Fix STGUIAPIKEY and STGUIADDR overrides (fixes #2335)

Also removes STGUIAUTH and corresponding --gui-authentication as this seems fundamentally insecure and I'm unsure of the actual use case for it?
2015-09-30 09:32:17 +02:00
parent 6f6c1cd330
commit 15716a0772
3 changed files with 73 additions and 105 deletions
--- a/cmd/syncthing/gui.go
+++ b/cmd/syncthing/gui.go
@@ -85,6 +85,11 @@ func newAPISvc(id protocol.DeviceID, cfg *config.Wrapper, assetDir string, m *mo
 }

 func (s *apiSvc) getListener(cfg config.GUIConfiguration) (net.Listener, error) {
+	if guiAddress != "" {
+		// Override from the environment
+		cfg.Address = guiAddress
+	}
+
 	cert, err := tls.LoadX509KeyPair(locations[locHTTPSCertFile], locations[locHTTPSKeyFile])
 	if err != nil {
 		l.Infoln("Loading HTTPS certificate:", err)
@@ -196,6 +201,10 @@ func (s *apiSvc) Serve() {
 	})

 	guiCfg := s.cfg.GUI()
+	if guiAPIKey != "" {
+		// Override from the environment
+		guiCfg.APIKey = guiAPIKey
+	}

 	// Wrap everything in CSRF protection. The /rest prefix should be
 	// protected, other requests will grant cookies.