gh_mirrors/1Panel
1
0
Fork 0
mirror of https://github.com/1Panel-dev/1Panel.git synced 2025-01-31 14:08:06 +08:00
Code

fix: Dealing with API interface issues (#7295)

Browse Source
This commit is contained in:
2024-12-09 15:29:33 +08:00 committed by GitHub
parent b88438a0a3
commit 3d84a5589f
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 26 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
backend/middleware/session.go
View File

@ -65,7 +65,7 @@ func SessionAuth() gin.HandlerFunc {
func isValid1PanelToken(panelToken string, panelTimestamp string) bool { func isValid1PanelToken(panelToken string, panelTimestamp string) bool {
system1PanelToken := global.CONF.System.ApiKey system1PanelToken := global.CONF.System.ApiKey
if GenerateMD5("1panel"+panelToken+panelTimestamp) == GenerateMD5("1panel"+system1PanelToken+panelTimestamp) { if panelToken == GenerateMD5("1panel"+system1PanelToken+panelTimestamp) {
return true return true
} }
return false return false

4
frontend/src/lang/modules/en.ts
View File

@ -1410,8 +1410,8 @@ const message = {
apiInterfaceHelper: 'Allow third-party applications to access the API.', apiInterfaceHelper: 'Allow third-party applications to access the API.',
apiInterfaceAlert1: `Don't enable it in production environments because it may increase server security risks.`, apiInterfaceAlert1: `Don't enable it in production environments because it may increase server security risks.`,
apiInterfaceAlert2: `Don't use third-party applications to call the API to prevent potential security threats.`, apiInterfaceAlert2: `Don't use third-party applications to call the API to prevent potential security threats.`,
apiInterfaceAlert3: 'API document:', apiInterfaceAlert3: 'API Docs',
apiInterfaceAlert4: 'Usage document:', apiInterfaceAlert4: 'Usage Docs',
apiKey: 'Interface key', apiKey: 'Interface key',
apiKeyHelper: 'API key is used for third-party applications to access the API.', apiKeyHelper: 'API key is used for third-party applications to access the API.',
ipWhiteList: 'IP whitelist', ipWhiteList: 'IP whitelist',

4
frontend/src/lang/modules/tw.ts
View File

@ -1331,8 +1331,8 @@ const message = {
apiInterfaceHelper: '提供面板支持 API 接口訪問', apiInterfaceHelper: '提供面板支持 API 接口訪問',
apiInterfaceAlert1: '請不要在生產環境開啟這可能新增服務器安全風險', apiInterfaceAlert1: '請不要在生產環境開啟這可能新增服務器安全風險',
apiInterfaceAlert2: '請不要使用協力廠商應用調用面板 API以防止潜在的安全威脅', apiInterfaceAlert2: '請不要使用協力廠商應用調用面板 API以防止潜在的安全威脅',
apiInterfaceAlert3: 'API 接口檔案', apiInterfaceAlert3: 'API 接口檔案',
apiInterfaceAlert4: '使用檔案', apiInterfaceAlert4: '使用檔案',
apiKey: '接口密钥', apiKey: '接口密钥',
apiKeyHelper: '接口密钥用於外部應用訪問 API 接口', apiKeyHelper: '接口密钥用於外部應用訪問 API 接口',
ipWhiteList: 'IP白名單', ipWhiteList: 'IP白名單',

4
frontend/src/lang/modules/zh.ts
View File

@ -1333,8 +1333,8 @@ const message = {
apiInterfaceHelper: '提供面板支持 API 接口访问', apiInterfaceHelper: '提供面板支持 API 接口访问',
apiInterfaceAlert1: '请不要在生产环境开启这可能增加服务器安全风险', apiInterfaceAlert1: '请不要在生产环境开启这可能增加服务器安全风险',
apiInterfaceAlert2: '请不要使用第三方应用调用面板 API以防止潜在的安全威胁', apiInterfaceAlert2: '请不要使用第三方应用调用面板 API以防止潜在的安全威胁',
apiInterfaceAlert3: 'API 接口文档:', apiInterfaceAlert3: 'API 接口文档',
apiInterfaceAlert4: '使用文档:', apiInterfaceAlert4: '使用文档',
apiKey: '接口密钥', apiKey: '接口密钥',
apiKeyHelper: '接口密钥用于外部应用访问 API 接口', apiKeyHelper: '接口密钥用于外部应用访问 API 接口',
ipWhiteList: 'IP 白名单', ipWhiteList: 'IP 白名单',

12
frontend/src/views/setting/panel/api-interface/index.vue
View File

@ -21,15 +21,13 @@
<el-text type="danger">{{ $t('setting.apiInterfaceAlert2') }}</el-text> <el-text type="danger">{{ $t('setting.apiInterfaceAlert2') }}</el-text>
</li> </li>
<li> <li>
<el-link :href="apiURL" type="warning" target="_blank" class="mb-0.5 ml-0.5">
{{ $t('setting.apiInterfaceAlert3') }} {{ $t('setting.apiInterfaceAlert3') }}
<el-link :href="apiURL" type="success" target="_blank" class="mb-0.5 ml-0.5">
{{ apiURL }}
</el-link> </el-link>
</li> </li>
<li> <li>
<el-link :href="panelURL" type="warning" target="_blank" class="mb-0.5 ml-0.5">
{{ $t('setting.apiInterfaceAlert4') }} {{ $t('setting.apiInterfaceAlert4') }}
<el-link :href="panelURL" type="success" target="_blank" class="mb-0.5 ml-0.5">
{{ panelURL }}
</el-link> </el-link>
</li> </li>
</ul> </ul>
@ -73,7 +71,7 @@
<template #footer> <template #footer>
<span class="dialog-footer"> <span class="dialog-footer">
<el-button @click="handleClose">{{ $t('commons.button.cancel') }}</el-button> <el-button @click="handleClose">{{ $t('commons.button.cancel') }}</el-button>
<el-button :disabled="loading" type="primary" @click="onBind(formRef)"> <el-button :disabled="loading" type="primary" @click="onSave(formRef)">
{{ $t('commons.button.confirm') }} {{ $t('commons.button.confirm') }}
</el-button> </el-button>
</span> </span>
@ -97,7 +95,7 @@ const formRef = ref();
const apiURL = `${window.location.protocol}//${window.location.hostname}${ const apiURL = `${window.location.protocol}//${window.location.hostname}${
window.location.port ? `:${window.location.port}` : '' window.location.port ? `:${window.location.port}` : ''
}/1panel/swagger/index.html`; }/1panel/swagger/index.html`;
const panelURL = `https://1panel.cn/docs`; const panelURL = `https://1panel.cn/docs/dev_manual/api_manual/`;
const form = reactive({ const form = reactive({
apiKey: '', apiKey: '',
@ -171,7 +169,7 @@ const resetApiKey = async () => {
}); });
}; };
const onBind = async (formEl: FormInstance | undefined) => { const onSave = async (formEl: FormInstance | undefined) => {
if (!formEl) return; if (!formEl) return;
formEl.validate(async (valid) => { formEl.validate(async (valid) => {
if (!valid) return; if (!valid) return;

17
frontend/src/views/setting/panel/index.vue
View File

@ -196,7 +196,7 @@
<script lang="ts" setup> <script lang="ts" setup>
import { ref, reactive, onMounted, computed } from 'vue'; import { ref, reactive, onMounted, computed } from 'vue';
import { ElForm, ElMessageBox } from 'element-plus'; import { ElForm, ElMessageBox } from 'element-plus';
import { getSettingInfo, updateSetting, getSystemAvailable } from '@/api/modules/setting'; import { getSettingInfo, updateSetting, getSystemAvailable, updateApiConfig } from '@/api/modules/setting';
import { GlobalStore } from '@/store'; import { GlobalStore } from '@/store';
import { useI18n } from 'vue-i18n'; import { useI18n } from 'vue-i18n';
import { useTheme } from '@/hooks/use-theme'; import { useTheme } from '@/hooks/use-theme';
@ -391,19 +391,11 @@ const onChangeProxy = () => {
const onChangeApiInterfaceStatus = async () => { const onChangeApiInterfaceStatus = async () => {
if (form.apiInterfaceStatus === 'enable') { if (form.apiInterfaceStatus === 'enable') {
loading.value = true;
await updateSetting({ key: 'ApiInterfaceStatus', value: form.apiInterfaceStatus })
.then(() => {
loading.value = false;
apiInterfaceRef.value.acceptParams({ apiInterfaceRef.value.acceptParams({
apiInterfaceStatus: form.apiInterfaceStatus, apiInterfaceStatus: form.apiInterfaceStatus,
apiKey: form.apiKey, apiKey: form.apiKey,
ipWhiteList: form.ipWhiteList, ipWhiteList: form.ipWhiteList,
}); });
})
.catch(() => {
loading.value = false;
});
return; return;
} }
ElMessageBox.confirm(i18n.t('setting.apiInterfaceClose'), i18n.t('setting.apiInterface'), { ElMessageBox.confirm(i18n.t('setting.apiInterfaceClose'), i18n.t('setting.apiInterface'), {
@ -413,7 +405,12 @@ const onChangeApiInterfaceStatus = async () => {
.then(async () => { .then(async () => {
loading.value = true; loading.value = true;
form.apiInterfaceStatus = 'disable'; form.apiInterfaceStatus = 'disable';
await updateSetting({ key: 'ApiInterfaceStatus', value: 'disable' }) let param = {
apiKey: form.apiKey,
ipWhiteList: form.ipWhiteList,
apiInterfaceStatus: form.apiInterfaceStatus,
};
await updateApiConfig(param)
.then(() => { .then(() => {
loading.value = false; loading.value = false;
search(); search();