mirror of
https://github.com/EvolutionAPI/evolution-api.git
synced 2025-07-25 01:48:39 -06:00
Now in the manager, when logging in with the client's apikey, the listing only shows the instance corresponding to the provided apikey (only with MongoDB)
This commit is contained in:
parent
395b81a6ac
commit
2fcb476c50
@ -3,9 +3,9 @@ import { isURL } from 'class-validator';
|
|||||||
import EventEmitter2 from 'eventemitter2';
|
import EventEmitter2 from 'eventemitter2';
|
||||||
import { v4 } from 'uuid';
|
import { v4 } from 'uuid';
|
||||||
|
|
||||||
import { ConfigService, HttpServer, WaBusiness } from '../../config/env.config';
|
import { Auth, ConfigService, HttpServer, WaBusiness } from '../../config/env.config';
|
||||||
import { Logger } from '../../config/logger.config';
|
import { Logger } from '../../config/logger.config';
|
||||||
import { BadRequestException, InternalServerErrorException } from '../../exceptions';
|
import { BadRequestException, InternalServerErrorException, UnauthorizedException } from '../../exceptions';
|
||||||
import { InstanceDto, SetPresenceDto } from '../dto/instance.dto';
|
import { InstanceDto, SetPresenceDto } from '../dto/instance.dto';
|
||||||
import { ChatwootService } from '../integrations/chatwoot/services/chatwoot.service';
|
import { ChatwootService } from '../integrations/chatwoot/services/chatwoot.service';
|
||||||
import { RabbitmqService } from '../integrations/rabbitmq/services/rabbitmq.service';
|
import { RabbitmqService } from '../integrations/rabbitmq/services/rabbitmq.service';
|
||||||
@ -679,11 +679,27 @@ export class InstanceController {
|
|||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
public async fetchInstances({ instanceName, instanceId, number }: InstanceDto) {
|
public async fetchInstances({ instanceName, instanceId, number }: InstanceDto, key: string) {
|
||||||
if (instanceName) {
|
const env = this.configService.get<Auth>('AUTHENTICATION').API_KEY;
|
||||||
this.logger.verbose('requested fetchInstances from ' + instanceName + ' instance');
|
|
||||||
this.logger.verbose('instanceName: ' + instanceName);
|
let name = instanceName;
|
||||||
return this.waMonitor.instanceInfo(instanceName);
|
let arrayReturn = false;
|
||||||
|
|
||||||
|
if (env.KEY !== key) {
|
||||||
|
const instanceByKey = await this.repository.auth.findByKey(key);
|
||||||
|
console.log('instanceByKey', instanceByKey);
|
||||||
|
if (instanceByKey) {
|
||||||
|
name = instanceByKey._id;
|
||||||
|
arrayReturn = true;
|
||||||
|
} else {
|
||||||
|
throw new UnauthorizedException();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (name) {
|
||||||
|
this.logger.verbose('requested fetchInstances from ' + name + ' instance');
|
||||||
|
this.logger.verbose('instanceName: ' + name);
|
||||||
|
return this.waMonitor.instanceInfo(name, arrayReturn);
|
||||||
} else if (instanceId || number) {
|
} else if (instanceId || number) {
|
||||||
return this.waMonitor.instanceInfoById(instanceId, number);
|
return this.waMonitor.instanceInfoById(instanceId, number);
|
||||||
}
|
}
|
||||||
|
@ -59,6 +59,10 @@ async function apikey(req: Request, _: Response, next: NextFunction) {
|
|||||||
const env = configService.get<Auth>('AUTHENTICATION').API_KEY;
|
const env = configService.get<Auth>('AUTHENTICATION').API_KEY;
|
||||||
const key = req.get('apikey');
|
const key = req.get('apikey');
|
||||||
|
|
||||||
|
if (!key) {
|
||||||
|
throw new UnauthorizedException();
|
||||||
|
}
|
||||||
|
|
||||||
if (env.KEY === key) {
|
if (env.KEY === key) {
|
||||||
return next();
|
return next();
|
||||||
}
|
}
|
||||||
@ -66,12 +70,19 @@ async function apikey(req: Request, _: Response, next: NextFunction) {
|
|||||||
if ((req.originalUrl.includes('/instance/create') || req.originalUrl.includes('/instance/fetchInstances')) && !key) {
|
if ((req.originalUrl.includes('/instance/create') || req.originalUrl.includes('/instance/fetchInstances')) && !key) {
|
||||||
throw new ForbiddenException('Missing global api key', 'The global api key must be set');
|
throw new ForbiddenException('Missing global api key', 'The global api key must be set');
|
||||||
}
|
}
|
||||||
|
const param = req.params as unknown as InstanceDto;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
const param = req.params as unknown as InstanceDto;
|
if (param?.instanceName) {
|
||||||
const instanceKey = await repository.auth.find(param.instanceName);
|
const instanceKey = await repository.auth.find(param.instanceName);
|
||||||
if (instanceKey.apikey === key) {
|
if (instanceKey?.apikey === key) {
|
||||||
return next();
|
return next();
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
const instanceByKey = await repository.auth.findByKey(key);
|
||||||
|
if (instanceByKey) {
|
||||||
|
return next();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} catch (error) {
|
} catch (error) {
|
||||||
logger.error(error);
|
logger.error(error);
|
||||||
|
@ -68,6 +68,20 @@ export class AuthRepository extends Repository {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public async findByKey(key: string): Promise<AuthRaw> {
|
||||||
|
try {
|
||||||
|
this.logger.verbose('finding auth');
|
||||||
|
if (this.dbSettings.ENABLED) {
|
||||||
|
this.logger.verbose('finding auth in db');
|
||||||
|
return await this.authModel.findOne({ apikey: key });
|
||||||
|
}
|
||||||
|
|
||||||
|
return {};
|
||||||
|
} catch (error) {
|
||||||
|
return {};
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
public async list(): Promise<AuthRaw[]> {
|
public async list(): Promise<AuthRaw[]> {
|
||||||
try {
|
try {
|
||||||
if (this.dbSettings.ENABLED) {
|
if (this.dbSettings.ENABLED) {
|
||||||
|
@ -103,13 +103,15 @@ export class InstanceRouter extends RouterBroker {
|
|||||||
logger.verbose('request body: ');
|
logger.verbose('request body: ');
|
||||||
logger.verbose(req.body);
|
logger.verbose(req.body);
|
||||||
|
|
||||||
|
const key = req.get('apikey');
|
||||||
|
|
||||||
logger.verbose('request query: ');
|
logger.verbose('request query: ');
|
||||||
logger.verbose(req.query);
|
logger.verbose(req.query);
|
||||||
const response = await this.dataValidate<InstanceDto>({
|
const response = await this.dataValidate<InstanceDto>({
|
||||||
request: req,
|
request: req,
|
||||||
schema: null,
|
schema: null,
|
||||||
ClassRef: InstanceDto,
|
ClassRef: InstanceDto,
|
||||||
execute: (instance) => instanceController.fetchInstances(instance),
|
execute: (instance) => instanceController.fetchInstances(instance, key),
|
||||||
});
|
});
|
||||||
|
|
||||||
return res.status(HttpStatus.OK).json(response);
|
return res.status(HttpStatus.OK).json(response);
|
||||||
|
@ -83,7 +83,7 @@ export class WAMonitoringService {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public async instanceInfo(instanceName?: string) {
|
public async instanceInfo(instanceName?: string, arrayReturn = false) {
|
||||||
this.logger.verbose('get instance info');
|
this.logger.verbose('get instance info');
|
||||||
if (instanceName && !this.waInstances[instanceName]) {
|
if (instanceName && !this.waInstances[instanceName]) {
|
||||||
throw new NotFoundException(`Instance "${instanceName}" not found`);
|
throw new NotFoundException(`Instance "${instanceName}" not found`);
|
||||||
@ -171,6 +171,9 @@ export class WAMonitoringService {
|
|||||||
|
|
||||||
this.logger.verbose('return instance info: ' + instances.length);
|
this.logger.verbose('return instance info: ' + instances.length);
|
||||||
|
|
||||||
|
if (arrayReturn) {
|
||||||
|
return [instances.find((i) => i.instance.instanceName === instanceName) ?? instances];
|
||||||
|
}
|
||||||
return instances.find((i) => i.instance.instanceName === instanceName) ?? instances;
|
return instances.find((i) => i.instance.instanceName === instanceName) ?? instances;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user