API key change should take effect on restart only

muzili · Jun 5, 2014 · 1cff9cc · 1cff9cc
1 parent 20a018d
commit 1cff9cc
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/cmd/syncthing/gui.go b/cmd/syncthing/gui.go
@@ -40,6 +40,7 @@ var (
 	guiErrors    = []guiError{}
 	guiErrorsMut sync.Mutex
 	static       func(http.ResponseWriter, *http.Request, *log.Logger)
+	apiKey       string
 )
 
 const (
@@ -115,6 +116,7 @@ func startGUI(cfg config.GUIConfiguration, assetDir string, m *model.Model) erro
 	mr.Action(router.Handle)
 	mr.Map(m)
 
+	apiKey = cfg.APIKey
 	loadCsrfTokens()
 
 	go http.Serve(listener, mr)
@@ -363,7 +365,7 @@ func basic(username string, passhash string) http.HandlerFunc {
 }
 
 func validAPIKey(k string) bool {
-	return len(cfg.GUI.APIKey) > 0 && k == cfg.GUI.APIKey
+	return len(apiKey) > 0 && k == apiKey
 }
 
 func embeddedStatic() func(http.ResponseWriter, *http.Request, *log.Logger) {

diff --git a/cmd/syncthing/gui_csrf.go b/cmd/syncthing/gui_csrf.go
@@ -25,6 +25,7 @@ func csrfMiddleware(w http.ResponseWriter, r *http.Request) {
 	if validAPIKey(r.Header.Get("X-API-Key")) {
 		return
 	}
+
 	if strings.HasPrefix(r.URL.Path, "/rest/") {
 		token := r.Header.Get("X-CSRF-Token")
 		if !validCsrfToken(token) {