mirror of
https://github.com/meilisearch/MeiliSearch
synced 2024-11-26 23:04:26 +01:00
Restrict master key access to /keys routes
This commit is contained in:
parent
34c8888f56
commit
a57b2d9538
@ -159,22 +159,9 @@ pub mod policies {
|
|||||||
Some(uid)
|
Some(uid)
|
||||||
}
|
}
|
||||||
|
|
||||||
pub struct MasterPolicy;
|
fn is_keys_action(action: u8) -> bool {
|
||||||
|
use actions::*;
|
||||||
impl Policy for MasterPolicy {
|
matches!(action, KEYS_GET | KEYS_CREATE | KEYS_UPDATE | KEYS_DELETE)
|
||||||
fn authenticate(
|
|
||||||
auth: AuthController,
|
|
||||||
token: &str,
|
|
||||||
_index: Option<&str>,
|
|
||||||
) -> Option<AuthFilter> {
|
|
||||||
if let Some(master_key) = auth.get_master_key() {
|
|
||||||
if master_key == token {
|
|
||||||
return Some(AuthFilter::default());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
None
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pub struct ActionPolicy<const A: u8>;
|
pub struct ActionPolicy<const A: u8>;
|
||||||
@ -186,7 +173,12 @@ pub mod policies {
|
|||||||
index: Option<&str>,
|
index: Option<&str>,
|
||||||
) -> Option<AuthFilter> {
|
) -> Option<AuthFilter> {
|
||||||
// authenticate if token is the master key.
|
// authenticate if token is the master key.
|
||||||
if auth.get_master_key().map_or(true, |mk| mk == token) {
|
// master key can only have access to keys routes.
|
||||||
|
// if master key is None only keys routes are inaccessible.
|
||||||
|
if auth
|
||||||
|
.get_master_key()
|
||||||
|
.map_or_else(|| !is_keys_action(A), |mk| mk == token && is_keys_action(A))
|
||||||
|
{
|
||||||
return Some(AuthFilter::default());
|
return Some(AuthFilter::default());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user