the-tempus-project/thetempusproject
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

token support, api fixes and security, dark mode

Browse Source
This commit is contained in:
Joey Kimsey
2024-12-07 01:58:27 -05:00
parent b93d0259e4
commit 485d85cb0a
26 changed files with 934 additions and 85 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
app/classes/api_controller.php
View File

@ -16,11 +16,19 @@ use TheTempusProject\Houdini\Classes\Template;
use TheTempusProject\TheTempusProject as App;
use TheTempusProject\Hermes\Functions\Redirect;
use TheTempusProject\Bedrock\Functions\Session;
use TheTempusProject\Bedrock\Classes\Config;
use TheTempusProject\Models\Token;
class ApiController extends Controller {
public function __construct() {
protected static $canAccessApplicationApi = false;
protected static $canAccessUserApi = false;
protected static $canAccessAuthenticationApi = false;
protected static $authToken;
public function __construct( $secure = true ) {
parent::__construct();
if ( ! App::verifyApiRequest() ) {
$this->verifyApiRequest();
if ( $secure && ! $this->canUseApi() ) {
Session::flash( 'error', 'You do not have permission to view this page.' );
return Redirect::home();
}
@ -29,4 +37,100 @@ class ApiController extends Controller {
Template::addHeader( 'Content-Type: application/json; charset=utf-8' );
Template::setTemplate( 'api' );
}
protected function canUseApi() {
return ( $this->canUseUserApi() || $this->canUseAppApi() || $this->canUseAuthApi() );
}
protected function canUseUserApi() {
$apiEnabled = Config::getValue( 'api/apiAccessApp' );
if ( empty( $apiEnabled ) ) {
return false;
}
return self::$canAccessUserApi;
}
protected function canUseAppApi() {
$apiEnabled = Config::getValue( 'api/apiAccessPersonal' );
if ( empty( $apiEnabled ) ) {
return false;
}
return self::$canAccessApplicationApi;
}
protected function canUseAuthApi() {
return self::$canAccessAuthenticationApi;
}
public function verifyApiRequest() {
$tokens = new Token;
$secret = null;
$bearer_token = $this->getBearerToken();
if ( ! empty( $bearer_token ) ) {
$token = $tokens->findByToken( $bearer_token );
} else {
$secret = $this->getSecretToken();
if ( empty( $secret ) ) {
return;
}
$token = $tokens->findBySecret( $secret );
}
if ( empty( $token ) ) {
return;
}
self::$authToken = $token;
if ( $token->expiresAt <= time() && empty( $secret ) ) {
return;
}
if ( $token->expiresAt <= time() ) {
self::$canAccessAuthenticationApi = true;
return;
}
if ( $token->token_type == 'app' ) {
self::$canAccessApplicationApi = true;
return;
}
if ( $token->token_type == 'user' ) {
self::$canAccessUserApi = true;
return;
}
return $result;
}
public function getSecretToken() {
$headers = $this->getAuthorizationHeader();
if ( ! empty( $headers ) ) {
if ( preg_match( '/Secret\s(\S+)/', $headers, $matches ) ) {
return $matches[1];
}
}
return null;
}
public function getBearerToken() {
$headers = $this->getAuthorizationHeader();
if ( ! empty( $headers ) ) {
if ( preg_match( '/Bearer\s(\S+)/', $headers, $matches ) ) {
return $matches[1];
}
}
return null;
}
public function getAuthorizationHeader(){
$headers = null;
if ( isset( $_SERVER['Authorization'] ) ) {
$headers = trim( $_SERVER["Authorization"] );
} elseif ( isset( $_SERVER['HTTP_AUTHORIZATION'] ) ) {
$headers = trim( $_SERVER["HTTP_AUTHORIZATION"] );
} elseif ( function_exists( 'apache_request_headers' ) ) {
$requestHeaders = apache_request_headers();
$requestHeaders = array_combine(array_map('ucwords', array_keys($requestHeaders)), array_values($requestHeaders));
if ( isset( $requestHeaders['Authorization'] ) ) {
$headers = trim( $requestHeaders['Authorization'] );
}
}
return $headers;
}
}