X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/762e0ab6ac28f783c5d0c9fdec438f13418f9ad6..5d8ebb8d00de8c3afa59045fa929536ff8973881:/services/api/app/controllers/application_controller.rb diff --git a/services/api/app/controllers/application_controller.rb b/services/api/app/controllers/application_controller.rb index a6718dd4d1..3cfe5b54fd 100644 --- a/services/api/app/controllers/application_controller.rb +++ b/services/api/app/controllers/application_controller.rb @@ -347,13 +347,20 @@ class ApplicationController < ActionController::Base # If there are too many reader tokens, assume the request is malicious # and ignore it. if request.get? and params[:reader_tokens] and - params[:reader_tokens].size < 100 + params[:reader_tokens].size < 100 + secrets = params[:reader_tokens].map { |t| + if t.is_a? String and t.starts_with? "v2/" + t.split("/")[2] + else + t + end + } @read_auths += ApiClientAuthorization .includes(:user) .where('api_token IN (?) AND (expires_at IS NULL OR expires_at > CURRENT_TIMESTAMP)', - params[:reader_tokens]) - .all + secrets) + .to_a end @read_auths.select! { |auth| auth.scopes_allow_request? request } @read_users = @read_auths.map(&:user).uniq @@ -566,7 +573,13 @@ class ApplicationController < ActionController::Base location: "query", required: false, default: false - } + }, + cluster_id: { + type: 'string', + description: "Create object on a remote federated cluster instead of the current one.", + location: "query", + required: false, + }, } end @@ -584,6 +597,12 @@ class ApplicationController < ActionController::Base limit: { type: 'integer', required: false, default: DEFAULT_LIMIT }, offset: { type: 'integer', required: false, default: 0 }, count: { type: 'string', required: false, default: 'exact' }, + cluster_id: { + type: 'string', + description: "List objects on a remote federated cluster instead of the current one.", + location: "query", + required: false, + }, } end