сделал систему прав, теперь все действия с апи выполняются только при наличии прав (и в целом авторизации)

2024-11-12 10:56:26 +03:00
parent 857a01528b
commit 5175362d1b
3 changed files with 47 additions and 13 deletions
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -98,7 +98,7 @@ public:

    ServerResources(): sf(std::make_unique<http::resource::StaticFileFactory>()), api(std::make_unique<api_driver::ApiDriver>()) {
        api->startDaemon();
-        auth.users.emplace_back(std::make_shared<http::auth::User>("admin"));
+        auth.users.emplace_back(std::make_shared<http::auth::User>("admin", "", http::auth::User::SUPERUSER));

        sf->registerFile(FAVICON_ICO, mime_types::image_png, true);
        sf->registerFile(KROKODIL_GIF, mime_types::image_gif, true);
@@ -176,7 +176,7 @@ public:
        s.resources.emplace_back(std::make_unique<http::resource::GenericResource>("/js/vue.js", [this](const auto& req, auto& rep) { boost::ignore_unused(req); sf->serve(VUE_JS, rep); }));
        s.resources.emplace_back(std::make_unique<http::resource::GenericResource>("/vid/video_2024-11-06_15-49-35.mp4", [this](const auto& req, auto& rep) { boost::ignore_unused(req); sf->serve(KB_MP4, rep); }));

-        s.resources.emplace_back(std::make_unique<http::resource::GenericResource>("/api/get/statistics", [this](const auto& req, auto& rep) {
+        s.resources.emplace_back(std::make_unique<http::auth::AuthRequiredResource>("/api/get/statistics", this->auth, http::auth::User::WATCH_STATISTICS, [this](const auto& req, auto& rep) {
            if (req.method != "GET") {
                http::server::stockReply(http::server::bad_request, rep);
            }
@@ -190,7 +190,7 @@ public:
            rep.content.insert(rep.content.end(), result.c_str(), result.c_str() + result.size());
        }));

-        s.resources.emplace_back(std::make_unique<http::resource::GenericResource>("/api/get/settings", [this](const auto& req, auto& rep) {
+        s.resources.emplace_back(std::make_unique<http::auth::AuthRequiredResource>("/api/get/settings", this->auth, http::auth::User::WATCH_SETTINGS, [this](const auto& req, auto& rep) {
            if (req.method != "GET") {
                http::server::stockReply(http::server::bad_request, rep);
            }
@@ -204,7 +204,7 @@ public:
            rep.content.insert(rep.content.end(), result.c_str(), result.c_str() + result.size());
        }));

-        s.resources.emplace_back(std::make_unique<http::resource::GenericResource>("/api/resetPacketStatistics", [this](const auto& req, auto& rep) {
+        s.resources.emplace_back(std::make_unique<http::auth::AuthRequiredResource>("/api/resetPacketStatistics", this->auth, http::auth::User::RESET_PACKET_STATISTICS, [this](const auto& req, auto& rep) {
            if (req.method != "POST") {
                http::server::stockReply(http::server::bad_request, rep);
            }
@@ -217,7 +217,7 @@ public:
            rep.content.insert(rep.content.end(), result.c_str(), result.c_str() + result.size());
        }));

-        s.resources.emplace_back(std::make_unique<http::resource::GenericResource>("/api/set/qos", [this](const auto& req, auto& rep) {
+        s.resources.emplace_back(std::make_unique<http::auth::AuthRequiredResource>("/api/set/qos", this->auth, http::auth::User::SETUP_QOS, [this](const auto& req, auto& rep) {
            if (req.method != "POST") {
                http::server::stockReply(http::server::bad_request, rep);
            }
@@ -245,7 +245,7 @@ public:
            }
        }));

-        s.resources.emplace_back(std::make_unique<http::resource::GenericResource>("/api/set/bucLnb", [this](const auto& req, auto& rep) {
+        s.resources.emplace_back(std::make_unique<http::auth::AuthRequiredResource>("/api/set/bucLnb", this->auth, http::auth::User::SUPERUSER, [this](const auto& req, auto& rep) {
            if (req.method != "POST") {
                http::server::stockReply(http::server::bad_request, rep);
            }