API KEY management OK
This commit is contained in:
parent
c75a707d28
commit
d9299887d4
|
@ -14,7 +14,7 @@ if (!defined('DC_RC_PATH')) { return; }
|
||||||
$this->registerModule(
|
$this->registerModule(
|
||||||
/* Name */ "rest",
|
/* Name */ "rest",
|
||||||
/* Description*/ "A JSON/REST API for Dotclear",
|
/* Description*/ "A JSON/REST API for Dotclear",
|
||||||
/* Author */ "Gnieark (hope some others contributors",
|
/* Author */ "Gnieark (hope some others contributors)",
|
||||||
/* Version */ '0.0.1',
|
/* Version */ '0.0.1',
|
||||||
array(
|
array(
|
||||||
'permissions' => 'usage,contentadmin',
|
'permissions' => 'usage,contentadmin',
|
||||||
|
|
|
@ -12,6 +12,14 @@ class rest extends dcUrlHandlers
|
||||||
self::p404();
|
self::p404();
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
//To do make headers optionals
|
||||||
|
header('Access-Control-Allow-Origin: *');
|
||||||
|
header('Access-Control-Allow-Methods: GET, POST');
|
||||||
|
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
echo "HELLO".$_SERVER['REQUEST_METHOD'].$args;
|
echo "HELLO".$_SERVER['REQUEST_METHOD'].$args;
|
||||||
}
|
}
|
||||||
}
|
}
|
97
inc/class.rest.key.php
Normal file
97
inc/class.rest.key.php
Normal file
|
@ -0,0 +1,97 @@
|
||||||
|
<?php
|
||||||
|
class ApiKey
|
||||||
|
{
|
||||||
|
|
||||||
|
public $key;
|
||||||
|
|
||||||
|
public function __construct(){
|
||||||
|
$this->key = '';
|
||||||
|
}
|
||||||
|
public function new_key($dcUserId)
|
||||||
|
{
|
||||||
|
$this->key = $this->rand_str();
|
||||||
|
$this -> put_dc_setting_user_key($dcUserId);
|
||||||
|
return $this->key;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function set_key($key)
|
||||||
|
{
|
||||||
|
$this->key = $key;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function get_dc_admin_form($dcUserId)
|
||||||
|
{
|
||||||
|
|
||||||
|
global $core;
|
||||||
|
|
||||||
|
//tester si une clef d'API a été générée
|
||||||
|
|
||||||
|
if($this->dc_is_key_setting_set($dcUserId)){
|
||||||
|
$infoFormApiKey = __('Your api key has already been created.');
|
||||||
|
$buttonFormApiKey = __('Erase existing API key and generate a new one for').' '.$dcUserId;
|
||||||
|
}else{
|
||||||
|
$infoFormApiKey = __('No API key found.');
|
||||||
|
$buttonFormApiKey = __('Generate a API key for').' '.$dcUserId;
|
||||||
|
}
|
||||||
|
|
||||||
|
if($this->key == ''){
|
||||||
|
$infoKey = $infoFormApiKey;
|
||||||
|
}else{
|
||||||
|
$infoKey = '<p class="info">'.__('The api key is').':<input type ="texte" value="'.$this->key.'"/><br/>'.
|
||||||
|
__('Copy and paste it, You will cannot see it again.').'</p>';
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
return '<form method="post" action="'.http::getSelfURI().'">'.
|
||||||
|
$infoKey.
|
||||||
|
'<p><input type="submit" name="resetApiKey" value="'.$buttonFormApiKey.'"/></p>'.
|
||||||
|
$core->formNonce().
|
||||||
|
'</form>';
|
||||||
|
}
|
||||||
|
|
||||||
|
private function dc_is_key_setting_set($dcUserId)
|
||||||
|
{
|
||||||
|
global $core;
|
||||||
|
|
||||||
|
$apiKeyName = $this->get_dc_setting_api_name($dcUserId);
|
||||||
|
$currentHashedKey = $core->blog->settings->rest->{$apiKeyName};
|
||||||
|
if(empty($currentHashedKey)){
|
||||||
|
return false;
|
||||||
|
}else{
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private function put_dc_setting_user_key($dcUserId)
|
||||||
|
{
|
||||||
|
global $core;
|
||||||
|
|
||||||
|
if ($this->key == ''){
|
||||||
|
//don't save an empty key
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
$hash = md5($this->key);
|
||||||
|
$core->blog->settings->rest->put(
|
||||||
|
$this->get_dc_setting_api_name($dcUserId),
|
||||||
|
$hash,
|
||||||
|
'string'
|
||||||
|
);
|
||||||
|
return $hash;
|
||||||
|
}
|
||||||
|
|
||||||
|
private function get_dc_setting_api_name($dcUserId)
|
||||||
|
{
|
||||||
|
return 'rest_key_'.$dcUserId;
|
||||||
|
}
|
||||||
|
|
||||||
|
private function rand_str($length = 32, $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890')
|
||||||
|
{
|
||||||
|
$chars_length = (strlen($chars) - 1);
|
||||||
|
$string = $chars{rand(0, $chars_length)};
|
||||||
|
for ($i = 1; $i < $length; $i = strlen($string)){
|
||||||
|
$r = $chars{rand(0, $chars_length)};
|
||||||
|
if ($r != $string{$i - 1}) $string .= $r;
|
||||||
|
}
|
||||||
|
return $string;
|
||||||
|
}
|
||||||
|
}
|
24
index.php
24
index.php
|
@ -2,6 +2,8 @@
|
||||||
|
|
||||||
if (!defined('DC_CONTEXT_ADMIN')) { return; }
|
if (!defined('DC_CONTEXT_ADMIN')) { return; }
|
||||||
|
|
||||||
|
require_once(dirname(__FILE__).'/inc/class.rest.key.php');
|
||||||
|
$apiKey = new ApiKey;
|
||||||
|
|
||||||
// Setting default parameters if missing configuration
|
// Setting default parameters if missing configuration
|
||||||
$core->blog->settings->addNamespace('rest');
|
$core->blog->settings->addNamespace('rest');
|
||||||
|
@ -21,8 +23,8 @@ if (is_null($core->blog->settings->rest->rest_active)) {
|
||||||
$active = (boolean)$core->blog->settings->rest->rest_active;
|
$active = (boolean)$core->blog->settings->rest->rest_active;
|
||||||
$openApi = (boolean)$core->blog->settings->rest->rest_is_open;
|
$openApi = (boolean)$core->blog->settings->rest->rest_is_open;
|
||||||
|
|
||||||
//apply
|
//Sousmission Formulaire parametres
|
||||||
if (!empty($_POST['saveconfig'])) {
|
if ((!empty($_POST['saveconfig'])) && ($core->auth->isSuperAdmin())) {
|
||||||
try
|
try
|
||||||
{
|
{
|
||||||
$core->blog->settings->addNameSpace('rest');
|
$core->blog->settings->addNameSpace('rest');
|
||||||
|
@ -39,12 +41,25 @@ if (!empty($_POST['saveconfig'])) {
|
||||||
$core->error->add($e->getMessage());
|
$core->error->add($e->getMessage());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
//Sousmission Formulaire Reset API Key
|
||||||
|
if(!empty($_POST['resetApiKey'])){
|
||||||
|
$core->blog->settings->addNameSpace('rest');
|
||||||
|
$apiKey -> new_key($core->auth->userID());
|
||||||
|
dcPage::addSuccessNotice(__('Your new key is').' '.$apiKey->key);
|
||||||
|
}
|
||||||
|
//is user admin isSuperAdmin
|
||||||
|
|
||||||
?>
|
?>
|
||||||
<html>
|
<html>
|
||||||
<head>
|
<head>
|
||||||
<title>Rest API config</title>
|
<title>Rest API config</title>
|
||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
|
<h2><?php echo __('Your API key');?></h2>
|
||||||
|
<?php echo $apiKey-> get_dc_admin_form($core->auth->userID()); ?>
|
||||||
|
|
||||||
|
<?php if($core->auth->isSuperAdmin()): ?>
|
||||||
|
|
||||||
<h2>Rest API configuration</h2>
|
<h2>Rest API configuration</h2>
|
||||||
<form method="post" action="<?php http::getSelfURI(); ?>">
|
<form method="post" action="<?php http::getSelfURI(); ?>">
|
||||||
<p>
|
<p>
|
||||||
|
@ -55,13 +70,14 @@ if (!empty($_POST['saveconfig'])) {
|
||||||
<?php echo form::checkbox('open', 1, $openApi); ?>
|
<?php echo form::checkbox('open', 1, $openApi); ?>
|
||||||
<label class="classic" for="open"> <?php echo __('API is open');?></label>
|
<label class="classic" for="open"> <?php echo __('API is open');?></label>
|
||||||
</p>
|
</p>
|
||||||
<p class="info">If checked, few methods as GET will be allowed to externals users without API key.
|
<p class="info"><?php echo __("If checked, few methods as GET will be allowed to externals users without API key.
|
||||||
However, they won't be able to request for non public content.</p>
|
However, they won't be able to request for non public content."); ?></p>
|
||||||
<?php echo $core->formNonce(); ?>
|
<?php echo $core->formNonce(); ?>
|
||||||
<p>
|
<p>
|
||||||
<input type="submit" name="saveconfig" value="<?php echo __('Save configuration'); ?>" />
|
<input type="submit" name="saveconfig" value="<?php echo __('Save configuration'); ?>" />
|
||||||
</p>
|
</p>
|
||||||
|
|
||||||
</from>
|
</from>
|
||||||
|
<?php endif; ?>
|
||||||
</body>
|
</body>
|
||||||
</html>
|
</html>
|
Loading…
Reference in New Issue
Block a user