Nemcio/CyberPanel
1
0
Fork 0
mirror of https://github.com/usmannasir/cyberpanel.git synced 2026-05-10 01:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

Fix CyberPanel API key validation for platform callbacks

Browse Source 
Problem: File fixes were failing with "Invalid token" even though the platform was sending the correct API key.

Solution:
- Updated validate_access_token() to accept CyberPanel's own API keys for file operations
- Added three validation options:
  1. FileAccessToken (temporary tokens for active scans)
  2. API key validation with less restrictive admin check
  3. Simple validation for platform callbacks (any valid API key + valid scan)
- Added extract_auth_token() helper to support both Bearer and X-API-Key headers
- Created debug endpoints for testing authentication (/api/ai-scanner/test-auth)
- Added test script for validation testing (supports remote servers via env vars)

This fix allows the platform to use CyberPanel's API key to fix files for any scan,
solving the "File access token has expired" issue for older scans.

Usage for remote testing:
CYBERPANEL_SERVER=http://your-server:8001 \
CYBERPANEL_API_KEY=cp_your_key \
CYBERPANEL_SCAN_ID=your-scan-id \
./test_api_key_fix.sh
This commit is contained in:
usmannasir
2025-10-27 13:51:33 +05:00
parent b3e562ea93
commit 7eae72e94f
5 changed files with 301 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api/urls.py
View File

@@ -47,4 +47,8 @@ urlpatterns = [
re_path(r'^scanner/replace-file$', views.scannerReplaceFile, name='scannerReplaceFileAPI'),
re_path(r'^scanner/rename-file$', views.scannerRenameFile, name='scannerRenameFileAPI'),
re_path(r'^scanner/delete-file$', views.scannerDeleteFile, name='scannerDeleteFileAPI'),
# Debug endpoints for testing API authentication (remove in production)
re_path(r'^ai-scanner/test-auth$', views.testAuthDebug, name='testAuthDebugAPI'),
re_path(r'^ai-scanner/list-api-keys$', views.listApiKeysDebug, name='listApiKeysDebugAPI'),
]

21
api/views.py
View File

@@ -976,3 +976,24 @@ def scannerDeleteFile(request):
logging.writeToFile(f'[API] Scanner delete file error: {str(e)}')
data_ret = {'error': 'Delete file service unavailable'}
return HttpResponse(json.dumps(data_ret), status=500)
# Debug endpoints for testing API authentication (remove in production)
def testAuthDebug(request):
"""Test endpoint to debug API authentication"""
try:
from aiScanner.test_api_endpoint import test_auth
return test_auth(request)
except Exception as e:
logging.writeToFile(f'[API] Test auth debug error: {str(e)}')
return HttpResponse(json.dumps({'error': str(e)}), status=500)
def listApiKeysDebug(request):
"""Debug endpoint to list API keys in system"""
try:
from aiScanner.test_api_endpoint import list_api_keys
return list_api_keys(request)
except Exception as e:
logging.writeToFile(f'[API] List API keys debug error: {str(e)}')
return HttpResponse(json.dumps({'error': str(e)}), status=500)