API KEY management OK
This commit is contained in:
parent
c75a707d28
commit
d9299887d4
|
@ -14,7 +14,7 @@ if (!defined('DC_RC_PATH')) { return; }
|
|||
$this->registerModule(
|
||||
/* Name */ "rest",
|
||||
/* Description*/ "A JSON/REST API for Dotclear",
|
||||
/* Author */ "Gnieark (hope some others contributors",
|
||||
/* Author */ "Gnieark (hope some others contributors)",
|
||||
/* Version */ '0.0.1',
|
||||
array(
|
||||
'permissions' => 'usage,contentadmin',
|
||||
|
|
|
@ -12,6 +12,14 @@ class rest extends dcUrlHandlers
|
|||
self::p404();
|
||||
return;
|
||||
}
|
||||
|
||||
//To do make headers optionals
|
||||
header('Access-Control-Allow-Origin: *');
|
||||
header('Access-Control-Allow-Methods: GET, POST');
|
||||
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');
|
||||
|
||||
|
||||
|
||||
echo "HELLO".$_SERVER['REQUEST_METHOD'].$args;
|
||||
}
|
||||
}
|
97
inc/class.rest.key.php
Normal file
97
inc/class.rest.key.php
Normal file
|
@ -0,0 +1,97 @@
|
|||
<?php
|
||||
class ApiKey
|
||||
{
|
||||
|
||||
public $key;
|
||||
|
||||
public function __construct(){
|
||||
$this->key = '';
|
||||
}
|
||||
public function new_key($dcUserId)
|
||||
{
|
||||
$this->key = $this->rand_str();
|
||||
$this -> put_dc_setting_user_key($dcUserId);
|
||||
return $this->key;
|
||||
}
|
||||
|
||||
public function set_key($key)
|
||||
{
|
||||
$this->key = $key;
|
||||
}
|
||||
|
||||
public function get_dc_admin_form($dcUserId)
|
||||
{
|
||||
|
||||
global $core;
|
||||
|
||||
//tester si une clef d'API a été générée
|
||||
|
||||
if($this->dc_is_key_setting_set($dcUserId)){
|
||||
$infoFormApiKey = __('Your api key has already been created.');
|
||||
$buttonFormApiKey = __('Erase existing API key and generate a new one for').' '.$dcUserId;
|
||||
}else{
|
||||
$infoFormApiKey = __('No API key found.');
|
||||
$buttonFormApiKey = __('Generate a API key for').' '.$dcUserId;
|
||||
}
|
||||
|
||||
if($this->key == ''){
|
||||
$infoKey = $infoFormApiKey;
|
||||
}else{
|
||||
$infoKey = '<p class="info">'.__('The api key is').':<input type ="texte" value="'.$this->key.'"/><br/>'.
|
||||
__('Copy and paste it, You will cannot see it again.').'</p>';
|
||||
}
|
||||
|
||||
|
||||
return '<form method="post" action="'.http::getSelfURI().'">'.
|
||||
$infoKey.
|
||||
'<p><input type="submit" name="resetApiKey" value="'.$buttonFormApiKey.'"/></p>'.
|
||||
$core->formNonce().
|
||||
'</form>';
|
||||
}
|
||||
|
||||
private function dc_is_key_setting_set($dcUserId)
|
||||
{
|
||||
global $core;
|
||||
|
||||
$apiKeyName = $this->get_dc_setting_api_name($dcUserId);
|
||||
$currentHashedKey = $core->blog->settings->rest->{$apiKeyName};
|
||||
if(empty($currentHashedKey)){
|
||||
return false;
|
||||
}else{
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
private function put_dc_setting_user_key($dcUserId)
|
||||
{
|
||||
global $core;
|
||||
|
||||
if ($this->key == ''){
|
||||
//don't save an empty key
|
||||
return false;
|
||||
}
|
||||
$hash = md5($this->key);
|
||||
$core->blog->settings->rest->put(
|
||||
$this->get_dc_setting_api_name($dcUserId),
|
||||
$hash,
|
||||
'string'
|
||||
);
|
||||
return $hash;
|
||||
}
|
||||
|
||||
private function get_dc_setting_api_name($dcUserId)
|
||||
{
|
||||
return 'rest_key_'.$dcUserId;
|
||||
}
|
||||
|
||||
private function rand_str($length = 32, $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890')
|
||||
{
|
||||
$chars_length = (strlen($chars) - 1);
|
||||
$string = $chars{rand(0, $chars_length)};
|
||||
for ($i = 1; $i < $length; $i = strlen($string)){
|
||||
$r = $chars{rand(0, $chars_length)};
|
||||
if ($r != $string{$i - 1}) $string .= $r;
|
||||
}
|
||||
return $string;
|
||||
}
|
||||
}
|
24
index.php
24
index.php
|
@ -2,6 +2,8 @@
|
|||
|
||||
if (!defined('DC_CONTEXT_ADMIN')) { return; }
|
||||
|
||||
require_once(dirname(__FILE__).'/inc/class.rest.key.php');
|
||||
$apiKey = new ApiKey;
|
||||
|
||||
// Setting default parameters if missing configuration
|
||||
$core->blog->settings->addNamespace('rest');
|
||||
|
@ -21,8 +23,8 @@ if (is_null($core->blog->settings->rest->rest_active)) {
|
|||
$active = (boolean)$core->blog->settings->rest->rest_active;
|
||||
$openApi = (boolean)$core->blog->settings->rest->rest_is_open;
|
||||
|
||||
//apply
|
||||
if (!empty($_POST['saveconfig'])) {
|
||||
//Sousmission Formulaire parametres
|
||||
if ((!empty($_POST['saveconfig'])) && ($core->auth->isSuperAdmin())) {
|
||||
try
|
||||
{
|
||||
$core->blog->settings->addNameSpace('rest');
|
||||
|
@ -39,12 +41,25 @@ if (!empty($_POST['saveconfig'])) {
|
|||
$core->error->add($e->getMessage());
|
||||
}
|
||||
}
|
||||
//Sousmission Formulaire Reset API Key
|
||||
if(!empty($_POST['resetApiKey'])){
|
||||
$core->blog->settings->addNameSpace('rest');
|
||||
$apiKey -> new_key($core->auth->userID());
|
||||
dcPage::addSuccessNotice(__('Your new key is').' '.$apiKey->key);
|
||||
}
|
||||
//is user admin isSuperAdmin
|
||||
|
||||
?>
|
||||
<html>
|
||||
<head>
|
||||
<title>Rest API config</title>
|
||||
</head>
|
||||
<body>
|
||||
<h2><?php echo __('Your API key');?></h2>
|
||||
<?php echo $apiKey-> get_dc_admin_form($core->auth->userID()); ?>
|
||||
|
||||
<?php if($core->auth->isSuperAdmin()): ?>
|
||||
|
||||
<h2>Rest API configuration</h2>
|
||||
<form method="post" action="<?php http::getSelfURI(); ?>">
|
||||
<p>
|
||||
|
@ -55,13 +70,14 @@ if (!empty($_POST['saveconfig'])) {
|
|||
<?php echo form::checkbox('open', 1, $openApi); ?>
|
||||
<label class="classic" for="open"> <?php echo __('API is open');?></label>
|
||||
</p>
|
||||
<p class="info">If checked, few methods as GET will be allowed to externals users without API key.
|
||||
However, they won't be able to request for non public content.</p>
|
||||
<p class="info"><?php echo __("If checked, few methods as GET will be allowed to externals users without API key.
|
||||
However, they won't be able to request for non public content."); ?></p>
|
||||
<?php echo $core->formNonce(); ?>
|
||||
<p>
|
||||
<input type="submit" name="saveconfig" value="<?php echo __('Save configuration'); ?>" />
|
||||
</p>
|
||||
|
||||
</from>
|
||||
<?php endif; ?>
|
||||
</body>
|
||||
</html>
|
Loading…
Reference in New Issue
Block a user