Overwork Services/Discovery (#725)

* Update homeassistant.py * Update validate.py * Update exceptions.py * Update services.py * Update discovery.py * fix gitignore * Fix handling for discovery * use object in ref * lock down discovery API * fix api * Design * Fix API * fix lint * fix * Fix security layer * add provide layer * fix access * change rating * fix rights * Fix API error handling * raise error * fix rights * api * fix handling * fix * debug * debug json * Fix validator * fix error * new url * fix schema
2025-10-30 14:09:47 +00:00 · 2018-09-29 19:49:08 +02:00
parent 4ef8c9d633
commit e5451973bd
22 changed files with 263 additions and 202 deletions
--- a/hassio/api/security.py
+++ b/hassio/api/security.py
@@ -26,7 +26,6 @@ NO_SECURITY_CHECK = re.compile(
    r"|/homeassistant/api/.*"
    r"|/homeassistant/websocket"
    r"|/supervisor/ping"
-    r"|/services.*"
    r")$"
 )

@@ -35,6 +34,8 @@ ADDONS_API_BYPASS = re.compile(
    r"^(?:"
    r"|/addons/self/(?!security)[^/]+"
    r"|/version"
+    r"|/services.*"
+    r"|/discovery.*"
    r")$"
 )

@@ -58,8 +59,7 @@ ADDONS_ROLE_ACCESS = {
        r"|/hardware/.+"
        r"|/hassos/.+"
        r"|/supervisor/.+"
-        r"|/addons/[^/]+/(?!security|options).+"
-        r"|/addons(?:/self/(?!security).+)?"
+        r"|/addons/[^/]+/(?!security).+"
        r"|/snapshots.*"
        r")$"
    ),
@@ -102,12 +102,12 @@ class SecurityMiddleware(CoreSysAttributes):
        if hassio_token in (self.sys_homeassistant.uuid,
                            self.sys_homeassistant.hassio_token):
            _LOGGER.debug("%s access from Home Assistant", request.path)
-            request_from = 'homeassistant'
+            request_from = self.sys_homeassistant

        # Host
        if hassio_token == self.sys_machine_id:
            _LOGGER.debug("%s access from Host", request.path)
-            request_from = 'host'
+            request_from = self.sys_host

        # Add-on
        addon = None
@@ -117,12 +117,12 @@ class SecurityMiddleware(CoreSysAttributes):
        # Check Add-on API access
        if addon and ADDONS_API_BYPASS.match(request.path):
            _LOGGER.debug("Passthrough %s from %s", request.path, addon.slug)
-            request_from = addon.slug
+            request_from = addon
        elif addon and addon.access_hassio_api:
            # Check Role
            if ADDONS_ROLE_ACCESS[addon.hassio_role].match(request.path):
                _LOGGER.info("%s access from %s", request.path, addon.slug)
-                request_from = addon.slug
+                request_from = addon
            else:
                _LOGGER.warning("%s no role for %s", request.path, addon.slug)