New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
REST: add runtime info to root resource response #1570
Conversation
This adds basic information about the runtime in the response to the root `/rest` API resource, mostly for display purposes by UIs: the version, build string and the location of the configuration and user data folders. Signed-off-by: Yannick Schaus <github@schaus.net>
Seeing the config folder names now in the root of the rest api, which is unsecured, I somehow feel it isn't really a good idea - it exposes internals that the user might not want to expose this way. |
Yes I mentioned before this could be considered sensible information, finally decided it was relatively fine (if someone can use this maliciously, they have access to your filesystem and you probably have bigger problems), the intent in having it displayed is only to help users locate their configuration/userdata folders if they have e.g. a package installation and wonder where they are, so it's not that important. |
Shouldn't the UUID be part of this, too? |
Uses info from openhab/openhab-core#1570 if available. Signed-off-by: Yannick Schaus <github@schaus.net>
Makes sense. |
Correct. The uuid support is done as a separate bundle in the core framework on purpose as there might be consumers that do not want to include it. We hence cannot and should not include it in the root resource. |
I personally would tend to remove it, but I might be simply too cautious here. |
* Add version & system info to about page. Uses info from openhab/openhab-core#1570 if available. Signed-off-by: Yannick Schaus <github@schaus.net>
Perhaps the info can be moved to a secured resource? That should prevent user/real names leaking to unauthorized users when OH is ran from a homedir. The OH version number in the response also makes it easier to attack using known vulnerabilities. But the version can probably also be derived from look/feel, REST resources, OpenAPI spec, Jetty HTTP headers. |
A secured resource sounds good - for the admin, this is useful information and he is anyhow the only one that should require it. |
In that case, this resource could contain some more information for the admin:
|
I vote for protecting the endpoint. We should not expose sensitive information. |
Ok, I have created #1608, which introduces a new /systeminfo url, which is only accessible for admins. Wrt other system and openHAB metrics, I left this out of scope for now as I think this will be much more complex and we already have #774 for it. |
Great, created openhab/openhab-webui#313 to display them, what do you think about those, maybe they would have been interesting to have too?
Also would it be a good idea to add some information from the i18n provider to the unsecured |
Thanks for the Web UI update. I'm fine with adding this info as well. It would also be nice if the UI one day can use this info (incl. installed add-ons) to generate a copy/pastable overview that users can use when creating issues/forum posts. :-) |
Thanks, I added those to the About page.
Done that as well. I list the installed bindings (not the other types) from |
This adds basic information about the runtime in the response to the root `/rest` API resource, mostly for display purposes by UIs: the version, build string and the location of the configuration and user data folders. Signed-off-by: Yannick Schaus <github@schaus.net> GitOrigin-RevId: 0d635ce
This adds basic information about the runtime in the response
to the root
/rest
API resource, mostly for display purposesby UIs: the version, build string and the location of the
configuration and user data folders.
Signed-off-by: Yannick Schaus github@schaus.net