Removed system key functions and replace with tokens. Fixed doc generation. TODO: test e2e

Author: Forceu

build/go-generate/updateProtectedUrls.go

@@ -97,7 +97,7 @@ func writeDocumentationFile(urls []string) {
 	for _, url := range urls {
 		output = output + "- ``" + url + "``\n"
 	}
-	regex := regexp.MustCompile(`proxy:(?:\r?\n)+((?:- ` + "``" + `\/\w+` + "``" + `\r?\n)+)`)
+	regex := regexp.MustCompile("proxy:(?:\\r?\\n)+(?:- ``\\/[^`]+``\\r?\\n)+")
 	matches := regex.FindAllIndex(documentationContent, -1)
 	if len(matches) != 1 {
 		fmt.Println("ERROR: Not one match found exactly for documentation")

docs/setup.rst

@@ -290,20 +290,6 @@ This option disables Gokapis internal authentication completely, except for API
 - ``/uploadChunk``
 - ``/uploadStatus``
 - ``/users``
-- ``/auth/token``
-- ``/changePassword``
-- ``/e2eSetup``
-- ``/logs``
-- ``/uploadChunk``
-- ``/uploadStatus``
-- ``/users``
-- ``/auth/token``
-- ``/changePassword``
-- ``/e2eSetup``
-- ``/logs``
-- ``/uploadChunk``
-- ``/uploadStatus``
-- ``/users``
 
 .. warning::
    This option has potential to be *very* dangerous, only proceed if you know what you are doing!

internal/configuration/database/Database.go

@@ -139,11 +139,6 @@ func DeleteApiKey(id string) {
 	db.DeleteApiKey(id)
 }
 
-// GetSystemKey returns the latest UI API key
-func GetSystemKey(userId int) (models.ApiKey, bool) {
-	return db.GetSystemKey(userId)
-}
-
 // GetApiKeyByPublicKey returns an API key by using the public key
 func GetApiKeyByPublicKey(publicKey string) (string, bool) {
 	return db.GetApiKeyByPublicKey(publicKey)

internal/configuration/database/dbabstraction/DbAbstraction.go

@@ -2,6 +2,7 @@ package dbabstraction
 
 import (
 	"fmt"
+
 	"github.com/forceu/gokapi/internal/configuration/database/provider/redis"
 	"github.com/forceu/gokapi/internal/configuration/database/provider/sqlite"
 	"github.com/forceu/gokapi/internal/models"
@@ -43,8 +44,6 @@ type Database interface {
 	UpdateTimeApiKey(apikey models.ApiKey)
 	// DeleteApiKey deletes an API key with the given ID
 	DeleteApiKey(id string)
-	// GetSystemKey returns the latest UI API key
-	GetSystemKey(userId int) (models.ApiKey, bool)
 	// GetApiKeyByPublicKey returns an API key by using the public key
 	GetApiKeyByPublicKey(publicKey string) (string, bool)
 

internal/configuration/database/provider/redis/apikeys.go

@@ -1,10 +1,11 @@
 package redis
 
 import (
+	"strings"
+
 	"github.com/forceu/gokapi/internal/helper"
 	"github.com/forceu/gokapi/internal/models"
 	redigo "github.com/gomodule/redigo/redis"
-	"strings"
 )
 
 const (
@@ -41,29 +42,6 @@ func (p DatabaseProvider) GetApiKey(id string) (models.ApiKey, bool) {
 	return apikey, true
 }
 
-// GetSystemKey returns the latest UI API key
-func (p DatabaseProvider) GetSystemKey(userId int) (models.ApiKey, bool) {
-	keys := p.GetAllApiKeys()
-	foundKey := ""
-	var latestExpiry int64
-	for _, key := range keys {
-		if !key.IsSystemKey {
-			continue
-		}
-		if key.UserId != userId {
-			continue
-		}
-		if key.Expiry > latestExpiry {
-			foundKey = key.Id
-			latestExpiry = key.Expiry
-		}
-	}
-	if foundKey == "" {
-		return models.ApiKey{}, false
-	}
-	return keys[foundKey], true
-}
-
 // GetApiKeyByPublicKey returns an API key by using the public key
 func (p DatabaseProvider) GetApiKeyByPublicKey(publicKey string) (string, bool) {
 	keys := p.GetAllApiKeys()

internal/configuration/database/provider/sqlite/apikeys.go

@@ -3,9 +3,10 @@ package sqlite
 import (
 	"database/sql"
 	"errors"
+	"time"
+
 	"github.com/forceu/gokapi/internal/helper"
 	"github.com/forceu/gokapi/internal/models"
-	"time"
 )
 
 type schemaApiKeys struct {
@@ -76,32 +77,6 @@ func (p DatabaseProvider) GetApiKey(id string) (models.ApiKey, bool) {
 	return result, true
 }
 
-// GetSystemKey returns the latest UI API key
-func (p DatabaseProvider) GetSystemKey(userId int) (models.ApiKey, bool) {
-	var rowResult schemaApiKeys
-	row := p.sqliteDb.QueryRow("SELECT * FROM ApiKeys WHERE IsSystemKey = 1 AND UserId = ? ORDER BY Expiry DESC LIMIT 1", userId)
-	err := row.Scan(&rowResult.Id, &rowResult.FriendlyName, &rowResult.LastUsed, &rowResult.Permissions, &rowResult.Expiry, &rowResult.IsSystemKey, &rowResult.UserId, &rowResult.PublicId)
-	if err != nil {
-		if errors.Is(err, sql.ErrNoRows) {
-			return models.ApiKey{}, false
-		}
-		helper.Check(err)
-		return models.ApiKey{}, false
-	}
-
-	result := models.ApiKey{
-		Id:           rowResult.Id,
-		PublicId:     rowResult.PublicId,
-		FriendlyName: rowResult.FriendlyName,
-		LastUsed:     rowResult.LastUsed,
-		Permissions:  models.ApiPermission(rowResult.Permissions),
-		Expiry:       rowResult.Expiry,
-		IsSystemKey:  rowResult.IsSystemKey == 1,
-		UserId:       rowResult.UserId,
-	}
-	return result, true
-}
-
 // GetApiKeyByPublicKey returns an API key by using the public key
 func (p DatabaseProvider) GetApiKeyByPublicKey(publicKey string) (string, bool) {
 	var rowResult schemaApiKeys

internal/webserver/Webserver.go

@@ -653,7 +653,6 @@ func showE2ESetup(w http.ResponseWriter, r *http.Request) {
 	err = templateFolder.ExecuteTemplate(w, "e2esetup", e2ESetupView{
 		HasBeenSetup:  e2einfo.HasBeenSetUp(),
 		PublicName:    configuration.Get().PublicName,
-		SystemKey:     api.GetSystemKey(user.Id),
 		CustomContent: customStaticInfo})
 	helper.CheckIgnoreTimeout(err)
 }
@@ -681,7 +680,6 @@ type e2ESetupView struct {
 	IsDownloadView bool
 	HasBeenSetup   bool
 	PublicName     string
-	SystemKey      string
 	CustomContent  customStatic
 }
 
@@ -695,7 +693,6 @@ type AdminView struct {
 	ServerUrl             string
 	Logs                  string
 	PublicName            string
-	SystemKey             string
 	IsAdminView           bool
 	IsDownloadView        bool
 	IsApiView             bool
@@ -807,7 +804,6 @@ func (u *AdminView) convertGlobalConfig(view int, user models.User) *AdminView {
 	u.MinLengthPassword = config.MinLengthPassword
 	u.ChunkSize = config.ChunkSize
 	u.IncludeFilename = config.IncludeFilename
-	u.SystemKey = api.GetSystemKey(user.Id)
 	return u
 }
 

internal/webserver/api/Api.go

@@ -124,49 +124,6 @@ func generateNewKey(defaultPermissions bool, userId int, friendlyName string) mo
 	return newKey
 }
 
-// newSystemKey generates a new API key that is only used internally for the GUI
-// and will be valid for 48 hours
-func newSystemKey(userId int) string {
-	user, ok := database.GetUser(userId)
-	if !ok {
-		panic("user not found")
-	}
-	tempKey := models.ApiKey{
-		Permissions: models.ApiPermAll,
-	}
-	if !user.HasPermissionReplace() {
-		tempKey.RemovePermission(models.ApiPermReplace)
-	}
-	if !user.HasPermissionManageUsers() {
-		tempKey.RemovePermission(models.ApiPermManageUsers)
-	}
-	if !user.HasPermissionManageLogs() {
-		tempKey.RemovePermission(models.ApiPermManageLogs)
-	}
-
-	newKey := models.ApiKey{
-		Id:           helper.GenerateRandomString(LengthApiKey),
-		PublicId:     helper.GenerateRandomString(LengthPublicId),
-		FriendlyName: "Internal System Key",
-		Permissions:  tempKey.Permissions,
-		Expiry:       time.Now().Add(time.Hour * 48).Unix(),
-		IsSystemKey:  true,
-		UserId:       userId,
-	}
-	database.SaveApiKey(newKey)
-	return newKey.Id
-}
-
-// GetSystemKey returns the latest System API key or generates a new one, if none exists or the current one expires
-// within the next 24 hours
-func GetSystemKey(userId int) string {
-	key, ok := database.GetSystemKey(userId)
-	if !ok || key.Expiry < time.Now().Add(time.Hour*24).Unix() {
-		return newSystemKey(userId)
-	}
-	return key.Id
-}
-
 func apiDeleteKey(w http.ResponseWriter, r requestParser, user models.User) {
 	request, ok := r.(*paramAuthDelete)
 	if !ok {