to allow for enabling-disabling it via config * Check the RemoteAddr of the request before marking session as local * Mark the request as errored if it's local and the origin is remote * Set the socket permissions to read/write when initialising * Fix linter * Replace RemoteAddr check to ditch connections with the IP:PORT shape Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com> * Fix translations order * [MM-24832] Migrate plugin endpoints to local mode (#14543) * [MM-24832] Migrate plugin endpoints to local mode * Fix client reference in helper * [MM-24776] Migrate config endpoints to local mode (#14544) * [MM-24776] Migrate get config endpoint to local mode * [MM-24777] Migrate update config endpoint to local mode * Fix update config to bypass RestrictSystemAdmin flag * Add patchConfig endpoint * MM-24774/MM-24755: local mode for addLicense and removeLicense (#14491) Automatic Merge Co-authored-by: Ibrahim Serdar Acikgoz <serdaracikgoz86@gmail.com> Co-authored-by: Ashish Bhate <bhate.ashish@gmail.com>
158 lines
5.4 KiB
Go
158 lines
5.4 KiB
Go
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
|
// See LICENSE.txt for license information.
|
|
|
|
package api4
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/mattermost/mattermost-server/v5/web"
|
|
"github.com/mkraft/gziphandler"
|
|
)
|
|
|
|
type Context = web.Context
|
|
|
|
// ApiHandler provides a handler for API endpoints which do not require the user to be logged in order for access to be
|
|
// granted.
|
|
func (api *API) ApiHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
|
|
handler := &web.Handler{
|
|
GetGlobalAppOptions: api.GetGlobalAppOptions,
|
|
HandleFunc: h,
|
|
HandlerName: web.GetHandlerName(h),
|
|
RequireSession: false,
|
|
TrustRequester: false,
|
|
RequireMfa: false,
|
|
IsStatic: false,
|
|
IsLocal: false,
|
|
}
|
|
if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" {
|
|
return gziphandler.GzipHandler(handler)
|
|
}
|
|
return handler
|
|
}
|
|
|
|
// ApiSessionRequired provides a handler for API endpoints which require the user to be logged in in order for access to
|
|
// be granted.
|
|
func (api *API) ApiSessionRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
|
|
handler := &web.Handler{
|
|
GetGlobalAppOptions: api.GetGlobalAppOptions,
|
|
HandleFunc: h,
|
|
HandlerName: web.GetHandlerName(h),
|
|
RequireSession: true,
|
|
TrustRequester: false,
|
|
RequireMfa: true,
|
|
IsStatic: false,
|
|
IsLocal: false,
|
|
}
|
|
if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" {
|
|
return gziphandler.GzipHandler(handler)
|
|
}
|
|
return handler
|
|
|
|
}
|
|
|
|
// ApiSessionRequiredMfa provides a handler for API endpoints which require a logged-in user session but when accessed,
|
|
// if MFA is enabled, the MFA process is not yet complete, and therefore the requirement to have completed the MFA
|
|
// authentication must be waived.
|
|
func (api *API) ApiSessionRequiredMfa(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
|
|
handler := &web.Handler{
|
|
GetGlobalAppOptions: api.GetGlobalAppOptions,
|
|
HandleFunc: h,
|
|
HandlerName: web.GetHandlerName(h),
|
|
RequireSession: true,
|
|
TrustRequester: false,
|
|
RequireMfa: false,
|
|
IsStatic: false,
|
|
IsLocal: false,
|
|
}
|
|
if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" {
|
|
return gziphandler.GzipHandler(handler)
|
|
}
|
|
return handler
|
|
|
|
}
|
|
|
|
// ApiHandlerTrustRequester provides a handler for API endpoints which do not require the user to be logged in and are
|
|
// allowed to be requested directly rather than via javascript/XMLHttpRequest, such as site branding images or the
|
|
// websocket.
|
|
func (api *API) ApiHandlerTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
|
|
handler := &web.Handler{
|
|
GetGlobalAppOptions: api.GetGlobalAppOptions,
|
|
HandleFunc: h,
|
|
HandlerName: web.GetHandlerName(h),
|
|
RequireSession: false,
|
|
TrustRequester: true,
|
|
RequireMfa: false,
|
|
IsStatic: false,
|
|
IsLocal: false,
|
|
}
|
|
if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" {
|
|
return gziphandler.GzipHandler(handler)
|
|
}
|
|
return handler
|
|
|
|
}
|
|
|
|
// ApiSessionRequiredTrustRequester provides a handler for API endpoints which do require the user to be logged in and
|
|
// are allowed to be requested directly rather than via javascript/XMLHttpRequest, such as emoji or file uploads.
|
|
func (api *API) ApiSessionRequiredTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
|
|
handler := &web.Handler{
|
|
GetGlobalAppOptions: api.GetGlobalAppOptions,
|
|
HandleFunc: h,
|
|
HandlerName: web.GetHandlerName(h),
|
|
RequireSession: true,
|
|
TrustRequester: true,
|
|
RequireMfa: true,
|
|
IsStatic: false,
|
|
IsLocal: false,
|
|
}
|
|
if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" {
|
|
return gziphandler.GzipHandler(handler)
|
|
}
|
|
return handler
|
|
|
|
}
|
|
|
|
// DisableWhenBusy provides a handler for API endpoints which should be disabled when the server is under load,
|
|
// responding with HTTP 503 (Service Unavailable).
|
|
func (api *API) ApiSessionRequiredDisableWhenBusy(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
|
|
handler := &web.Handler{
|
|
GetGlobalAppOptions: api.GetGlobalAppOptions,
|
|
HandleFunc: h,
|
|
HandlerName: web.GetHandlerName(h),
|
|
RequireSession: true,
|
|
TrustRequester: false,
|
|
RequireMfa: false,
|
|
IsStatic: false,
|
|
IsLocal: false,
|
|
DisableWhenBusy: true,
|
|
}
|
|
if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" {
|
|
return gziphandler.GzipHandler(handler)
|
|
}
|
|
return handler
|
|
|
|
}
|
|
|
|
// ApiLocal provides a handler for API endpoints to be used in local
|
|
// mode, this is, through a UNIX socket and without an authenticated
|
|
// session, but with one that has no user set and no permission
|
|
// restrictions
|
|
func (api *API) ApiLocal(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
|
|
handler := &web.Handler{
|
|
GetGlobalAppOptions: api.GetGlobalAppOptions,
|
|
HandleFunc: h,
|
|
HandlerName: web.GetHandlerName(h),
|
|
RequireSession: false,
|
|
TrustRequester: false,
|
|
RequireMfa: false,
|
|
IsStatic: false,
|
|
IsLocal: true,
|
|
}
|
|
|
|
if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" {
|
|
return gziphandler.GzipHandler(handler)
|
|
}
|
|
return handler
|
|
}
|