Alex/GIST
1
0
Fork 0
mirror of https://gitnet.fr/deblan/gist.git synced 2021-08-14 08:30:49 +02:00
Code Issues Releases Wiki Activity

API key

Browse Source
This commit is contained in:
Simon Vieille 2017-06-25 23:06:24 +02:00
parent 80b3c0bbdb
commit ffe3540565
4 changed files with 21 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/config/config.yml.dist
View File

@ -7,7 +7,10 @@ security:
login_required_to_view_embeded_gist: false login_required_to_view_embeded_gist: false
api: api:
enabled: true enabled: true
api_key_required: false
base_url: 'https://gist.deblan.org/' base_url: 'https://gist.deblan.org/'
client:
api_key:
data: data:
path: data/git path: data/git
git: git:

10
src/Gist/Controller/ApiController.php
View File

@ -34,7 +34,7 @@ class ApiController extends Controller
return new Response('', 403); return new Response('', 403);
} }
if (false === $this->isValidApiKey($apiKey)) { if (false === $this->isValidApiKey($apiKey, true)) {
return $this->invalidApiKeyResponse(); return $this->invalidApiKeyResponse();
} }
@ -240,9 +240,13 @@ class ApiController extends Controller
return new JsonResponse($data, 400); return new JsonResponse($data, 400);
} }
protected function isValidApiKey($apiKey) protected function isValidApiKey($apiKey, $required = false)
{ {
return !empty($apiKey) && UserQuery::create() if (empty($apiKey)) {
return !$required;
}
return UserQuery::create()
->filterByApiKey($apiKey) ->filterByApiKey($apiKey)
->count() === 1; ->count() === 1;
} }

10
src/Gist/Controller/Controller.php
View File

@ -13,7 +13,7 @@ use Symfony\Component\HttpFoundation\Response;
* *
* @author Simon Vieille <simon@deblan.fr> * @author Simon Vieille <simon@deblan.fr>
*/ */
class Controller abstract class Controller
{ {
/** /**
* @var Application * @var Application
@ -128,12 +128,18 @@ class Controller
/** /**
* Returns the connected user. * Returns the connected user.
* *
* @param Request $request An API request
*
* @return mixed * @return mixed
*/ */
public function getUser() public function getUser(Request $request = null)
{ {
$app = $this->getApp(); $app = $this->getApp();
if (!empty($request)) {
}
$securityContext = $app['security.token_storage']; $securityContext = $app['security.token_storage'];
$securityToken = $securityContext->getToken(); $securityToken = $securityContext->getToken();

4
src/Gist/Controller/MyController.php
View File

@ -62,7 +62,9 @@ class MyController extends Controller
if (empty($apiKey)) { if (empty($apiKey)) {
$regenerateApiKey = true; $regenerateApiKey = true;
} elseif ($request->request->get('apiKey') === $apiKey && $request->request->has('generateApiKey')) { }
// FIXME: CSRF issue!.
elseif ($request->request->get('apiKey') === $apiKey && $request->request->has('generateApiKey')) {
$regenerateApiKey = true; $regenerateApiKey = true;
} else { } else {
$regenerateApiKey = false; $regenerateApiKey = false;