shpaq/sct-overseerr
1
0
Fork 0
mirror of https://github.com/sct/overseerr.git synced 2025-09-17 17:24:35 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(api): accept the api key to perform actions on the api with X-API-Key header

Browse Source
This commit is contained in:
sct
2020-12-15 14:13:41 +00:00
parent 20b119c1ac
commit 33f8831e88
2 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
overseerr-api.yml
View File

@@ -966,6 +966,10 @@ components:
type: apiKey type: apiKey
name: connect.sid name: connect.sid
in: cookie in: cookie
apiKey:
type: apiKey
in: header
name: X-Api-Key
paths: paths:
/settings/main: /settings/main:
@@ -2485,3 +2489,4 @@ paths:
security: security:
- cookieAuth: [] - cookieAuth: []
- apiKey: []

18
server/middleware/auth.ts
View File

@@ -1,9 +1,25 @@
import { getRepository } from 'typeorm'; import { getRepository } from 'typeorm';
import { User } from '../entity/User'; import { User } from '../entity/User';
import { Permission } from '../lib/permissions'; import { Permission } from '../lib/permissions';
import { getSettings } from '../lib/settings';
export const checkUser: Middleware = async (req, _res, next) => { export const checkUser: Middleware = async (req, _res, next) => {
if (req.session?.userId) { const settings = getSettings();
if (req.header('X-API-Key') === settings.main.apiKey) {
const userRepository = getRepository(User);
let userId = 1; // Work on original administrator account
// If a User ID is provided, we will act on that users behalf
if (req.header('X-API-User')) {
userId = Number(req.header('X-API-User'));
}
const user = await userRepository.findOne({ where: { id: userId } });
if (user) {
req.user = user;
}
} else if (req.session?.userId) {
const userRepository = getRepository(User); const userRepository = getRepository(User);
const user = await userRepository.findOne({ const user = await userRepository.findOne({