Commit f68d2816 by Daniel Lee

dashfolders: security for png rendering

parent 659a5910
...@@ -18,6 +18,8 @@ func RenderToPng(c *middleware.Context) { ...@@ -18,6 +18,8 @@ func RenderToPng(c *middleware.Context) {
Width: queryReader.Get("width", "800"), Width: queryReader.Get("width", "800"),
Height: queryReader.Get("height", "400"), Height: queryReader.Get("height", "400"),
OrgId: c.OrgId, OrgId: c.OrgId,
UserId: c.UserId,
OrgRole: c.OrgRole,
Timeout: queryReader.Get("timeout", "30"), Timeout: queryReader.Get("timeout", "30"),
Timezone: queryReader.Get("tz", ""), Timezone: queryReader.Get("tz", ""),
} }
......
...@@ -15,6 +15,7 @@ import ( ...@@ -15,6 +15,7 @@ import (
"github.com/grafana/grafana/pkg/log" "github.com/grafana/grafana/pkg/log"
"github.com/grafana/grafana/pkg/middleware" "github.com/grafana/grafana/pkg/middleware"
"github.com/grafana/grafana/pkg/models"
"github.com/grafana/grafana/pkg/setting" "github.com/grafana/grafana/pkg/setting"
"github.com/grafana/grafana/pkg/util" "github.com/grafana/grafana/pkg/util"
) )
...@@ -25,6 +26,8 @@ type RenderOpts struct { ...@@ -25,6 +26,8 @@ type RenderOpts struct {
Height string Height string
Timeout string Timeout string
OrgId int64 OrgId int64
UserId int64
OrgRole models.RoleType
Timezone string Timezone string
} }
...@@ -72,7 +75,7 @@ func RenderToPng(params *RenderOpts) (string, error) { ...@@ -72,7 +75,7 @@ func RenderToPng(params *RenderOpts) (string, error) {
pngPath, _ := filepath.Abs(filepath.Join(setting.ImagesDir, util.GetRandomString(20))) pngPath, _ := filepath.Abs(filepath.Join(setting.ImagesDir, util.GetRandomString(20)))
pngPath = pngPath + ".png" pngPath = pngPath + ".png"
renderKey := middleware.AddRenderAuthKey(params.OrgId) renderKey := middleware.AddRenderAuthKey(params.OrgId, params.UserId, params.OrgRole)
defer middleware.RemoveRenderAuthKey(renderKey) defer middleware.RemoveRenderAuthKey(renderKey)
cmdArgs := []string{ cmdArgs := []string{
......
...@@ -33,14 +33,15 @@ func initContextWithRenderAuth(ctx *Context) bool { ...@@ -33,14 +33,15 @@ func initContextWithRenderAuth(ctx *Context) bool {
type renderContextFunc func(key string) (string, error) type renderContextFunc func(key string) (string, error)
func AddRenderAuthKey(orgId int64) string { func AddRenderAuthKey(orgId int64, userId int64, orgRole m.RoleType) string {
renderKeysLock.Lock() renderKeysLock.Lock()
key := util.GetRandomString(32) key := util.GetRandomString(32)
renderKeys[key] = &m.SignedInUser{ renderKeys[key] = &m.SignedInUser{
OrgId: orgId, OrgId: orgId,
OrgRole: m.ROLE_VIEWER, OrgRole: orgRole,
UserId: userId,
} }
renderKeysLock.Unlock() renderKeysLock.Unlock()
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment