limiting POST /tokens endpoint to admins, the admint auth token can b…

…e defined as flag or in the env file, if it is not defined, it is randomly generated and logged
vocdoni · Oct 24, 2023 · c1ed7ec · c1ed7ec
1 parent 6570f6c
commit c1ed7ec
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 1 deletion.
diff --git a/api/api.go b/api/api.go
@@ -17,6 +17,7 @@ type Census3APIConf struct {
 	DataDir       string
 	GroupKey      string
 	Web3Providers map[uint64]string
+	AdminToken    string
 }
 
 type census3API struct {
@@ -48,6 +49,8 @@ func Init(db *db.DB, conf Census3APIConf) error {
 	if newAPI.endpoint, err = api.NewAPI(&r, "/api"); err != nil {
 		return err
 	}
+	// set the admin token
+	newAPI.endpoint.SetAdminToken(conf.AdminToken)
 	// init the census DB
 	if newAPI.censusDB, err = census.NewCensusDB(conf.DataDir, conf.GroupKey); err != nil {
 		return err

diff --git a/api/tokens.go b/api/tokens.go
@@ -22,7 +22,7 @@ func (capi *census3API) initTokenHandlers() error {
 		return err
 	}
 	if err := capi.endpoint.RegisterMethod("/tokens", "POST",
-		api.MethodAccessTypePublic, capi.createToken); err != nil {
+		api.MethodAccessTypeAdmin, capi.createToken); err != nil {
 		return err
 	}
 	if err := capi.endpoint.RegisterMethod("/tokens/{tokenID}", "GET",

diff --git a/cmd/census3/main.go b/cmd/census3/main.go
@@ -15,12 +15,14 @@ import (
 	"github.com/vocdoni/census3/service"
 	"github.com/vocdoni/census3/state"
 	"go.vocdoni.io/dvote/log"
+	"go.vocdoni.io/dvote/util"
 )
 
 type Census3Config struct {
 	dataDir, logLevel, connectKey string
 	listOfWeb3Providers           []string
 	port                          int
+	adminToken                    string
 }
 
 func main() {
@@ -37,6 +39,7 @@ func main() {
 	flag.StringVar(&config.logLevel, "logLevel", "info", "log level (debug, info, warn, error)")
 	flag.IntVar(&config.port, "port", 7788, "HTTP port for the API")
 	flag.StringVar(&config.connectKey, "connectKey", "", "connect group key for IPFS connect")
+	flag.StringVar(&config.adminToken, "adminToken", "", "the admin token for the API")
 	var strWeb3Providers string
 	flag.StringVar(&strWeb3Providers, "web3Providers", "", "the list of URL's of available web3 providers")
 	flag.Parse()
@@ -68,6 +71,10 @@ func main() {
 		panic(err)
 	}
 	config.connectKey = pviper.GetString("connectKey")
+	if err := pviper.BindPFlag("adminToken", flag.Lookup("adminToken")); err != nil {
+		panic(err)
+	}
+	config.adminToken = pviper.GetString("adminToken")
 	if err := pviper.BindPFlag("web3Providers", flag.Lookup("web3Providers")); err != nil {
 		panic(err)
 	}
@@ -93,13 +100,19 @@ func main() {
 	if err != nil {
 		log.Fatal(err)
 	}
+	// if the admin token is not defined, generate a random one
+	if config.adminToken == "" {
+		config.adminToken = util.RandomHex(20)
+		log.Infof("no admin token defined, using a random one: %s", config.adminToken)
+	}
 	// start the API
 	err = api.Init(database, api.Census3APIConf{
 		Hostname:      "0.0.0.0",
 		Port:          config.port,
 		DataDir:       config.dataDir,
 		Web3Providers: w3p,
 		GroupKey:      config.connectKey,
+		AdminToken:    config.adminToken,
 	})
 	if err != nil {
 		log.Fatal(err)