Business/AccountHub
2
0
Fork 2
Code Issues 3 Pull Requests Releases 3 Wiki Activity

Add API key types

Browse Source
This commit is contained in:
Skylar Ittner 2019-02-11 15:21:27 -07:00
parent 29fb7feb85
commit 99f2e07f63
4 changed files with 105 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
api/apisettings.php
View File

@ -12,14 +12,16 @@ $APIS = [
"vars" => [
],
"permission" => [
]
],
"keytype" => "NONE"
],
"auth" => [
"load" => "auth.php",
"vars" => [
"username" => "string",
"password" => "string"
]
],
"keytype" => "AUTH"
],
"userinfo" => [
"load" => "userinfo.php",
@ -28,7 +30,8 @@ $APIS = [
"username" => "string",
"uid" => "numeric"
]
]
],
"keytype" => "READ"
],
"userexists" => [
"load" => "userexists.php",
@ -37,33 +40,38 @@ $APIS = [
"username" => "string",
"uid" => "numeric"
]
]
],
"keytype" => "AUTH"
],
"hastotp" => [
"load" => "hastotp.php",
"vars" => [
"username" => "string"
]
],
"keytype" => "AUTH"
],
"verifytotp" => [
"load" => "verifytotp.php",
"vars" => [
"username" => "string",
"code" => "string"
]
],
"keytype" => "AUTH"
],
"acctstatus" => [
"load" => "acctstatus.php",
"vars" => [
"username" => "string"
]
],
"keytype" => "AUTH"
],
"login" => [
"load" => "login.php",
"vars" => [
"username" => "string",
"password" => "string"
]
],
"keytype" => "AUTH"
],
"ismanagerof" => [
"load" => "ismanagerof.php",
@ -71,7 +79,8 @@ $APIS = [
"manager" => "string",
"employee" => "string",
"uid (optional)" => "numeric"
]
],
"keytype" => "READ"
],
"getmanaged" => [
"load" => "getmanaged.php",
@ -81,7 +90,8 @@ $APIS = [
"uid" => "numeric"
],
"get (optional)" => "string"
]
],
"keytype" => "READ"
],
"getmanagers" => [
"load" => "getmanagers.php",
@ -90,13 +100,15 @@ $APIS = [
"username" => "string",
"uid" => "numeric"
]
]
],
"keytype" => "READ"
],
"usersearch" => [
"load" => "usersearch.php",
"vars" => [
"search" => "string"
]
],
"keytype" => "READ"
],
"permission" => [
"load" => "permission.php",
@ -106,40 +118,47 @@ $APIS = [
"uid" => "numeric"
],
"code" => "string"
]
],
"keytype" => "READ"
],
"mobileenabled" => [
"load" => "mobileenabled.php"
"load" => "mobileenabled.php",
"keytype" => "NONE"
],
"mobilevalid" => [
"load" => "mobilevalid.php",
"vars" => [
"username" => "string",
"code" => "string"
]
],
"keytype" => "AUTH"
],
"alertemail" => [
"load" => "alertemail.php",
"vars" => [
"username" => "string",
"appname (optional)" => "string"
]
],
"keytype" => "FULL"
],
"codelogin" => [
"load" => "codelogin.php",
"vars" => [
"code" => "string"
]
],
"keytype" => "AUTH"
],
"listapps" => [
"load" => "listapps.php"
"load" => "listapps.php",
"keytype" => "NONE"
],
"getusersbygroup" => [
"load" => "getusersbygroup.php",
"vars" => [
"gid" => "numeric",
"get (optional)" => "string"
]
],
"keytype" => "READ"
],
"getgroupsbyuser" => [
"load" => "getgroupsbyuser.php",
@ -148,16 +167,19 @@ $APIS = [
"uid" => "numeric",
"username" => "string"
]
]
],
"keytype" => "READ"
],
"getgroups" => [
"load" => "getgroups.php"
"load" => "getgroups.php",
"keytype" => "READ"
],
"groupsearch" => [
"load" => "groupsearch.php",
"vars" => [
"search" => "string"
]
],
"keytype" => "READ"
],
"checkpin" => [
"load" => "checkpin.php",
@ -167,7 +189,8 @@ $APIS = [
"uid" => "numeric",
"username" => "string"
]
]
],
"keytype" => "AUTH"
],
"getnotifications" => [
"load" => "getnotifications.php",
@ -176,7 +199,8 @@ $APIS = [
"uid" => "numeric",
"username" => "string"
]
]
],
"keytype" => "READ"
],
"readnotification" => [
"load" => "readnotification.php",
@ -186,7 +210,8 @@ $APIS = [
"username" => "string"
],
"id" => "numeric"
]
],
"keytype" => "FULL"
],
"addnotification" => [
"load" => "addnotification.php",
@ -200,7 +225,8 @@ $APIS = [
"timestamp (optional)" => "string",
"url (optional)" => "string",
"sensitive (optional)" => "string"
]
],
"keytype" => "FULL"
],
"deletenotification" => [
"load" => "deletenotification.php",
@ -210,19 +236,22 @@ $APIS = [
"username" => "string"
],
"id" => "numeric"
]
],
"keytype" => "FULL"
],
"getloginkey" => [
"load" => "getloginkey.php",
"vars" => [
"appname" => "string",
"appicon (optional)" => "string"
]
],
"keytype" => "AUTH"
],
"checkloginkey" => [
"load" => "checkloginkey.php",
"vars" => [
"code" => "string"
]
],
"keytype" => "AUTH"
]
];

38
api/functions.php
View File

@ -121,3 +121,41 @@ function checkVars($vars, $or = false) {
}
}
}
/**
* Check if the client API key is allowed to access API functions that require the
* specified API key type.
* @global type $VARS
* @global type $database
* @param string $type The required key type: "NONE", "AUTH", "READ", or "FULL"
* @return bool
*/
function checkkeytype(string $type): bool {
global $VARS, $database;
if (empty($VARS['key'])) {
return false;
} else {
$key = $VARS['key'];
$keytype = $database->get('apikeys', 'type', ['key' => $key]);
$allowedtypes = [];
switch ($type) {
case "NONE":
$allowedtypes = ["NONE", "AUTH", "READ", "FULL"];
break;
case "AUTH":
$allowedtypes = ["AUTH", "READ", "FULL"];
break;
case "READ":
$allowedtypes = ["READ", "FULL"];
break;
case "FULL":
$allowedtypes = ["FULL"];
}
if (!in_array($type, $allowedtypes)) {
http_response_code(403);
Log::insert(LogType::API_BAD_KEY, null, "Key: " . $key);
return false;
}
}
return true;
}

9
api/index.php
View File

@ -74,4 +74,13 @@ if (!empty($APIACTION["vars"])) {
checkVars($APIACTION["vars"]);
}
// Assume we need full API access
if (empty($APIACTION["keytype"])) {
$APIACTION["keytype"] = "FULL";
}
if (!checkkeytype($APIACTION["keytype"])) {
die("403 Unauthorized");
}
require_once __DIR__ . "/actions/" . $APIACTION["load"];

BIN
database.mwb
View File

Binary file not shown.