API KEY management OK

This commit is contained in:
Gnieark 2017-04-27 19:35:58 +02:00
parent c75a707d28
commit d9299887d4
4 changed files with 127 additions and 6 deletions

View File

@ -14,7 +14,7 @@ if (!defined('DC_RC_PATH')) { return; }
$this->registerModule(
/* Name */ "rest",
/* Description*/ "A JSON/REST API for Dotclear",
/* Author */ "Gnieark (hope some others contributors",
/* Author */ "Gnieark (hope some others contributors)",
/* Version */ '0.0.1',
array(
'permissions' => 'usage,contentadmin',

View File

@ -12,6 +12,14 @@ class rest extends dcUrlHandlers
self::p404();
return;
}
//To do make headers optionals
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept');
echo "HELLO".$_SERVER['REQUEST_METHOD'].$args;
}
}

97
inc/class.rest.key.php Normal file
View File

@ -0,0 +1,97 @@
<?php
class ApiKey
{
public $key;
public function __construct(){
$this->key = '';
}
public function new_key($dcUserId)
{
$this->key = $this->rand_str();
$this -> put_dc_setting_user_key($dcUserId);
return $this->key;
}
public function set_key($key)
{
$this->key = $key;
}
public function get_dc_admin_form($dcUserId)
{
global $core;
//tester si une clef d'API a été générée
if($this->dc_is_key_setting_set($dcUserId)){
$infoFormApiKey = __('Your api key has already been created.');
$buttonFormApiKey = __('Erase existing API key and generate a new one for').' '.$dcUserId;
}else{
$infoFormApiKey = __('No API key found.');
$buttonFormApiKey = __('Generate a API key for').' '.$dcUserId;
}
if($this->key == ''){
$infoKey = $infoFormApiKey;
}else{
$infoKey = '<p class="info">'.__('The api key is').':<input type ="texte" value="'.$this->key.'"/><br/>'.
__('Copy and paste it, You will cannot see it again.').'</p>';
}
return '<form method="post" action="'.http::getSelfURI().'">'.
$infoKey.
'<p><input type="submit" name="resetApiKey" value="'.$buttonFormApiKey.'"/></p>'.
$core->formNonce().
'</form>';
}
private function dc_is_key_setting_set($dcUserId)
{
global $core;
$apiKeyName = $this->get_dc_setting_api_name($dcUserId);
$currentHashedKey = $core->blog->settings->rest->{$apiKeyName};
if(empty($currentHashedKey)){
return false;
}else{
return true;
}
}
private function put_dc_setting_user_key($dcUserId)
{
global $core;
if ($this->key == ''){
//don't save an empty key
return false;
}
$hash = md5($this->key);
$core->blog->settings->rest->put(
$this->get_dc_setting_api_name($dcUserId),
$hash,
'string'
);
return $hash;
}
private function get_dc_setting_api_name($dcUserId)
{
return 'rest_key_'.$dcUserId;
}
private function rand_str($length = 32, $chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890')
{
$chars_length = (strlen($chars) - 1);
$string = $chars{rand(0, $chars_length)};
for ($i = 1; $i < $length; $i = strlen($string)){
$r = $chars{rand(0, $chars_length)};
if ($r != $string{$i - 1}) $string .= $r;
}
return $string;
}
}

View File

@ -2,6 +2,8 @@
if (!defined('DC_CONTEXT_ADMIN')) { return; }
require_once(dirname(__FILE__).'/inc/class.rest.key.php');
$apiKey = new ApiKey;
// Setting default parameters if missing configuration
$core->blog->settings->addNamespace('rest');
@ -21,8 +23,8 @@ if (is_null($core->blog->settings->rest->rest_active)) {
$active = (boolean)$core->blog->settings->rest->rest_active;
$openApi = (boolean)$core->blog->settings->rest->rest_is_open;
//apply
if (!empty($_POST['saveconfig'])) {
//Sousmission Formulaire parametres
if ((!empty($_POST['saveconfig'])) && ($core->auth->isSuperAdmin())) {
try
{
$core->blog->settings->addNameSpace('rest');
@ -39,12 +41,25 @@ if (!empty($_POST['saveconfig'])) {
$core->error->add($e->getMessage());
}
}
//Sousmission Formulaire Reset API Key
if(!empty($_POST['resetApiKey'])){
$core->blog->settings->addNameSpace('rest');
$apiKey -> new_key($core->auth->userID());
dcPage::addSuccessNotice(__('Your new key is').' '.$apiKey->key);
}
//is user admin isSuperAdmin
?>
<html>
<head>
<title>Rest API config</title>
</head>
<body>
<h2><?php echo __('Your API key');?></h2>
<?php echo $apiKey-> get_dc_admin_form($core->auth->userID()); ?>
<?php if($core->auth->isSuperAdmin()): ?>
<h2>Rest API configuration</h2>
<form method="post" action="<?php http::getSelfURI(); ?>">
<p>
@ -55,13 +70,14 @@ if (!empty($_POST['saveconfig'])) {
<?php echo form::checkbox('open', 1, $openApi); ?>
<label class="classic" for="open">&nbsp;<?php echo __('API is open');?></label>
</p>
<p class="info">If checked, few methods as GET will be allowed to externals users without API key.
However, they won't be able to request for non public content.</p>
<p class="info"><?php echo __("If checked, few methods as GET will be allowed to externals users without API key.
However, they won't be able to request for non public content."); ?></p>
<?php echo $core->formNonce(); ?>
<p>
<input type="submit" name="saveconfig" value="<?php echo __('Save configuration'); ?>" />
</p>
</from>
<?php endif; ?>
</body>
</html>