file upload api #4
Conversation
metachris
force-pushed
the
file_upload
branch
from
84b8f86
to
c934fff
Compare
metachris
force-pushed
the
file_upload
branch
from
c934fff
to
b32357e
Compare
metachris
force-pushed
the
file_upload
branch
from
b32357e
to
9da523f
Compare
| @@ -7,7 +7,8 @@ import ( | |||
| ) | |||
|
|
|||
| type SystemAPIConfig struct { | |||
| Actions map[string]string | |||
| Actions map[string]string | |||
There was a problem hiding this comment.
does this also require toml:"actions" too similar to the file_uploads?
systemapi/server.go
Outdated
| log.Debug("Content read from payload", "content", string(content)) | ||
|
|
||
| // 2. write content to file | ||
| err = os.WriteFile(filename, content, 0o600) |
There was a problem hiding this comment.
I wonder if we should also provide read access to the 'others' and 'groups' as well because the uploaded file in our case should be readable by the rbuilder, right?
The system-api process is executed from the root user, hence rbuilder user won't be able to read the content.
We could also later iterate more on this to add like a mapping such as tuple of (filename,ownership) which would write the content and assign the file ownership to the correct user.
There was a problem hiding this comment.
good point! updated to 644
|
It looks good to me but I have a question regarding authorization. Where are we restricting the call of such request to only the operator ? Are we handling this in the system-api code or is it through the other reverse proxies? |
|
@MoeMahhouk API access is restricted at the firewall level by the operator. The operator is responsible for opening up access to this port not to the public. |
No description provided.