API key change should take effect on restart only

author: Jakob Borg <jakob@nym.se> 2014-06-05 09:16:12 +0200
committer: Jakob Borg <jakob@nym.se> 2014-06-05 09:16:12 +0200
commit: 1cff9ccc6349f80dcbe50311001d6b1d88a293af (patch)
tree: 3bf3a43bbf04db9c10b6332a931de9e62bbee4ec /cmd
parent: 20a018db2e4add32c400cfced3ec6d23e98f95e5 (diff)
2 files changed, 4 insertions, 1 deletions
diff --git a/cmd/syncthing/gui.go b/cmd/syncthing/gui.go
index 0f866fd76c..ef21e95c4f 100644
--- a/cmd/syncthing/gui.go
+++ b/cmd/syncthing/gui.go
@@ -40,6 +40,7 @@ var (
 	guiErrors    = []guiError{}
 	guiErrorsMut sync.Mutex
 	static       func(http.ResponseWriter, *http.Request, *log.Logger)
+	apiKey       string
 )
 
 const (
@@ -115,6 +116,7 @@ func startGUI(cfg config.GUIConfiguration, assetDir string, m *model.Model) erro
 	mr.Action(router.Handle)
 	mr.Map(m)
 
+	apiKey = cfg.APIKey
 	loadCsrfTokens()
 
 	go http.Serve(listener, mr)
@@ -363,7 +365,7 @@ func basic(username string, passhash string) http.HandlerFunc {
 }
 
 func validAPIKey(k string) bool {
-	return len(cfg.GUI.APIKey) > 0 && k == cfg.GUI.APIKey
+	return len(apiKey) > 0 && k == apiKey
 }
 
 func embeddedStatic() func(http.ResponseWriter, *http.Request, *log.Logger) {
diff --git a/cmd/syncthing/gui_csrf.go b/cmd/syncthing/gui_csrf.go
index 7fb67e19cf..1dbf1faf1f 100644
--- a/cmd/syncthing/gui_csrf.go
+++ b/cmd/syncthing/gui_csrf.go
@@ -25,6 +25,7 @@ func csrfMiddleware(w http.ResponseWriter, r *http.Request) {
 	if validAPIKey(r.Header.Get("X-API-Key")) {
 		return
 	}
+
 	if strings.HasPrefix(r.URL.Path, "/rest/") {
 		token := r.Header.Get("X-CSRF-Token")
 		if !validCsrfToken(token) {
author	Jakob Borg <jakob@nym.se>	2014-06-05 09:16:12 +0200
committer	Jakob Borg <jakob@nym.se>	2014-06-05 09:16:12 +0200
commit	1cff9ccc6349f80dcbe50311001d6b1d88a293af (patch)
tree	3bf3a43bbf04db9c10b6332a931de9e62bbee4ec /cmd
parent	20a018db2e4add32c400cfced3ec6d23e98f95e5 (diff)