diff --git a/supervisor/api/__init__.py b/supervisor/api/__init__.py index 95a0a1c8c..6faca29b1 100644 --- a/supervisor/api/__init__.py +++ b/supervisor/api/__init__.py @@ -19,7 +19,7 @@ from .host import APIHost from .info import APIInfo from .ingress import APIIngress from .jobs import APIJobs -from .middleware_security import SecurityMiddleware +from .middleware.security import SecurityMiddleware from .multicast import APIMulticast from .network import APINetwork from .observer import APIObserver @@ -223,7 +223,6 @@ class RestAPI(CoreSysAttributes): [ web.get("/hardware/info", api_hardware.info), web.get("/hardware/audio", api_hardware.audio), - web.post("/hardware/trigger", api_hardware.trigger), ] ) diff --git a/supervisor/api/hardware.py b/supervisor/api/hardware.py index ac3e4313f..fb24d1580 100644 --- a/supervisor/api/hardware.py +++ b/supervisor/api/hardware.py @@ -1,6 +1,6 @@ """Init file for Supervisor hardware RESTful API.""" import logging -from typing import Any, Awaitable, Dict +from typing import Any, Dict from aiohttp import web @@ -58,8 +58,3 @@ class APIHardware(CoreSysAttributes): }, } } - - @api_process - async def trigger(self, request: web.Request) -> Awaitable[None]: - """Trigger a udev device reload.""" - _LOGGER.debug("Ignoring DEPRECATED hardware trigger function call.") diff --git a/supervisor/api/middleware/__init__.py b/supervisor/api/middleware/__init__.py new file mode 100644 index 000000000..830b874dc --- /dev/null +++ b/supervisor/api/middleware/__init__.py @@ -0,0 +1 @@ +"""API middleware for aiohttp.""" diff --git a/supervisor/api/middleware_security.py b/supervisor/api/middleware/security.py similarity index 93% rename from supervisor/api/middleware_security.py rename to supervisor/api/middleware/security.py index 7352a5ff6..d11efc920 100644 --- a/supervisor/api/middleware_security.py +++ b/supervisor/api/middleware/security.py @@ -5,7 +5,7 @@ import re from aiohttp.web import Request, RequestHandler, Response, middleware from aiohttp.web_exceptions import HTTPForbidden, HTTPUnauthorized -from ..const import ( +from ...const import ( REQUEST_FROM, ROLE_ADMIN, ROLE_BACKUP, @@ -14,8 +14,8 @@ from ..const import ( ROLE_MANAGER, CoreState, ) -from ..coresys import CoreSys, CoreSysAttributes -from .utils import api_return_error, excract_supervisor_token +from ...coresys import CoreSys, CoreSysAttributes +from ..utils import api_return_error, excract_supervisor_token _LOGGER: logging.Logger = logging.getLogger(__name__) @@ -53,7 +53,6 @@ ADDONS_API_BYPASS = re.compile( r"|/addons/self/(?!security|update)[^/]+" r"|/addons/self/options/config" r"|/info" - r"|/hardware/trigger" r"|/services.*" r"|/discovery.*" r"|/auth" @@ -65,22 +64,24 @@ ADDONS_ROLE_ACCESS = { ROLE_DEFAULT: re.compile( r"^(?:" r"|/.+/info" - r"|/addons" r")$" ), ROLE_HOMEASSISTANT: re.compile( r"^(?:" + r"|/.+/info" r"|/core/.+" r"|/homeassistant/.+" r")$" ), ROLE_BACKUP: re.compile( r"^(?:" + r"|/.+/info" r"|/snapshots.*" r")$" ), ROLE_MANAGER: re.compile( r"^(?:" + r"|/.+/info" r"|/addons(?:/[^/]+/(?!security).+|/reload)?" r"|/audio/.+" r"|/auth/cache" @@ -101,6 +102,7 @@ ADDONS_ROLE_ACCESS = { r"|/snapshots.*" r"|/store.*" r"|/supervisor/.+" + r"|/security/.+" r")$" ), ROLE_ADMIN: re.compile( @@ -191,6 +193,10 @@ class SecurityMiddleware(CoreSysAttributes): request_from = addon else: _LOGGER.warning("%s no role for %s", request.path, addon.slug) + elif addon: + _LOGGER.warning( + "%s missing API permission for %s", addon.slug, request.path + ) if request_from: request[REQUEST_FROM] = request_from diff --git a/tests/api/middleware/__init__.py b/tests/api/middleware/__init__.py new file mode 100644 index 000000000..28938932e --- /dev/null +++ b/tests/api/middleware/__init__.py @@ -0,0 +1 @@ +"""Test for API middleware.""" diff --git a/tests/api/test_middleware_security.py b/tests/api/middleware/test_security.py similarity index 100% rename from tests/api/test_middleware_security.py rename to tests/api/middleware/test_security.py