mirror of
				https://github.com/NodeBB/NodeBB.git
				synced 2025-10-26 16:46:12 +01:00 
			
		
		
		
	fix: #8912
This commit is contained in:
		| @@ -1,9 +1,13 @@ | |||||||
| { | { | ||||||
| 	"tokens": "Tokens", | 	"tokens": "Tokens", | ||||||
|  | 	"settings": "Settings", | ||||||
| 	"lead-text": "From this page you can configure access to the Write API in NodeBB.", | 	"lead-text": "From this page you can configure access to the Write API in NodeBB.", | ||||||
| 	"intro": "By default, the Write API authenticates users based on their session cookie, but NodeBB also supports Bearer authentication via tokens generated via this page.", | 	"intro": "By default, the Write API authenticates users based on their session cookie, but NodeBB also supports Bearer authentication via tokens generated via this page.", | ||||||
| 	"docs": "Click here to access the full API specification", | 	"docs": "Click here to access the full API specification", | ||||||
|  |  | ||||||
|  | 	"require-https": "Require API usage via HTTPS only", | ||||||
|  | 	"require-https-caveat": "<strong>Note</strong>: Some installations involving load balancers may proxy their requests to NodeBB using HTTP, in which case this option should remain disabled.", | ||||||
|  |  | ||||||
| 	"uid": "User ID", | 	"uid": "User ID", | ||||||
| 	"uid-help-text": "Specify a User ID to associate with this token. If the user ID is <code>0</code>, it will be considered a <em>master</em> token, which can assume the identity of other users based on the <code>_uid</code> parameter", | 	"uid-help-text": "Specify a User ID to associate with this token. If the user ID is <code>0</code>, it will be considered a <em>master</em> token, which can assume the identity of other users based on the <code>_uid</code> parameter", | ||||||
| 	"description": "Description", | 	"description": "Description", | ||||||
|   | |||||||
| @@ -65,6 +65,7 @@ define('admin/settings', ['uploader', 'mousetrap'], function (uploader, mousetra | |||||||
|  |  | ||||||
| 		saveBtn.off('click').on('click', function (e) { | 		saveBtn.off('click').on('click', function (e) { | ||||||
| 			e.preventDefault(); | 			e.preventDefault(); | ||||||
|  | 			console.log(fields); | ||||||
|  |  | ||||||
| 			saveFields(fields, function onFieldsSaved(err) { | 			saveFields(fields, function onFieldsSaved(err) { | ||||||
| 				if (err) { | 				if (err) { | ||||||
|   | |||||||
| @@ -1,7 +1,7 @@ | |||||||
| 'use strict'; | 'use strict'; | ||||||
|  |  | ||||||
| const nconf = require('nconf'); |  | ||||||
| const winston = require('winston'); | const winston = require('winston'); | ||||||
|  | const meta = require('../../meta'); | ||||||
| const plugins = require('../../plugins'); | const plugins = require('../../plugins'); | ||||||
| const middleware = require('../../middleware'); | const middleware = require('../../middleware'); | ||||||
| const helpers = require('../../controllers/helpers'); | const helpers = require('../../controllers/helpers'); | ||||||
| @@ -10,10 +10,19 @@ const Write = module.exports; | |||||||
|  |  | ||||||
| Write.reload = async (params) => { | Write.reload = async (params) => { | ||||||
| 	const router = params.router; | 	const router = params.router; | ||||||
|  | 	let apiSettings = await meta.settings.get('core.api'); | ||||||
|  | 	plugins.registerHook('core', { | ||||||
|  | 		hook: 'action:settings.set', | ||||||
|  | 		method: async (data) => { | ||||||
|  | 			if (data.plugin === 'core.api') { | ||||||
|  | 				apiSettings = await meta.settings.get('core.api'); | ||||||
|  | 			} | ||||||
|  | 		}, | ||||||
|  | 	}); | ||||||
|  |  | ||||||
| 	router.use('/api/v3', function (req, res, next) { | 	router.use('/api/v3', function (req, res, next) { | ||||||
| 		// Require https if configured so | 		// Require https if configured so | ||||||
| 		if (nconf.get('secure') && req.protocol !== 'https') { | 		if (apiSettings.requireHttps === 'on') { | ||||||
| 			res.set('Upgrade', 'TLS/1.0, HTTP/1.1'); | 			res.set('Upgrade', 'TLS/1.0, HTTP/1.1'); | ||||||
| 			return helpers.formatApiResponse(426, res); | 			return helpers.formatApiResponse(426, res); | ||||||
| 		} | 		} | ||||||
|   | |||||||
| @@ -1,18 +1,33 @@ | |||||||
| <!-- IMPORT admin/partials/settings/header.tpl --> | <!-- IMPORT admin/partials/settings/header.tpl --> | ||||||
|  |  | ||||||
| <form role="form" class="core-api-settings"> | <form role="form" class="core-api-settings"> | ||||||
|  | 	<p class="lead">[[admin/settings/api:lead-text]]</p> | ||||||
|  | 	<p>[[admin/settings/api:intro]]</p> | ||||||
|  | 	<p> | ||||||
|  | 		<a href="https://docs.nodebb.org/api"> | ||||||
|  | 			<i class="fa fa-external-link"></i> | ||||||
|  | 			[[admin/settings/api:docs]] | ||||||
|  | 		</a> | ||||||
|  | 	</p> | ||||||
|  |  | ||||||
|  | 	<hr /> | ||||||
|  |  | ||||||
|  | 	<div class="row"> | ||||||
|  | 		<div class="col-sm-2 col-xs-12 settings-header">[[admin/settings/api:settings]]</div> | ||||||
|  | 		<div class="col-sm-10 col-xs-12"> | ||||||
|  | 			<div class="checkbox"> | ||||||
|  | 				<label class="mdl-switch mdl-js-switch mdl-js-ripple-effect"> | ||||||
|  | 					<input id="requireHttps" class="mdl-switch__input" type="checkbox" name="requireHttps" /> | ||||||
|  | 					<span class="mdl-switch__label">[[admin/settings/api:require-https]]</span> | ||||||
|  | 				</label> | ||||||
|  | 			</div> | ||||||
|  | 			<p class="help-block">[[admin/settings/api:require-https-caveat]]</p> | ||||||
|  | 		</div> | ||||||
|  | 	</div> | ||||||
|  |  | ||||||
| 	<div class="row"> | 	<div class="row"> | ||||||
| 		<div class="col-sm-2 col-xs-12 settings-header">[[admin/settings/api:tokens]]</div> | 		<div class="col-sm-2 col-xs-12 settings-header">[[admin/settings/api:tokens]]</div> | ||||||
| 		<div class="col-sm-10 col-xs-12"> | 		<div class="col-sm-10 col-xs-12"> | ||||||
| 			<p class="lead">[[admin/settings/api:lead-text]]</p> |  | ||||||
| 			<p>[[admin/settings/api:intro]]</p> |  | ||||||
| 			<p> |  | ||||||
| 				<a href="https://docs.nodebb.org/api"> |  | ||||||
| 					<i class="fa fa-external-link"></i> |  | ||||||
| 					[[admin/settings/api:docs]] |  | ||||||
| 				</a> |  | ||||||
| 			</p> |  | ||||||
|  |  | ||||||
| 			<div class="form-group" data-type="sorted-list" data-sorted-list="tokens" data-item-template="admin/partials/api/sorted-list/item" data-form-template="admin/partials/api/sorted-list/form"> | 			<div class="form-group" data-type="sorted-list" data-sorted-list="tokens" data-item-template="admin/partials/api/sorted-list/item" data-form-template="admin/partials/api/sorted-list/form"> | ||||||
| 				<input hidden="text" name="tokens"> | 				<input hidden="text" name="tokens"> | ||||||
| 				<ul data-type="list" class="list-group"></ul> | 				<ul data-type="list" class="list-group"></ul> | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user