Add public entities configuration and authorization checks for entity records
Some checks are pending
CI / release (push) Waiting to run
CI / debug (push) Waiting to run
CI / check-phpunit (push) Waiting to run
CI / check-phpdoc (push) Waiting to run
CI / generate-phpdoc (push) Blocked by required conditions
CI / test (push) Blocked by required conditions
CI / release-documentation (push) Blocked by required conditions
CI / release-artifacts (push) Blocked by required conditions
Some checks are pending
CI / release (push) Waiting to run
CI / debug (push) Waiting to run
CI / check-phpunit (push) Waiting to run
CI / check-phpdoc (push) Waiting to run
CI / generate-phpdoc (push) Blocked by required conditions
CI / test (push) Blocked by required conditions
CI / release-documentation (push) Blocked by required conditions
CI / release-artifacts (push) Blocked by required conditions
This commit is contained in:
parent
417499b6f4
commit
1eb5b83eb2
GPG key ID:
4D8629441B76E4CC
5 changed files with 26 additions and 2 deletions
|
|
@ -4,7 +4,6 @@
|
||||||
|
|
||||||
use FederationServer\Classes\Configuration\DatabaseConfiguration;
|
use FederationServer\Classes\Configuration\DatabaseConfiguration;
|
||||||
use FederationServer\Classes\Configuration\RedisConfiguration;
|
use FederationServer\Classes\Configuration\RedisConfiguration;
|
||||||
use FederationServer\Classes\Configuration\FileStorageConfiguration;
|
|
||||||
use FederationServer\Classes\Configuration\ServerConfiguration;
|
use FederationServer\Classes\Configuration\ServerConfiguration;
|
||||||
use FederationServer\Classes\Enums\AuditLogType;
|
use FederationServer\Classes\Enums\AuditLogType;
|
||||||
|
|
||||||
|
|
@ -36,6 +35,7 @@
|
||||||
self::$configuration->setDefault('server.public_audit_entries', array_map(fn($type) => $type->value, AuditLogType::cases()));
|
self::$configuration->setDefault('server.public_audit_entries', array_map(fn($type) => $type->value, AuditLogType::cases()));
|
||||||
self::$configuration->setDefault('server.public_evidence', true);
|
self::$configuration->setDefault('server.public_evidence', true);
|
||||||
self::$configuration->setDefault('server.public_blacklist', true);
|
self::$configuration->setDefault('server.public_blacklist', true);
|
||||||
|
self::$configuration->setDefault('server.public_entities', true);
|
||||||
self::$configuration->setDefault('server.min_blacklist_time', 1800);
|
self::$configuration->setDefault('server.min_blacklist_time', 1800);
|
||||||
|
|
||||||
self::$configuration->setDefault('database.host', '127.0.0.1');
|
self::$configuration->setDefault('database.host', '127.0.0.1');
|
||||||
|
|
|
||||||
|
|
@ -23,6 +23,7 @@
|
||||||
private array $publicAuditEntries;
|
private array $publicAuditEntries;
|
||||||
private bool $publicEvidence;
|
private bool $publicEvidence;
|
||||||
private bool $publicBlacklist;
|
private bool $publicBlacklist;
|
||||||
|
private bool $publicEntities = true;
|
||||||
private int $minBlacklistTime;
|
private int $minBlacklistTime;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
@ -46,6 +47,7 @@
|
||||||
$this->publicAuditEntries = array_map(fn($type) => AuditLogType::from($type), $config['public_audit_entries'] ?? []);
|
$this->publicAuditEntries = array_map(fn($type) => AuditLogType::from($type), $config['public_audit_entries'] ?? []);
|
||||||
$this->publicEvidence = $config['public_evidence'] ?? true;
|
$this->publicEvidence = $config['public_evidence'] ?? true;
|
||||||
$this->publicBlacklist = $config['public_blacklist'] ?? true;
|
$this->publicBlacklist = $config['public_blacklist'] ?? true;
|
||||||
|
$this->publicEntities = $config['public_entities'] ?? true;
|
||||||
$this->minBlacklistTime = $config['min_blacklist_time'] ?? 1800;
|
$this->minBlacklistTime = $config['min_blacklist_time'] ?? 1800;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -189,6 +191,16 @@
|
||||||
return $this->publicBlacklist;
|
return $this->publicBlacklist;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Checks if entities are publicly accessible
|
||||||
|
*
|
||||||
|
* @return bool True if public entities is enabled, false otherwise
|
||||||
|
*/
|
||||||
|
public function isEntitiesPublic(): bool
|
||||||
|
{
|
||||||
|
return $this->publicEntities;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns the minimum allowed time that a blacklist could be set to expire, for example
|
* Returns the minimum allowed time that a blacklist could be set to expire, for example
|
||||||
* 1800 = 30 Minutes, if a blacklist is set to expire within 30 minutes or more, it's valid, otherwise
|
* 1800 = 30 Minutes, if a blacklist is set to expire within 30 minutes or more, it's valid, otherwise
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,12 @@
|
||||||
*/
|
*/
|
||||||
public static function handleRequest(): void
|
public static function handleRequest(): void
|
||||||
{
|
{
|
||||||
|
$authenticatedOperator = FederationServer::getAuthenticatedOperator();
|
||||||
|
if(!Configuration::getServerConfiguration()->isEntitiesPublic() && $authenticatedOperator === null)
|
||||||
|
{
|
||||||
|
throw new RequestException('Unauthorized: You must be authenticated to view entity records', 401);
|
||||||
|
}
|
||||||
|
|
||||||
if(!preg_match('#^/entities/([a-fA-F0-9\-]{36,})$#', FederationServer::getPath(), $matches))
|
if(!preg_match('#^/entities/([a-fA-F0-9\-]{36,})$#', FederationServer::getPath(), $matches))
|
||||||
{
|
{
|
||||||
throw new RequestException('Bad Request: Entity UUID is required', 400);
|
throw new RequestException('Bad Request: Entity UUID is required', 400);
|
||||||
|
|
|
||||||
|
|
@ -16,6 +16,12 @@
|
||||||
*/
|
*/
|
||||||
public static function handleRequest(): void
|
public static function handleRequest(): void
|
||||||
{
|
{
|
||||||
|
$authenticatedOperator = FederationServer::getAuthenticatedOperator();
|
||||||
|
if(!Configuration::getServerConfiguration()->isEntitiesPublic() && $authenticatedOperator === null)
|
||||||
|
{
|
||||||
|
throw new RequestException('Unauthorized: You must be authenticated to view entity records', 401);
|
||||||
|
}
|
||||||
|
|
||||||
$limit = (int) (FederationServer::getParameter('limit') ?? Configuration::getServerConfiguration()->getListEntitiesMaxItems());
|
$limit = (int) (FederationServer::getParameter('limit') ?? Configuration::getServerConfiguration()->getListEntitiesMaxItems());
|
||||||
$page = (int) (FederationServer::getParameter('page') ?? 1);
|
$page = (int) (FederationServer::getParameter('page') ?? 1);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,7 @@
|
||||||
*/
|
*/
|
||||||
public static function handleRequest(): void
|
public static function handleRequest(): void
|
||||||
{
|
{
|
||||||
$authenticatedOperator = FederationServer::getAuthenticatedOperator(false);
|
$authenticatedOperator = FederationServer::getAuthenticatedOperator();
|
||||||
if(!Configuration::getServerConfiguration()->isAuditLogsPublic() && $authenticatedOperator === null)
|
if(!Configuration::getServerConfiguration()->isAuditLogsPublic() && $authenticatedOperator === null)
|
||||||
{
|
{
|
||||||
throw new RequestException('Unauthorized: Public audit logs are disabled and no operator is authenticated', 403);
|
throw new RequestException('Unauthorized: Public audit logs are disabled and no operator is authenticated', 403);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue