diff --git a/src/config.js b/src/config.js index 58b25ad30..120c4ed1f 100644 --- a/src/config.js +++ b/src/config.js @@ -36,6 +36,7 @@ exports = module.exports = { hasIPv6: hasIPv6, dkimSelector: dkimSelector, + isManaged: isManaged, isDemo: isDemo, // feature flags based on editions (these have a separate license from standard edition) @@ -224,6 +225,10 @@ function provider() { return get('provider'); } +function isManaged() { + return edition() === 'hostingprovider'; +} + function hasIPv6() { const IPV6_PROC_FILE = '/proc/net/if_inet6'; return fs.existsSync(IPV6_PROC_FILE); diff --git a/src/routes/accesscontrol.js b/src/routes/accesscontrol.js index 3f0313c0c..198b1c782 100644 --- a/src/routes/accesscontrol.js +++ b/src/routes/accesscontrol.js @@ -4,7 +4,7 @@ exports = module.exports = { initialize: initialize, uninitialize: uninitialize, - verifyOperator: verifyOperator, + isUnmanaged: isUnmanaged, scope: scope, websocketAuth: websocketAuth @@ -142,8 +142,8 @@ function websocketAuth(requiredScopes, req, res, next) { }); } -function verifyOperator(req, res, next) { - if (config.edition() !== 'hostingprovider') return next(); +function isUnmanaged(req, res, next) { + if (!config.isManaged()) return next(); - next(new HttpError(401, 'Not allowed in this edition')); + next(new HttpError(401, 'Managed instance does not permit this operation')); } diff --git a/src/server.js b/src/server.js index 618882721..169f4b5cd 100644 --- a/src/server.js +++ b/src/server.js @@ -102,7 +102,7 @@ function initializeExpressSync() { var domainsManageScope = routes.accesscontrol.scope(accesscontrol.SCOPE_DOMAINS_MANAGE); var appstoreScope = routes.accesscontrol.scope(accesscontrol.SCOPE_APPSTORE); - const verifyOperator = routes.accesscontrol.verifyOperator; + const isUnmanaged = routes.accesscontrol.isUnmanaged; const verifyDomainLock = routes.domains.verifyDomainLock; // csrf protection @@ -129,10 +129,10 @@ function initializeExpressSync() { router.get ('/api/v1/cloudron/disks', cloudronScope, routes.cloudron.getDisks); router.get ('/api/v1/cloudron/logs/:unit', cloudronScope, routes.cloudron.getLogs); router.get ('/api/v1/cloudron/logstream/:unit', cloudronScope, routes.cloudron.getLogStream); - router.get ('/api/v1/cloudron/ssh/authorized_keys', cloudronScope, verifyOperator, routes.ssh.getAuthorizedKeys); - router.put ('/api/v1/cloudron/ssh/authorized_keys', cloudronScope, verifyOperator, routes.ssh.addAuthorizedKey); - router.get ('/api/v1/cloudron/ssh/authorized_keys/:identifier', cloudronScope, verifyOperator, routes.ssh.getAuthorizedKey); - router.del ('/api/v1/cloudron/ssh/authorized_keys/:identifier', cloudronScope, verifyOperator, routes.ssh.delAuthorizedKey); + router.get ('/api/v1/cloudron/ssh/authorized_keys', cloudronScope, isUnmanaged, routes.ssh.getAuthorizedKeys); + router.put ('/api/v1/cloudron/ssh/authorized_keys', cloudronScope, isUnmanaged, routes.ssh.addAuthorizedKey); + router.get ('/api/v1/cloudron/ssh/authorized_keys/:identifier', cloudronScope, isUnmanaged, routes.ssh.getAuthorizedKey); + router.del ('/api/v1/cloudron/ssh/authorized_keys/:identifier', cloudronScope, isUnmanaged, routes.ssh.delAuthorizedKey); router.get ('/api/v1/cloudron/eventlog', cloudronScope, routes.eventlog.get); // config route (for dashboard) @@ -227,15 +227,15 @@ function initializeExpressSync() { router.post('/api/v1/settings/cloudron_name', settingsScope, routes.settings.setCloudronName); router.get ('/api/v1/settings/cloudron_avatar', settingsScope, routes.settings.getCloudronAvatar); router.post('/api/v1/settings/cloudron_avatar', settingsScope, multipart, routes.settings.setCloudronAvatar); - router.get ('/api/v1/settings/backup_config', settingsScope, verifyOperator, routes.settings.getBackupConfig); - router.post('/api/v1/settings/backup_config', settingsScope, verifyOperator, routes.settings.setBackupConfig); - router.get ('/api/v1/settings/platform_config', settingsScope, verifyOperator, routes.settings.getPlatformConfig); - router.post('/api/v1/settings/platform_config', settingsScope, verifyOperator, routes.settings.setPlatformConfig); + router.get ('/api/v1/settings/backup_config', settingsScope, isUnmanaged, routes.settings.getBackupConfig); + router.post('/api/v1/settings/backup_config', settingsScope, isUnmanaged, routes.settings.setBackupConfig); + router.get ('/api/v1/settings/platform_config', settingsScope, isUnmanaged, routes.settings.getPlatformConfig); + router.post('/api/v1/settings/platform_config', settingsScope, isUnmanaged, routes.settings.setPlatformConfig); router.get ('/api/v1/settings/time_zone', settingsScope, routes.settings.getTimeZone); router.post('/api/v1/settings/time_zone', settingsScope, routes.settings.setTimeZone); - router.get ('/api/v1/settings/appstore_config', appstoreScope, verifyOperator, routes.settings.getAppstoreConfig); - router.post('/api/v1/settings/appstore_config', appstoreScope, verifyOperator, routes.settings.setAppstoreConfig); + router.get ('/api/v1/settings/appstore_config', appstoreScope, isUnmanaged, routes.settings.getAppstoreConfig); + router.post('/api/v1/settings/appstore_config', appstoreScope, isUnmanaged, routes.settings.setAppstoreConfig); router.post('/api/v1/settings/registry_config', appstoreScope, routes.settings.setRegistryConfig); @@ -266,7 +266,7 @@ function initializeExpressSync() { router.del ('/api/v1/mail/:domain/lists/:name', mailScope, routes.mail.removeList); // feedback - router.post('/api/v1/feedback', cloudronScope, verifyOperator, routes.cloudron.feedback); + router.post('/api/v1/feedback', cloudronScope, isUnmanaged, routes.cloudron.feedback); // backup routes router.get ('/api/v1/backups', settingsScope, routes.backups.get);