web-base/core/Api/ApiKeyAPI.class.php

172 lines
4.7 KiB
PHP
Raw Normal View History

2020-06-20 20:13:51 +02:00
<?php
namespace Api {
use Driver\SQL\Condition\Compare;
2020-07-01 21:10:25 +02:00
abstract class ApiKeyAPI extends Request {
2020-06-20 20:13:51 +02:00
2021-11-11 14:25:26 +01:00
protected function apiKeyExists($id): bool {
2020-06-20 20:13:51 +02:00
$sql = $this->user->getSQL();
$res = $sql->select($sql->count())
->from("ApiKey")
->where(new Compare("uid", $id))
->where(new Compare("user_id", $this->user->getId()))
->where(new Compare("valid_until", $sql->currentTimestamp(), ">"))
->where(new Compare("active", 1))
->execute();
$this->success = ($res !== FALSE);
$this->lastError = $sql->getLastError();
if($this->success && $res[0]["count"] === 0) {
return $this->createError("This API-Key does not exist.");
}
return $this->success;
}
}
}
namespace Api\ApiKey {
use Api\ApiKeyAPI;
use Api\Parameter\Parameter;
2022-02-20 16:53:26 +01:00
use Api\Request;
2020-06-20 20:13:51 +02:00
use DateTime;
use Driver\SQL\Condition\Compare;
use Exception;
class Create extends ApiKeyAPI {
public function __construct($user, $externalCall = false) {
parent::__construct($user, $externalCall, array());
$this->apiKeyAllowed = false;
$this->loginRequired = true;
}
2022-02-21 13:01:03 +01:00
public function _execute(): bool {
2020-06-20 20:13:51 +02:00
$apiKey = generateRandomString(64);
$sql = $this->user->getSQL();
$validUntil = (new \DateTime())->modify("+30 DAY");
$this->success = $sql->insert("ApiKey", array("user_id", "api_key", "valid_until"))
->addRow($this->user->getId(), $apiKey, $validUntil)
->returning("uid")
->execute();
$this->lastError = $sql->getLastError();
if ($this->success) {
$this->result["api_key"] = array(
"api_key" => $apiKey,
2022-02-20 16:53:26 +01:00
"valid_until" => $validUntil->format("Y-m-d H:i:s"),
2020-06-20 20:13:51 +02:00
"uid" => $sql->getLastInsertId(),
);
}
2022-02-20 16:53:26 +01:00
2020-06-20 20:13:51 +02:00
return $this->success;
}
}
class Fetch extends ApiKeyAPI {
public function __construct($user, $externalCall = false) {
2022-02-20 16:53:26 +01:00
parent::__construct($user, $externalCall, array(
"showActiveOnly" => new Parameter("showActiveOnly", Parameter::TYPE_BOOLEAN, true, true)
));
2020-06-20 20:13:51 +02:00
$this->loginRequired = true;
}
2022-02-21 13:01:03 +01:00
public function _execute(): bool {
2020-06-20 20:13:51 +02:00
$sql = $this->user->getSQL();
2022-02-20 16:53:26 +01:00
$query = $sql->select("uid", "api_key", "valid_until", "active")
2020-06-20 20:13:51 +02:00
->from("ApiKey")
2022-02-20 16:53:26 +01:00
->where(new Compare("user_id", $this->user->getId()));
if ($this->getParam("showActiveOnly")) {
$query->where(new Compare("valid_until", $sql->currentTimestamp(), ">"))
->where(new Compare("active", true));
}
$res = $query->execute();
2020-06-20 20:13:51 +02:00
$this->success = ($res !== FALSE);
$this->lastError = $sql->getLastError();
if($this->success) {
$this->result["api_keys"] = array();
foreach($res as $row) {
2022-02-20 16:53:26 +01:00
$apiKeyId = intval($row["uid"]);
$this->result["api_keys"][$apiKeyId] = array(
"id" => $apiKeyId,
2020-06-20 20:13:51 +02:00
"api_key" => $row["api_key"],
2022-02-20 16:53:26 +01:00
"valid_until" => $row["valid_until"],
"revoked" => !$sql->parseBool($row["active"])
2020-06-20 20:13:51 +02:00
);
}
}
return $this->success;
}
}
class Refresh extends ApiKeyAPI {
public function __construct($user, $externalCall = false) {
parent::__construct($user, $externalCall, array(
"id" => new Parameter("id", Parameter::TYPE_INT),
));
$this->loginRequired = true;
}
2022-02-21 13:01:03 +01:00
public function _execute(): bool {
2020-06-20 20:13:51 +02:00
$id = $this->getParam("id");
if(!$this->apiKeyExists($id))
return false;
$validUntil = (new \DateTime)->modify("+30 DAY");
$sql = $this->user->getSQL();
$this->success = $sql->update("ApiKey")
->set("valid_until", $validUntil)
->where(new Compare("uid", $id))
->where(new Compare("user_id", $this->user->getId()))
->execute();
$this->lastError = $sql->getLastError();
if ($this->success) {
2022-02-20 16:53:26 +01:00
$this->result["valid_until"] = $validUntil;
2020-06-20 20:13:51 +02:00
}
return $this->success;
}
}
class Revoke extends ApiKeyAPI {
public function __construct($user, $externalCall = false) {
parent::__construct($user, $externalCall, array(
"id" => new Parameter("id", Parameter::TYPE_INT),
));
$this->loginRequired = true;
}
2022-02-21 13:01:03 +01:00
public function _execute(): bool {
2020-06-20 20:13:51 +02:00
$id = $this->getParam("id");
2022-02-20 16:53:26 +01:00
if (!$this->apiKeyExists($id))
2020-06-20 20:13:51 +02:00
return false;
$sql = $this->user->getSQL();
$this->success = $sql->update("ApiKey")
->set("active", false)
->where(new Compare("uid", $id))
->where(new Compare("user_id", $this->user->getId()))
->execute();
$this->lastError = $sql->getLastError();
return $this->success;
}
}
}