Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2025-10-28 08:46:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
stable
CyberPanel/api/urls.py
usmannasir af35aadb92 Fix CyberPanel API key validation for platform callbacks 
Problem: File fixes were failing with "Invalid token" even though the platform was sending the correct API key.

Solution:
- Updated validate_access_token() to accept CyberPanel's own API keys for file operations
- Added three validation options:
  1. FileAccessToken (temporary tokens for active scans)
  2. API key validation with less restrictive admin check
  3. Simple validation for platform callbacks (any valid API key + valid scan)
- Added extract_auth_token() helper to support both Bearer and X-API-Key headers
- Created debug endpoints for testing authentication (/api/ai-scanner/test-auth)
- Added test script for validation testing (supports remote servers via env vars)

This fix allows the platform to use CyberPanel's API key to fix files for any scan,
solving the "File access token has expired" issue for older scans.

Usage for remote testing:
CYBERPANEL_SERVER=http://your-server:8001 \
CYBERPANEL_API_KEY=cp_your_key \
CYBERPANEL_SCAN_ID=your-scan-id \
./test_api_key_fix.sh
2025-10-27 13:51:33 +05:00

55 lines
3.4 KiB
Python
Raw Permalink Blame History

from django.urls import re_path
from . import views
urlpatterns = [
re_path(r'^createWebsite$', views.createWebsite, name='createWebsiteAPI'),
re_path(r'^deleteWebsite$', views.deleteWebsite, name='deleteWebsiteAPI'),
re_path(r'^submitWebsiteStatus$', views.submitWebsiteStatus, name='submitWebsiteStatusAPI'),
re_path(r'^deleteFirewallRule$', views.deleteFirewallRule, name='deleteFirewallRule'),
re_path(r'^addFirewallRule$', views.addFirewallRule, name='addFirewallRule'),
re_path(r'^verifyConn$', views.verifyConn, name='verifyConnAPI'),
re_path(r'^loginAPI$', views.loginAPI, name='loginAPI'),
re_path(r'^getUserInfo$', views.getUserInfo, name='getUserInfo'),
re_path(r'^changeUserPassAPI$', views.changeUserPassAPI, name='changeUserPassAPI'),
re_path(r'^submitUserDeletion$', views.submitUserDeletion, name='submitUserDeletion'),
re_path(r'^listPackage$', views.getPackagesListAPI, name='getPackagesListAPI'),
re_path(r'^changePackageAPI$', views.changePackageAPI, name='changePackageAPI'),
re_path(r'^fetchSSHkey$', views.fetchSSHkey, name='fetchSSHkey'),
re_path(r'^remoteTransfer$', views.remoteTransfer, name='remoteTransfer'),
re_path(r'^fetchAccountsFromRemoteServer$', views.fetchAccountsFromRemoteServer, name='fetchAccountsFromRemoteServer'),
re_path(r'^FetchRemoteTransferStatus$', views.FetchRemoteTransferStatus, name='FetchRemoteTransferStatus'),
re_path(r'^cancelRemoteTransfer$', views.cancelRemoteTransfer, name='cancelRemoteTransfer'),
re_path(r'^cyberPanelVersion$', views.cyberPanelVersion, name='cyberPanelVersion'),
re_path(r'^runAWSBackups$', views.runAWSBackups, name='runAWSBackups'),
re_path(r'^submitUserCreation$', views.submitUserCreation, name='submitUserCreation'),
# AI Scanner API endpoints for external workers
re_path(r'^ai-scanner/authenticate$', views.aiScannerAuthenticate, name='aiScannerAuthenticateAPI'),
re_path(r'^ai-scanner/files/list$', views.aiScannerListFiles, name='aiScannerListFilesAPI'),
re_path(r'^ai-scanner/files/content$', views.aiScannerGetFileContent, name='aiScannerGetFileContentAPI'),
re_path(r'^ai-scanner/callback$', views.aiScannerCallback, name='aiScannerCallbackAPI'),
# Real-time monitoring endpoints
re_path(r'^ai-scanner/status-webhook$', views.aiScannerStatusWebhook, name='aiScannerStatusWebhookAPI'),
re_path(r'^ai-scanner/callback/status-webhook$', views.aiScannerStatusWebhook, name='aiScannerStatusWebhookCallbackAPI'), # Alternative URL for worker compatibility
re_path(r'^ai-scanner/scan/(?P<scan_id>[^/]+)/live-progress$', views.aiScannerLiveProgress, name='aiScannerLiveProgressAPI'),
# File operation endpoints for AI Scanner
re_path(r'^scanner/backup-file$', views.scannerBackupFile, name='scannerBackupFileAPI'),
re_path(r'^scanner/get-file$', views.scannerGetFile, name='scannerGetFileAPI'),
re_path(r'^scanner/replace-file$', views.scannerReplaceFile, name='scannerReplaceFileAPI'),
re_path(r'^scanner/rename-file$', views.scannerRenameFile, name='scannerRenameFileAPI'),
re_path(r'^scanner/delete-file$', views.scannerDeleteFile, name='scannerDeleteFileAPI'),
# Debug endpoints for testing API authentication (remove in production)
re_path(r'^ai-scanner/test-auth$', views.testAuthDebug, name='testAuthDebugAPI'),
re_path(r'^ai-scanner/list-api-keys$', views.listApiKeysDebug, name='listApiKeysDebugAPI'),
]
Reference in New Issue View Git Blame Copy Permalink