token support, api fixes and security, dark mode
This commit is contained in:
@ -16,11 +16,19 @@ use TheTempusProject\Houdini\Classes\Template;
|
||||
use TheTempusProject\TheTempusProject as App;
|
||||
use TheTempusProject\Hermes\Functions\Redirect;
|
||||
use TheTempusProject\Bedrock\Functions\Session;
|
||||
use TheTempusProject\Bedrock\Classes\Config;
|
||||
use TheTempusProject\Models\Token;
|
||||
|
||||
class ApiController extends Controller {
|
||||
public function __construct() {
|
||||
protected static $canAccessApplicationApi = false;
|
||||
protected static $canAccessUserApi = false;
|
||||
protected static $canAccessAuthenticationApi = false;
|
||||
protected static $authToken;
|
||||
|
||||
public function __construct( $secure = true ) {
|
||||
parent::__construct();
|
||||
if ( ! App::verifyApiRequest() ) {
|
||||
$this->verifyApiRequest();
|
||||
if ( $secure && ! $this->canUseApi() ) {
|
||||
Session::flash( 'error', 'You do not have permission to view this page.' );
|
||||
return Redirect::home();
|
||||
}
|
||||
@ -29,4 +37,100 @@ class ApiController extends Controller {
|
||||
Template::addHeader( 'Content-Type: application/json; charset=utf-8' );
|
||||
Template::setTemplate( 'api' );
|
||||
}
|
||||
|
||||
protected function canUseApi() {
|
||||
return ( $this->canUseUserApi() || $this->canUseAppApi() || $this->canUseAuthApi() );
|
||||
}
|
||||
|
||||
protected function canUseUserApi() {
|
||||
$apiEnabled = Config::getValue( 'api/apiAccessApp' );
|
||||
if ( empty( $apiEnabled ) ) {
|
||||
return false;
|
||||
}
|
||||
return self::$canAccessUserApi;
|
||||
}
|
||||
|
||||
protected function canUseAppApi() {
|
||||
$apiEnabled = Config::getValue( 'api/apiAccessPersonal' );
|
||||
if ( empty( $apiEnabled ) ) {
|
||||
return false;
|
||||
}
|
||||
return self::$canAccessApplicationApi;
|
||||
}
|
||||
|
||||
protected function canUseAuthApi() {
|
||||
return self::$canAccessAuthenticationApi;
|
||||
}
|
||||
|
||||
public function verifyApiRequest() {
|
||||
$tokens = new Token;
|
||||
$secret = null;
|
||||
|
||||
$bearer_token = $this->getBearerToken();
|
||||
if ( ! empty( $bearer_token ) ) {
|
||||
$token = $tokens->findByToken( $bearer_token );
|
||||
} else {
|
||||
$secret = $this->getSecretToken();
|
||||
if ( empty( $secret ) ) {
|
||||
return;
|
||||
}
|
||||
$token = $tokens->findBySecret( $secret );
|
||||
}
|
||||
if ( empty( $token ) ) {
|
||||
return;
|
||||
}
|
||||
self::$authToken = $token;
|
||||
if ( $token->expiresAt <= time() && empty( $secret ) ) {
|
||||
return;
|
||||
}
|
||||
if ( $token->expiresAt <= time() ) {
|
||||
self::$canAccessAuthenticationApi = true;
|
||||
return;
|
||||
}
|
||||
if ( $token->token_type == 'app' ) {
|
||||
self::$canAccessApplicationApi = true;
|
||||
return;
|
||||
}
|
||||
if ( $token->token_type == 'user' ) {
|
||||
self::$canAccessUserApi = true;
|
||||
return;
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
public function getSecretToken() {
|
||||
$headers = $this->getAuthorizationHeader();
|
||||
if ( ! empty( $headers ) ) {
|
||||
if ( preg_match( '/Secret\s(\S+)/', $headers, $matches ) ) {
|
||||
return $matches[1];
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public function getBearerToken() {
|
||||
$headers = $this->getAuthorizationHeader();
|
||||
if ( ! empty( $headers ) ) {
|
||||
if ( preg_match( '/Bearer\s(\S+)/', $headers, $matches ) ) {
|
||||
return $matches[1];
|
||||
}
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
public function getAuthorizationHeader(){
|
||||
$headers = null;
|
||||
if ( isset( $_SERVER['Authorization'] ) ) {
|
||||
$headers = trim( $_SERVER["Authorization"] );
|
||||
} elseif ( isset( $_SERVER['HTTP_AUTHORIZATION'] ) ) {
|
||||
$headers = trim( $_SERVER["HTTP_AUTHORIZATION"] );
|
||||
} elseif ( function_exists( 'apache_request_headers' ) ) {
|
||||
$requestHeaders = apache_request_headers();
|
||||
$requestHeaders = array_combine(array_map('ucwords', array_keys($requestHeaders)), array_values($requestHeaders));
|
||||
if ( isset( $requestHeaders['Authorization'] ) ) {
|
||||
$headers = trim( $requestHeaders['Authorization'] );
|
||||
}
|
||||
}
|
||||
return $headers;
|
||||
}
|
||||
}
|
||||
|
@ -112,6 +112,8 @@ class Forms extends Check {
|
||||
self::addHandler( 'newGroup', __CLASS__, 'newGroup' );
|
||||
self::addHandler( 'editGroup', __CLASS__, 'editGroup' );
|
||||
self::addHandler( 'install', __CLASS__, 'install' );
|
||||
self::addHandler( 'adminCreateToken', __CLASS__, 'adminCreateToken' );
|
||||
self::addHandler( 'apiLogin', __CLASS__, 'apiLogin' );
|
||||
self::addHandler( 'installStart', __CLASS__, 'install', [ 'start' ] );
|
||||
self::addHandler( 'installAgreement', __CLASS__, 'install', [ 'agreement' ] );
|
||||
self::addHandler( 'installCheck', __CLASS__, 'install', [ 'check' ] );
|
||||
@ -608,4 +610,40 @@ class Forms extends Check {
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public static function adminCreateToken() {
|
||||
if ( !Input::exists( 'name' ) ) {
|
||||
self::addUserError( 'You must specify a name' );
|
||||
return false;
|
||||
}
|
||||
if ( !Input::exists( 'token_type' ) ) {
|
||||
self::addUserError( 'You must specify a token_type' );
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public static function adminEditToken() {
|
||||
if ( !Input::exists( 'name' ) ) {
|
||||
self::addUserError( 'You must specify a name' );
|
||||
return false;
|
||||
}
|
||||
if ( !Input::exists( 'token_type' ) ) {
|
||||
self::addUserError( 'You must specify a token_type' );
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
public static function apiLogin() {
|
||||
if ( !self::checkUsername( Input::post( 'username' ) ) ) {
|
||||
self::addUserError( 'Invalid username.' );
|
||||
return false;
|
||||
}
|
||||
if ( !self::password( Input::post( 'password' ) ) ) {
|
||||
self::addUserError( 'Invalid password.' );
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
Reference in New Issue
Block a user