jnd/beszel-ipv6
1
0
Fork 0
mirror of https://github.com/henrygd/beszel.git synced 2026-04-07 05:21:50 +02:00
Code Issues Packages Projects Releases 2 Wiki Activity

hub: return error if accessing /api/beszel/universal-token with a superuser account (#1870)

Browse Source
This commit is contained in:
henrygd
2026-04-01 22:16:47 -04:00
parent ba10da1b9f
commit 0fff699bf6
3 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/hub/api.go
View File

@@ -180,6 +180,10 @@ func (info *UpdateInfo) getUpdate(e *core.RequestEvent) error {
// GetUniversalToken handles the universal token API endpoint (create, read, delete)
func (h *Hub) getUniversalToken(e *core.RequestEvent) error {
if e.Auth.IsSuperuser() {
return e.ForbiddenError("Superusers cannot use universal tokens", nil)
}
tokenMap := universalTokenMap.GetMap()
userID := e.Auth.Id
query := e.Request.URL.Query()