Fixes + ApiKeys
This commit is contained in:
parent
1853756db4
commit
6f8b3f93e9
@ -3,3 +3,4 @@ Options -Indexes
|
||||
|
||||
RewriteEngine On
|
||||
RewriteRule ^api/(.*)?$ index.php?api=$1&$2 [L,QSA]
|
||||
RewriteRule ^(?!((js|css|img|fonts|api)($|\/)))(.*)?$ index.php?site=$1&$2 [L,QSA]
|
||||
|
31
core/Api/CreateApiKey.class.php
Normal file
31
core/Api/CreateApiKey.class.php
Normal file
@ -0,0 +1,31 @@
|
||||
<?php
|
||||
|
||||
namespace Api;
|
||||
|
||||
class CreateApiKey extends Request {
|
||||
|
||||
public function __construct($user, $externCall = false) {
|
||||
parent::__construct($user, $externCall, array());
|
||||
$this->apiKeyAllowed = false;
|
||||
$this->loginRequired = true;
|
||||
}
|
||||
|
||||
public function execute($values = array()) {
|
||||
|
||||
if(!parent::execute($values)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$apiKey = generateRandomString(64);
|
||||
$query = "INSERT INTO ApiKey (uidUser, api_key, valid_until) VALUES (?,?,(SELECT DATE_ADD(now(), INTERVAL 30 DAY)))";
|
||||
$request = new ExecuteStatement($this->user);
|
||||
$this->success = $request->execute(array("query" => $query, $this->user->getId(), $apiKey));
|
||||
$this->lastError = $request->getLastError();
|
||||
$this->result["api_key"] = $apiKey;
|
||||
$this->result["valid_until"] = "TODO";
|
||||
$this->result["uid"] = $this->user->getSQL()->getLastInsertId();
|
||||
return $this->success;
|
||||
}
|
||||
};
|
||||
|
||||
?>
|
82
core/Api/External/RequestData.class.php
vendored
Normal file
82
core/Api/External/RequestData.class.php
vendored
Normal file
@ -0,0 +1,82 @@
|
||||
<?php
|
||||
|
||||
namespace Api\External;
|
||||
use \Api\Parameter\Parameter;
|
||||
use \Api\Parameter\StringType;
|
||||
|
||||
class RequestData extends \Api\Request {
|
||||
|
||||
public function __construct($user, $externCall = false) {
|
||||
parent::__construct($user, $externCall, array(
|
||||
"url" => new StringType("url", 256)
|
||||
));
|
||||
$this->isPublic = false;
|
||||
}
|
||||
|
||||
private function requestURL() {
|
||||
$url = $this->getParam("url");
|
||||
|
||||
$ckfile = tempnam("/tmp", 'cookiename');
|
||||
$ch = curl_init();
|
||||
curl_setopt($ch, CURLOPT_URL, $url);
|
||||
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
||||
// curl_setopt($ch, CURLOPT_HEADER, 1);
|
||||
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
|
||||
curl_setopt($ch, CURLOPT_COOKIESESSION, true);
|
||||
curl_setopt($ch, CURLOPT_COOKIEJAR, $ckfile);
|
||||
curl_setopt($ch, CURLOPT_COOKIEFILE, $ckfile);
|
||||
$data = curl_exec($ch);
|
||||
$statusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
||||
|
||||
$success = false;
|
||||
if(curl_errno($ch)) {
|
||||
$this->lastError = curl_error($ch);
|
||||
} else if($statusCode != 200) {
|
||||
$this->lastError = "External Site returned status code: " . $statusCode;
|
||||
} else {
|
||||
$this->result["data"] = $data;
|
||||
$this->result["cached"] = false;
|
||||
$success = true;
|
||||
}
|
||||
|
||||
unlink($ckfile);
|
||||
curl_close ($ch);
|
||||
return $success;
|
||||
}
|
||||
|
||||
public function execute($values = array()) {
|
||||
if(!parent::execute($values)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$url = $this->getParam("url");
|
||||
$expires = $this->getParam("expires");
|
||||
|
||||
$query = "SELECT data, expires FROM ExternalSiteCache WHERE url=?";
|
||||
$req = new \Api\ExecuteSelect($this->user);
|
||||
$this->success = $req->execute(array("query" => $query, $url));
|
||||
$this->lastError = $req->getLastError();
|
||||
|
||||
if($this->success) {
|
||||
$mustRevalidate = true;
|
||||
|
||||
if(!empty($req->getResult()['rows'])) {
|
||||
$row = $req->getResult()['rows'][0];
|
||||
if($row["expires"] == null || !isinPast($row["expires"])) {
|
||||
$mustRevalidate = false;
|
||||
$this->result["data"] = $row["data"];
|
||||
$this->result["expires"] = $row["expires"];
|
||||
$this->result["cached"] = true;
|
||||
}
|
||||
}
|
||||
|
||||
if($mustRevalidate) {
|
||||
$this->success = $this->requestURL();
|
||||
}
|
||||
}
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
};
|
||||
|
||||
?>
|
44
core/Api/External/WriteData.class.php
vendored
Normal file
44
core/Api/External/WriteData.class.php
vendored
Normal file
@ -0,0 +1,44 @@
|
||||
<?php
|
||||
|
||||
namespace Api\External;
|
||||
use Api\Parameter\Parameter;
|
||||
use Api\Parameter\StringType;
|
||||
|
||||
class WriteData extends \Api\Request {
|
||||
|
||||
public function __construct($user, $externCall = false) {
|
||||
parent::__construct($user, $externCall, array(
|
||||
"url" => new StringType("url", 256),
|
||||
"data" => new StringType("data", -1),
|
||||
"expires" => new Parameter("expires", Parameter::TYPE_INT, false, 0),
|
||||
));
|
||||
$this->isPublic = false;
|
||||
}
|
||||
|
||||
public function execute($values = array()) {
|
||||
if(!parent::execute($values)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$url = $this->getParam("url");
|
||||
$data = $this->getParam("data");
|
||||
$expires = $this->getParam("expires");
|
||||
|
||||
if($expires > 0) {
|
||||
$expires = getDateTime(new \DateTime("+${expires} seconds"));
|
||||
} else {
|
||||
$expires = null;
|
||||
}
|
||||
|
||||
$query = "INSERT INTO ExternalSiteCache (url, data, expires) VALUES(?,?,?)
|
||||
ON DUPLICATE KEY UPDATE data=?, expires=?";
|
||||
|
||||
$request = new \Api\ExecuteStatement($this->user);
|
||||
$this->success = $request->execute(array("query" => $query, $url, $data, $expires, $data, $expires));
|
||||
$this->lastError = $request->getLastError();
|
||||
|
||||
return $this->lastError;
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
33
core/Api/GetApiKeys.class.php
Normal file
33
core/Api/GetApiKeys.class.php
Normal file
@ -0,0 +1,33 @@
|
||||
<?php
|
||||
|
||||
namespace Api;
|
||||
|
||||
class GetApiKeys extends Request {
|
||||
|
||||
public function __construct($user, $externCall = false) {
|
||||
parent::__construct($user, $externCall, array());
|
||||
$this->loginRequired = true;
|
||||
}
|
||||
|
||||
public function execute($values = array()) {
|
||||
if(!parent::execute($values)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$query = "SELECT ApiKey.uid, ApiKey.api_key, ApiKey.valid_until
|
||||
FROM ApiKey
|
||||
WHERE ApiKey.uidUser = ?
|
||||
AND ApiKey.valid_until > now()";
|
||||
$request = new ExecuteSelect($this->user);
|
||||
$this->success = $request->execute(array("query" => $query, $this->user->getId()));
|
||||
$this->lastError = $request->getLastError();
|
||||
|
||||
if($this->success) {
|
||||
$this->result["api_keys"] = $request->getResult()['rows'];
|
||||
}
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
};
|
||||
|
||||
?>
|
48
core/Api/RefreshApiKey.class.php
Normal file
48
core/Api/RefreshApiKey.class.php
Normal file
@ -0,0 +1,48 @@
|
||||
<?php
|
||||
|
||||
namespace Api;
|
||||
use \Api\Parameter\Parameter;
|
||||
|
||||
class RefreshApiKey extends Request {
|
||||
|
||||
public function __construct($user, $externCall = false) {
|
||||
parent::__construct($user, $externCall, array(
|
||||
"id" => new Parameter("id", Parameter::TYPE_INT),
|
||||
));
|
||||
$this->loginRequired = true;
|
||||
}
|
||||
|
||||
private function apiKeyExists() {
|
||||
$id = $this->getParam("id");
|
||||
$query = "SELECT * FROM ApiKey WHERE uid = ? AND uidUser = ? AND valid_until > now()";
|
||||
$request = new ExecuteSelect($this->user);
|
||||
$this->success = $request->execute(array("query" => $query, $id, $this->user->getId()));
|
||||
$this->lastError = $request->getLastError();
|
||||
|
||||
if($this->success && count($request->getResult()['rows']) == 0) {
|
||||
$this->success = false;
|
||||
$this->lastError = "This API-Key does not exist.";
|
||||
}
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public function execute($values = array()) {
|
||||
if(!parent::execute($values)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$id = $this->getParam("id");
|
||||
if(!$this->apiKeyExists())
|
||||
return false;
|
||||
|
||||
$query = "UPDATE ApiKey SET valid_until = (SELECT DATE_ADD(now(), INTERVAL 30 DAY)) WHERE uid = ? AND uidUser = ? AND valid_until > now()";
|
||||
$request = new ExecuteStatement($this->user);
|
||||
$this->success = $request->execute(array("query" => $query, $id, $this->user->getId()));
|
||||
$this->lastError = $request->getLastError();
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
};
|
||||
|
||||
?>
|
48
core/Api/RevokeApiKey.class.php
Normal file
48
core/Api/RevokeApiKey.class.php
Normal file
@ -0,0 +1,48 @@
|
||||
<?php
|
||||
|
||||
namespace Api;
|
||||
use \Api\Parameter\Parameter;
|
||||
|
||||
class RevokeApiKey extends Request {
|
||||
|
||||
public function __construct($user, $externCall = false) {
|
||||
parent::__construct($user, $externCall, array(
|
||||
"id" => new Parameter("id", Parameter::TYPE_INT),
|
||||
));
|
||||
$this->loginRequired = true;
|
||||
}
|
||||
|
||||
private function apiKeyExists() {
|
||||
$id = $this->getParam("id");
|
||||
$query = "SELECT * FROM ApiKey WHERE uid = ? AND uidUser = ? AND valid_until > now()";
|
||||
$request = new ExecuteSelect($this->user);
|
||||
$this->success = $request->execute(array("query" => $query, $id, $this->user->getId()));
|
||||
$this->lastError = $request->getLastError();
|
||||
|
||||
if($this->success && count($request->getResult()['rows']) == 0) {
|
||||
$this->success = false;
|
||||
$this->lastError = "This API-Key does not exist.";
|
||||
}
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
|
||||
public function execute($aValues = array()) {
|
||||
if(!parent::execute($aValues)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$id = $this->getParam("id");
|
||||
if(!$this->apiKeyExists())
|
||||
return false;
|
||||
|
||||
$query = "DELETE FROM ApiKey WHERE valid_until < now() OR (uid = ? AND uidUser = ?)";
|
||||
$request = new ExecuteStatement($this->user);
|
||||
$this->success = $request->execute(array("query" => $query, $id, $this->user->getId()));
|
||||
$this->lastError = $request->getLastError();
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
};
|
||||
|
||||
?>
|
58
core/Api/SendMail.class.php
Normal file
58
core/Api/SendMail.class.php
Normal file
@ -0,0 +1,58 @@
|
||||
<?php
|
||||
|
||||
namespace Api;
|
||||
use Api\Parameter\Parameter;
|
||||
use Api\Parameter\StringType;
|
||||
|
||||
class SendMail extends Request {
|
||||
|
||||
public function __construct($user, $externCall = false) {
|
||||
parent::__construct($user, $externCall, array(
|
||||
'from' => new Parameter('from', Parameter::TYPE_EMAIL),
|
||||
'to' => new Parameter('to', Parameter::TYPE_EMAIL),
|
||||
'subject' => new StringType('subject', -1),
|
||||
'body' => new StringType('body', -1),
|
||||
'fromName' => new StringType('fromName', -1, true, ''),
|
||||
'replyTo' => new Parameter('to', Parameter::TYPE_EMAIL, true, ''),
|
||||
));
|
||||
$this->isPublic = false;
|
||||
}
|
||||
|
||||
public function execute($values = array()) {
|
||||
if(!parent::execute($values)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$mailData = getMailData();
|
||||
$mail = new \External\PHPMailer\PHPMailer;
|
||||
$mail->IsSMTP();
|
||||
$mail->setFrom($this->getParam('from'), $this->getParam('fromName'));
|
||||
$mail->addAddress($this->getParam('to'));
|
||||
$mail->Subject = $this->getParam('subject');
|
||||
$mail->SMTPDebug = 0;
|
||||
$mail->Host = $mailData->getHost();
|
||||
$mail->Port = $mailData->getPort();
|
||||
$mail->SMTPAuth = true;
|
||||
$mail->Username = $mailData->getLogin();
|
||||
$mail->Password = $mailData->getPassword();
|
||||
$mail->SMTPSecure = 'tls';
|
||||
$mail->IsHTML(true);
|
||||
$mail->CharSet = 'UTF-8';
|
||||
$mail->Body = $this->getParam('body');
|
||||
|
||||
$replyTo = $this->getParam('replyTo');
|
||||
if(!is_null($replyTo) && !empty($replyTo)) {
|
||||
$mail->AddReplyTo($replyTo, $this->getParam('fromName'));
|
||||
}
|
||||
|
||||
$this->success = @$mail->Send();
|
||||
if (!$this->success) {
|
||||
$this->lastError = 'Error sending Mail: ' . $mail->ErrorInfo;
|
||||
error_log("sendMail() failed: " . $mail->ErrorInfo);
|
||||
}
|
||||
|
||||
return $this->success;
|
||||
}
|
||||
};
|
||||
|
||||
?>
|
@ -685,13 +685,13 @@ namespace Documents\Install {
|
||||
die(json_encode($response));
|
||||
}
|
||||
|
||||
if($this->currentStep == self::CHECKING_REQUIRMENTS) {
|
||||
/*if($this->currentStep == self::CHECKING_REQUIRMENTS) {
|
||||
$this->getDocument()->getHead()->addJSCode("
|
||||
$(document).ready(function() {
|
||||
retry();
|
||||
});
|
||||
");
|
||||
}
|
||||
}*/
|
||||
|
||||
$progressSidebar = $this->createProgressSidebar();
|
||||
$progressMainview = $this->createProgessMainview();
|
||||
|
@ -43,7 +43,7 @@ class Login extends \View {
|
||||
<div class=\"alert alert-danger hidden\" role=\"alert\" id=\"loginError\"></div>
|
||||
</form>
|
||||
<span class=\"subtitle flags-container\"><span class=\"flags\">$flags</span></span>
|
||||
<span class=\"subtitle\"><a class=\"link\" href=\"$protocol://$domain\">$iconBack$backToStartPage</a></span>
|
||||
<span class=\"subtitle\"><a class=\"link\" href=\"$protocol://$domain\">$iconBack $backToStartPage</a></span>
|
||||
$accountCreated
|
||||
</div>
|
||||
</div>";
|
||||
|
@ -25,7 +25,7 @@
|
||||
}
|
||||
|
||||
function getProtocol() {
|
||||
return stripos($_SERVER['SERVER_PROTOCOL'],'https') === 0 ? 'https://' : 'http://';
|
||||
return stripos($_SERVER['SERVER_PROTOCOL'],'https') === 0 ? 'https' : 'http';
|
||||
}
|
||||
|
||||
function includeDir($dir, $aIgnore = array(), $recursive = false) {
|
||||
|
@ -41,14 +41,19 @@ if(isset($_GET["api"]) && is_string($_GET["api"])) {
|
||||
header("403 Forbidden");
|
||||
$response = "";
|
||||
} else if(!preg_match("/[a-zA-Z]+(\/[a-zA-Z]+)*/", $apiFunction)) {
|
||||
header("400 Bad Request");
|
||||
$response = createError("Invalid Method");
|
||||
} else {
|
||||
$apiFunction = strtoupper($apiFunction[0]) . substr($apiFunction, 1);
|
||||
$apiFunction = str_replace("/", "\\", $apiFunction);
|
||||
$class = "\\Api\\$apiFunction";
|
||||
$file = getClassPath($class);
|
||||
if(!file_exists($file)) {
|
||||
header("404 Not Found");
|
||||
$response = createError("Not found");
|
||||
} else if(!is_subclass_of($class, \Api\Request::class)) {
|
||||
header("400 Bad Request");
|
||||
$response = createError("Inalid Method");
|
||||
} else {
|
||||
$request = new $class($user, true);
|
||||
$success = $request->execute();
|
||||
|
Loading…
Reference in New Issue
Block a user