[IMPROVE] Add option to require authentication on user's shield endpoint (#16845)

6 years ago · ee85516ecb
parent d183e80f3f
commit ee85516ecb
4 changed files with 6 additions and 0 deletions
--- a/app/api/server/settings.js
+++ b/app/api/server/settings.js
@ -8,6 +8,7 @@ settings.addGroup('General', function() {
 		this.add('API_Enable_Direct_Message_History_EndPoint', false, { type: 'boolean', public: false });
 		this.add('API_Enable_Shields', true, { type: 'boolean', public: false });
 		this.add('API_Shield_Types', '*', { type: 'string', public: false, enableQuery: { _id: 'API_Enable_Shields', value: true } });
+		this.add('API_Shield_user_require_auth', false, { type: 'boolean', public: false, enableQuery: { _id: 'API_Enable_Shields', value: true } });
 		this.add('API_Enable_CORS', false, { type: 'boolean', public: false });
 		this.add('API_CORS_Origin', '*', { type: 'string', public: false, enableQuery: { _id: 'API_Enable_CORS', value: true } });
 	});
--- a/app/api/server/v1/misc.js
+++ b/app/api/server/v1/misc.js
@ -88,6 +88,9 @@ API.v1.addRoute('shield.svg', { authRequired: false, rateLimiterOptions: { numRe
 				text = `#${ channel }`;
 				break;
 			case 'user':
+				if (settings.get('API_Shield_user_require_auth') && !this.getLoggedInUser()) {
+					return API.v1.failure('You must be logged in to do this.');
+				}
 				const user = this.getUserFromParams();

 				// Respect the server's choice for using their real names or not
--- a/packages/rocketchat-i18n/i18n/en.i18n.json
+++ b/packages/rocketchat-i18n/i18n/en.i18n.json
@ -335,6 +335,7 @@
  "API_Personal_Access_Tokens_Regenerate_It": "Regenerate token",
  "API_Shield_Types": "Shield Types",
  "API_Shield_Types_Description": "Types of shields to enable as a comma separated list, choose from `online`, `channel` or `*` for all",
+  "API_Shield_user_require_auth": "Require authentication for users shields",
  "API_Token": "API Token",
  "API_Tokenpass_URL": "Tokenpass Server URL",
  "API_Tokenpass_URL_Description": "Example: https://domain.com (excluding trailing slash)",
--- a/packages/rocketchat-i18n/i18n/pt-BR.i18n.json
+++ b/packages/rocketchat-i18n/i18n/pt-BR.i18n.json
@ -325,6 +325,7 @@
  "API_Personal_Access_Tokens_Regenerate_It": "Renovar código",
  "API_Shield_Types": "Tipos de escudo",
  "API_Shield_Types_Description": "Tipos de escudos para habilitar como uma lista separada por vírgulas, escolha entre \"on-line\", \"canal\" ou \"*\" para todos",
+  "API_Shield_user_require_auth": "Exigir autenticaçāo para escudos de usuários",
  "API_Token": "API Token",
  "API_Tokenpass_URL": "URL do Servidor Tokenpass",
  "API_Tokenpass_URL_Description": "Exemplo: https://domain.com (excluindo a barra diagonal)",