Affected by GO-2022-0342
and 27 other vulnerabilities
GO-2022-0342 : Grafana XSS in Dashboard Text Panel in github.com/grafana/grafana
GO-2022-0707 : Grafana Authentication Bypass in github.com/grafana/grafana
GO-2024-2483 : Grafana XSS via adding a link in General feature in github.com/grafana/grafana
GO-2024-2510 : Grafana Cross-site Scripting (XSS) in github.com/grafana/grafana
GO-2024-2513 : Grafana information disclosure in github.com/grafana/grafana
GO-2024-2515 : Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana
GO-2024-2516 : Grafana XSS via a column style in github.com/grafana/grafana
GO-2024-2517 : Grafana XSS in header column rename in github.com/grafana/grafana
GO-2024-2519 : Grafana world readable configuration files in github.com/grafana/grafana
GO-2024-2520 : Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana
GO-2024-2523 : Grafana stored XSS in github.com/grafana/grafana
GO-2024-2629 : Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana
GO-2024-2661 : Arbitrary file read in github.com/grafana/grafana
GO-2024-2697 : Grafana: Users outside an organization can delete a snapshot with its key in github.com/grafana/grafana
GO-2024-2843 : Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana
GO-2024-2844 : Grafana User enumeration via forget password in github.com/grafana/grafana
GO-2024-2847 : Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana
GO-2024-2848 : Grafana when using email as a username can block other users from signing in in github.com/grafana/grafana
GO-2024-2851 : Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins in github.com/grafana/grafana
GO-2024-2852 : Grafana account takeover via OAuth vulnerability in github.com/grafana/grafana
GO-2024-2854 : Grafana folders admin only permission privilege escalation in github.com/grafana/grafana
GO-2024-2855 : Grafana Plugin signature bypass in github.com/grafana/grafana
GO-2024-2856 : Grafana Race condition allowing privilege escalation in github.com/grafana/grafana
GO-2024-2857 : Grafana Stored Cross-site Scripting in Unified Alerting in github.com/grafana/grafana
GO-2024-2867 : Grafana Spoofing originalUrl of snapshots in github.com/grafana/grafana
GO-2024-3079 : Grafana plugin data sources vulnerable to access control bypass in github.com/grafana/grafana
GO-2024-3215 : Grafana Command Injection And Local File Inclusion Via Sql Expressions in github.com/grafana/grafana
GO-2024-3240 : Grafana org admin can delete pending invites in different org in github.com/grafana/grafana
Discover Packages
github.com/grafana/grafana
pkg
services
apikey
package
Version:
v0.0.0-kmdagger1
Opens a new window with list of versions in this module.
Published: Jun 8, 2023
License: AGPL-3.0
Opens a new window with license information.
Imports: 6
Opens a new window with list of imports.
Imported by: 0
Opens a new window with list of known importers.
Documentation
Documentation
¶
View Source
var (
ErrNotFound = errors .New ("API key not found")
ErrInvalid = errors .New ("invalid API key")
ErrInvalidExpiration = errors .New ("negative value for SecondsToLive")
ErrDuplicate = errors .New ("API key, organization ID and name must be unique")
)
type APIKey struct {
ID int64 `db:"id" xorm:"pk autoincr 'id'"`
OrgID int64 `db:"org_id" xorm:"org_id"`
Name string `db:"name"`
Key string `db:"key"`
Role org .RoleType `db:"role"`
Created time .Time `db:"created"`
Updated time .Time `db:"updated"`
LastUsedAt *time .Time `xorm:"last_used_at" db:"last_used_at"`
Expires *int64 `db:"expires"`
ServiceAccountId *int64 `db:"service_account_id"`
IsRevoked *bool `xorm:"is_revoked" db:"is_revoked"`
}
type AddCommand struct {
Name string `json:"name" binding:"Required"`
Role org .RoleType `json:"role" binding:"Required"`
OrgID int64 `json:"-" xorm:"org_id"`
Key string `json:"-"`
SecondsToLive int64 `json:"secondsToLive"`
ServiceAccountID *int64 `json:"-"`
}
swagger:model
type DeleteCommand struct {
ID int64 `json:"id"`
OrgID int64 `json:"-"`
}
type GetByIDQuery struct {
ApiKeyID int64
}
type GetByNameQuery struct {
KeyName string
OrgID int64
}
type Service interface {
GetAPIKeys(ctx context .Context , query *GetApiKeysQuery ) (res []*APIKey , err error )
GetAllAPIKeys(ctx context .Context , orgID int64 ) ([]*APIKey , error )
DeleteApiKey(ctx context .Context , cmd *DeleteCommand ) error
AddAPIKey(ctx context .Context , cmd *AddCommand ) (res *APIKey , err error )
GetApiKeyById(ctx context .Context , query *GetByIDQuery ) (res *APIKey , err error )
GetApiKeyByName(ctx context .Context , query *GetByNameQuery ) (res *APIKey , err error )
GetAPIKeyByHash(ctx context .Context , hash string ) (*APIKey , error )
UpdateAPIKeyLastUsedDate(ctx context .Context , tokenID int64 ) error
IsDisabled(ctx context .Context , orgID int64 ) (bool , error )
}
Source Files
¶
Directories
¶
Click to show internal directories.
Click to hide internal directories.