Enable authentication/authorization checks

The code to authenticate and authorize incoming requests (including via OAuth) has been in the system. This CL actually turns it on, since we are satisfied from logging information that it is not unjustly denying access. Auth settings are also updated on a few commands missed earlier. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=152381820
2025-05-13 16:07:15 +02:00 · 2017-04-06 07:59:15 -07:00 · 2017-04-06 07:59:15 -07:00 · 5127aeafb5
commit 5127aeafb5
parent bd696b4b92
7 changed files with 40 additions and 42 deletions
--- a/java/google/registry/tools/server/KillAllEppResourcesAction.java
+++ b/java/google/registry/tools/server/KillAllEppResourcesAction.java
@ -35,7 +35,14 @@ import google.registry.request.Action;
 import google.registry.request.Response;
 import javax.inject.Inject;

-/** Deletes all {@link EppResource} objects in Datastore, including indices and descendants. */
+/**
+ * Deletes all {@link EppResource} objects in Datastore, including indices and descendants.
+ *
+ * <p>Because there are no auth settings in the {@link Action} annotation, this command can only be
+ * run internally, or by pretending to be internal by setting the X-AppEngine-QueueName header,
+ * which only admin users can do. That makes this command hard to use, which is appropriate, given
+ * the drastic consequences of accidental execution.
+ */
@Action(path = "/_dr/task/killAllEppResources", method = POST)
 public class KillAllEppResourcesAction implements Runnable {