EZPPFarm/ripple-api
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Force private API keys to have Privileges write, read, read confidential

Browse Source
This commit is contained in:
Howl 2016-05-15 07:20:11 +02:00
parent 42437bde44
commit a939d15779
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/tokens.go
View File

@ -12,7 +12,11 @@ import (
func GetTokenFull(token string, db *sql.DB) (common.Token, bool) {
var uid int
var privs int
err := db.QueryRow("SELECT user, privileges FROM tokens WHERE token = ? LIMIT 1", fmt.Sprintf("%x", md5.Sum([]byte(token)))).Scan(&uid, &privs)
var priv8 bool
err := db.QueryRow("SELECT user, privileges, private FROM tokens WHERE token = ? LIMIT 1", fmt.Sprintf("%x", md5.Sum([]byte(token)))).Scan(&uid, &privs, &priv8)
if priv8 {
privs = common.PrivilegeRead | common.PrivilegeReadConfidential | common.PrivilegeWrite
}
switch {
case err == sql.ErrNoRows:
return common.Token{}, false