wip from ATB

2025-01-04 17:21:14 -05:00
parent 87e4f90bab
commit 32a9711ade
60 changed files with 556 additions and 342 deletions
--- a/app/classes/api_controller.php
+++ b/app/classes/api_controller.php
@ -18,6 +18,8 @@ use TheTempusProject\Hermes\Functions\Redirect;
 use TheTempusProject\Bedrock\Functions\Session;
 use TheTempusProject\Bedrock\Classes\Config;
 use TheTempusProject\Models\Token;
+use TheTempusProject\Canary\Bin\Canary as Debug;
+use TheTempusProject\Houdini\Classes\Views;

 class ApiController extends Controller {
    protected static $canAccessApplicationApi = false;
@ -26,16 +28,15 @@ class ApiController extends Controller {
    protected static $authToken;

    public function __construct( $secure = true ) {
+        header('Content-Type: application/json; charset=utf-8');
        parent::__construct();
-        $this->verifyApiRequest();
-        if ( $secure && ! $this->canUseApi() ) {
-            Session::flash( 'error', 'You do not have permission to view this page.' );
-            return Redirect::home();
-        }
+        Template::setTemplate( 'api' );
        Template::noFollow();
        Template::noIndex();
-        Template::addHeader( 'Content-Type: application/json; charset=utf-8' );
-        Template::setTemplate( 'api' );
+        $res = $this->verifyApiRequest();
+        if ( $secure && ! $this->canUseApi() ) {
+            exit( $res );
+        }
    }

    protected function canUseApi() {
@ -72,16 +73,16 @@ class ApiController extends Controller {
        } else {
            $secret = $this->getSecretToken();
            if ( empty( $secret ) ) {
-                return;
+                return Views::simpleView( 'api.response', ['response' => json_encode( [ 'error' => 'invalid secret' ], true )]);
            }
            $token = $tokens->findBySecret( $secret );
        }
        if ( empty( $token ) ) {
-            return;
+            return Views::simpleView( 'api.response', ['response' => json_encode( [ 'error' => 'invalid token' ], true )]);
        }
        self::$authToken = $token;
        if ( $token->expiresAt <= time() && empty( $secret ) ) {
-            return;
+            return Views::simpleView( 'api.response', ['response' => json_encode( [ 'error' => 'token expired' ], true )]);
        }
        if ( $token->expiresAt <= time() ) {
            self::$canAccessAuthenticationApi = true;