| 351 | } |
| 352 | |
| 353 | func updateAPIKeys() { |
| 354 | apiKeysLock.Lock() |
| 355 | defer apiKeysLock.Unlock() |
| 356 | |
| 357 | log.Debug("api: importing possibly updated API keys from config") |
| 358 | |
| 359 | // Delete current keys. |
| 360 | for k := range apiKeys { |
| 361 | delete(apiKeys, k) |
| 362 | } |
| 363 | |
| 364 | // whether or not we found expired API keys that should be removed |
| 365 | // from the setting |
| 366 | hasExpiredKeys := false |
| 367 | |
| 368 | // a list of valid API keys. Used when hasExpiredKeys is set to true. |
| 369 | // in that case we'll update the setting to only contain validAPIKeys |
| 370 | validAPIKeys := []string{} |
| 371 | |
| 372 | // Parse new keys. |
| 373 | for _, key := range configuredAPIKeys() { |
| 374 | u, err := url.Parse(key) |
| 375 | if err != nil { |
| 376 | log.Errorf("api: failed to parse configured API key %s: %s", key, err) |
| 377 | |
| 378 | continue |
| 379 | } |
| 380 | |
| 381 | if u.Path == "" { |
| 382 | log.Errorf("api: malformed API key %s: missing path section", key) |
| 383 | |
| 384 | continue |
| 385 | } |
| 386 | |
| 387 | // Create token with default permissions. |
| 388 | token := &AuthToken{ |
| 389 | Read: PermitAnyone, |
| 390 | Write: PermitAnyone, |
| 391 | } |
| 392 | |
| 393 | // Update with configured permissions. |
| 394 | q := u.Query() |
| 395 | // Parse read permission. |
| 396 | readPermission, err := parseAPIPermission(q.Get("read")) |
| 397 | if err != nil { |
| 398 | log.Errorf("api: invalid API key %s: %s", key, err) |
| 399 | continue |
| 400 | } |
| 401 | token.Read = readPermission |
| 402 | // Parse write permission. |
| 403 | writePermission, err := parseAPIPermission(q.Get("write")) |
| 404 | if err != nil { |
| 405 | log.Errorf("api: invalid API key %s: %s", key, err) |
| 406 | continue |
| 407 | } |
| 408 | token.Write = writePermission |
| 409 | |
| 410 | expireStr := q.Get("expires") |