From ac734b8335469dfc8c5b1cc172f1d837c952ef34 Mon Sep 17 00:00:00 2001 From: Julian Lam <julian@nodebb.org> Date: Wed, 25 Nov 2020 15:31:41 -0500 Subject: [PATCH] fix: #8912 --- public/language/en-GB/admin/settings/api.json | 4 +++ public/src/admin/settings.js | 1 + src/routes/write/index.js | 13 ++++++-- src/views/admin/settings/api.tpl | 33 ++++++++++++++----- 4 files changed, 40 insertions(+), 11 deletions(-) diff --git a/public/language/en-GB/admin/settings/api.json b/public/language/en-GB/admin/settings/api.json index ba7d964a04..50892925f3 100644 --- a/public/language/en-GB/admin/settings/api.json +++ b/public/language/en-GB/admin/settings/api.json @@ -1,9 +1,13 @@ { "tokens": "Tokens", + "settings": "Settings", "lead-text": "From this page you can configure access to the Write API in NodeBB.", "intro": "By default, the Write API authenticates users based on their session cookie, but NodeBB also supports Bearer authentication via tokens generated via this page.", "docs": "Click here to access the full API specification", + "require-https": "Require API usage via HTTPS only", + "require-https-caveat": "<strong>Note</strong>: Some installations involving load balancers may proxy their requests to NodeBB using HTTP, in which case this option should remain disabled.", + "uid": "User ID", "uid-help-text": "Specify a User ID to associate with this token. If the user ID is <code>0</code>, it will be considered a <em>master</em> token, which can assume the identity of other users based on the <code>_uid</code> parameter", "description": "Description", diff --git a/public/src/admin/settings.js b/public/src/admin/settings.js index 6732a7bc4f..8716bb0183 100644 --- a/public/src/admin/settings.js +++ b/public/src/admin/settings.js @@ -65,6 +65,7 @@ define('admin/settings', ['uploader', 'mousetrap'], function (uploader, mousetra saveBtn.off('click').on('click', function (e) { e.preventDefault(); + console.log(fields); saveFields(fields, function onFieldsSaved(err) { if (err) { diff --git a/src/routes/write/index.js b/src/routes/write/index.js index d20f1470ac..539668d508 100644 --- a/src/routes/write/index.js +++ b/src/routes/write/index.js @@ -1,7 +1,7 @@ 'use strict'; -const nconf = require('nconf'); const winston = require('winston'); +const meta = require('../../meta'); const plugins = require('../../plugins'); const middleware = require('../../middleware'); const helpers = require('../../controllers/helpers'); @@ -10,10 +10,19 @@ const Write = module.exports; Write.reload = async (params) => { const router = params.router; + let apiSettings = await meta.settings.get('core.api'); + plugins.registerHook('core', { + hook: 'action:settings.set', + method: async (data) => { + if (data.plugin === 'core.api') { + apiSettings = await meta.settings.get('core.api'); + } + }, + }); router.use('/api/v3', function (req, res, next) { // Require https if configured so - if (nconf.get('secure') && req.protocol !== 'https') { + if (apiSettings.requireHttps === 'on') { res.set('Upgrade', 'TLS/1.0, HTTP/1.1'); return helpers.formatApiResponse(426, res); } diff --git a/src/views/admin/settings/api.tpl b/src/views/admin/settings/api.tpl index 783d53b6bd..0f40fe9f2d 100644 --- a/src/views/admin/settings/api.tpl +++ b/src/views/admin/settings/api.tpl @@ -1,18 +1,33 @@ <!-- IMPORT admin/partials/settings/header.tpl --> <form role="form" class="core-api-settings"> + <p class="lead">[[admin/settings/api:lead-text]]</p> + <p>[[admin/settings/api:intro]]</p> + <p> + <a href="https://docs.nodebb.org/api"> + <i class="fa fa-external-link"></i> + [[admin/settings/api:docs]] + </a> + </p> + + <hr /> + <div class="row"> - <div class="col-sm-2 col-xs-12 settings-header">[[admin/settings/api:tokens]]</div> + <div class="col-sm-2 col-xs-12 settings-header">[[admin/settings/api:settings]]</div> <div class="col-sm-10 col-xs-12"> - <p class="lead">[[admin/settings/api:lead-text]]</p> - <p>[[admin/settings/api:intro]]</p> - <p> - <a href="https://docs.nodebb.org/api"> - <i class="fa fa-external-link"></i> - [[admin/settings/api:docs]] - </a> - </p> + <div class="checkbox"> + <label class="mdl-switch mdl-js-switch mdl-js-ripple-effect"> + <input id="requireHttps" class="mdl-switch__input" type="checkbox" name="requireHttps" /> + <span class="mdl-switch__label">[[admin/settings/api:require-https]]</span> + </label> + </div> + <p class="help-block">[[admin/settings/api:require-https-caveat]]</p> + </div> + </div> + <div class="row"> + <div class="col-sm-2 col-xs-12 settings-header">[[admin/settings/api:tokens]]</div> + <div class="col-sm-10 col-xs-12"> <div class="form-group" data-type="sorted-list" data-sorted-list="tokens" data-item-template="admin/partials/api/sorted-list/item" data-form-template="admin/partials/api/sorted-list/form"> <input hidden="text" name="tokens"> <ul data-type="list" class="list-group"></ul>