mirror of
https://github.com/mattermost/mattermost.git
synced 2025-02-25 18:55:24 -06:00
02196e04fa
Remote Cluster Service - provides ability for multiple Mattermost cluster instances to create a trusted connection with each other and exchange messages - trusted connections are managed via slash commands (for now) - facilitates features requiring inter-cluster communication, such as Shared Channels Shared Channels Service - provides ability to shared channels between one or more Mattermost cluster instances (using trusted connection) - sharing/unsharing of channels is managed via slash commands (for now)
199 lines
6.8 KiB
Go
199 lines
6.8 KiB
Go
// Copyright (c) 2015-present Mattermost, Inc. All Rights Reserved.
|
|
// See LICENSE.txt for license information.
|
|
|
|
package api4
|
|
|
|
import (
|
|
"net/http"
|
|
|
|
"github.com/NYTimes/gziphandler"
|
|
|
|
"github.com/mattermost/mattermost-server/v5/web"
|
|
)
|
|
|
|
type Context = web.Context
|
|
|
|
// ApiHandler provides a handler for API endpoints which do not require the user to be logged in order for access to be
|
|
// granted.
|
|
func (api *API) ApiHandler(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
|
|
handler := &web.Handler{
|
|
GetGlobalAppOptions: api.GetGlobalAppOptions,
|
|
HandleFunc: h,
|
|
HandlerName: web.GetHandlerName(h),
|
|
RequireSession: false,
|
|
TrustRequester: false,
|
|
RequireMfa: false,
|
|
IsStatic: false,
|
|
IsLocal: false,
|
|
}
|
|
if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" {
|
|
return gziphandler.GzipHandler(handler)
|
|
}
|
|
return handler
|
|
}
|
|
|
|
// ApiSessionRequired provides a handler for API endpoints which require the user to be logged in in order for access to
|
|
// be granted.
|
|
func (api *API) ApiSessionRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
|
|
handler := &web.Handler{
|
|
GetGlobalAppOptions: api.GetGlobalAppOptions,
|
|
HandleFunc: h,
|
|
HandlerName: web.GetHandlerName(h),
|
|
RequireSession: true,
|
|
TrustRequester: false,
|
|
RequireMfa: true,
|
|
IsStatic: false,
|
|
IsLocal: false,
|
|
}
|
|
if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" {
|
|
return gziphandler.GzipHandler(handler)
|
|
}
|
|
return handler
|
|
|
|
}
|
|
|
|
// CloudApiKeyRequired provides a handler for webhook endpoints to access Cloud installations from CWS
|
|
func (api *API) CloudApiKeyRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
|
|
handler := &web.Handler{
|
|
GetGlobalAppOptions: api.GetGlobalAppOptions,
|
|
HandleFunc: h,
|
|
HandlerName: web.GetHandlerName(h),
|
|
RequireSession: false,
|
|
RequireCloudKey: true,
|
|
TrustRequester: false,
|
|
RequireMfa: false,
|
|
IsStatic: false,
|
|
IsLocal: false,
|
|
}
|
|
if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" {
|
|
return gziphandler.GzipHandler(handler)
|
|
}
|
|
return handler
|
|
|
|
}
|
|
|
|
// RemoteClusterTokenRequired provides a handler for remote cluster requests to /remotecluster endpoints.
|
|
func (api *API) RemoteClusterTokenRequired(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
|
|
handler := &web.Handler{
|
|
GetGlobalAppOptions: api.GetGlobalAppOptions,
|
|
HandleFunc: h,
|
|
HandlerName: web.GetHandlerName(h),
|
|
RequireSession: false,
|
|
RequireCloudKey: false,
|
|
RequireRemoteClusterToken: true,
|
|
TrustRequester: false,
|
|
RequireMfa: false,
|
|
IsStatic: false,
|
|
IsLocal: false,
|
|
}
|
|
if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" {
|
|
return gziphandler.GzipHandler(handler)
|
|
}
|
|
return handler
|
|
}
|
|
|
|
// ApiSessionRequiredMfa provides a handler for API endpoints which require a logged-in user session but when accessed,
|
|
// if MFA is enabled, the MFA process is not yet complete, and therefore the requirement to have completed the MFA
|
|
// authentication must be waived.
|
|
func (api *API) ApiSessionRequiredMfa(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
|
|
handler := &web.Handler{
|
|
GetGlobalAppOptions: api.GetGlobalAppOptions,
|
|
HandleFunc: h,
|
|
HandlerName: web.GetHandlerName(h),
|
|
RequireSession: true,
|
|
TrustRequester: false,
|
|
RequireMfa: false,
|
|
IsStatic: false,
|
|
IsLocal: false,
|
|
}
|
|
if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" {
|
|
return gziphandler.GzipHandler(handler)
|
|
}
|
|
return handler
|
|
|
|
}
|
|
|
|
// ApiHandlerTrustRequester provides a handler for API endpoints which do not require the user to be logged in and are
|
|
// allowed to be requested directly rather than via javascript/XMLHttpRequest, such as site branding images or the
|
|
// websocket.
|
|
func (api *API) ApiHandlerTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
|
|
handler := &web.Handler{
|
|
GetGlobalAppOptions: api.GetGlobalAppOptions,
|
|
HandleFunc: h,
|
|
HandlerName: web.GetHandlerName(h),
|
|
RequireSession: false,
|
|
TrustRequester: true,
|
|
RequireMfa: false,
|
|
IsStatic: false,
|
|
IsLocal: false,
|
|
}
|
|
if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" {
|
|
return gziphandler.GzipHandler(handler)
|
|
}
|
|
return handler
|
|
|
|
}
|
|
|
|
// ApiSessionRequiredTrustRequester provides a handler for API endpoints which do require the user to be logged in and
|
|
// are allowed to be requested directly rather than via javascript/XMLHttpRequest, such as emoji or file uploads.
|
|
func (api *API) ApiSessionRequiredTrustRequester(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
|
|
handler := &web.Handler{
|
|
GetGlobalAppOptions: api.GetGlobalAppOptions,
|
|
HandleFunc: h,
|
|
HandlerName: web.GetHandlerName(h),
|
|
RequireSession: true,
|
|
TrustRequester: true,
|
|
RequireMfa: true,
|
|
IsStatic: false,
|
|
IsLocal: false,
|
|
}
|
|
if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" {
|
|
return gziphandler.GzipHandler(handler)
|
|
}
|
|
return handler
|
|
|
|
}
|
|
|
|
// DisableWhenBusy provides a handler for API endpoints which should be disabled when the server is under load,
|
|
// responding with HTTP 503 (Service Unavailable).
|
|
func (api *API) ApiSessionRequiredDisableWhenBusy(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
|
|
handler := &web.Handler{
|
|
GetGlobalAppOptions: api.GetGlobalAppOptions,
|
|
HandleFunc: h,
|
|
HandlerName: web.GetHandlerName(h),
|
|
RequireSession: true,
|
|
TrustRequester: false,
|
|
RequireMfa: false,
|
|
IsStatic: false,
|
|
IsLocal: false,
|
|
DisableWhenBusy: true,
|
|
}
|
|
if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" {
|
|
return gziphandler.GzipHandler(handler)
|
|
}
|
|
return handler
|
|
|
|
}
|
|
|
|
// ApiLocal provides a handler for API endpoints to be used in local
|
|
// mode, this is, through a UNIX socket and without an authenticated
|
|
// session, but with one that has no user set and no permission
|
|
// restrictions
|
|
func (api *API) ApiLocal(h func(*Context, http.ResponseWriter, *http.Request)) http.Handler {
|
|
handler := &web.Handler{
|
|
GetGlobalAppOptions: api.GetGlobalAppOptions,
|
|
HandleFunc: h,
|
|
HandlerName: web.GetHandlerName(h),
|
|
RequireSession: false,
|
|
TrustRequester: false,
|
|
RequireMfa: false,
|
|
IsStatic: false,
|
|
IsLocal: true,
|
|
}
|
|
|
|
if *api.ConfigService.Config().ServiceSettings.WebserverMode == "gzip" {
|
|
return gziphandler.GzipHandler(handler)
|
|
}
|
|
return handler
|
|
}
|