Business/AccountHub
2
0
Fork 2
Code Issues 3 Pull Requests Releases 3 Wiki Activity

Add API key types

Browse Source
This commit is contained in:
Skylar Ittner 2019-02-11 15:21:27 -07:00
parent 29fb7feb85
commit 99f2e07f63
4 changed files with 105 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
api/apisettings.php
View File

@ -12,14 +12,16 @@ $APIS = [
"vars" => [ "vars" => [
], ],
"permission" => [ "permission" => [
] ],
"keytype" => "NONE"
], ],
"auth" => [ "auth" => [
"load" => "auth.php", "load" => "auth.php",
"vars" => [ "vars" => [
"username" => "string", "username" => "string",
"password" => "string" "password" => "string"
] ],
"keytype" => "AUTH"
], ],
"userinfo" => [ "userinfo" => [
"load" => "userinfo.php", "load" => "userinfo.php",
@ -28,7 +30,8 @@ $APIS = [
"username" => "string", "username" => "string",
"uid" => "numeric" "uid" => "numeric"
] ]
] ],
"keytype" => "READ"
], ],
"userexists" => [ "userexists" => [
"load" => "userexists.php", "load" => "userexists.php",
@ -37,33 +40,38 @@ $APIS = [
"username" => "string", "username" => "string",
"uid" => "numeric" "uid" => "numeric"
] ]
] ],
"keytype" => "AUTH"
], ],
"hastotp" => [ "hastotp" => [
"load" => "hastotp.php", "load" => "hastotp.php",
"vars" => [ "vars" => [
"username" => "string" "username" => "string"
] ],
"keytype" => "AUTH"
], ],
"verifytotp" => [ "verifytotp" => [
"load" => "verifytotp.php", "load" => "verifytotp.php",
"vars" => [ "vars" => [
"username" => "string", "username" => "string",
"code" => "string" "code" => "string"
] ],
"keytype" => "AUTH"
], ],
"acctstatus" => [ "acctstatus" => [
"load" => "acctstatus.php", "load" => "acctstatus.php",
"vars" => [ "vars" => [
"username" => "string" "username" => "string"
] ],
"keytype" => "AUTH"
], ],
"login" => [ "login" => [
"load" => "login.php", "load" => "login.php",
"vars" => [ "vars" => [
"username" => "string", "username" => "string",
"password" => "string" "password" => "string"
] ],
"keytype" => "AUTH"
], ],
"ismanagerof" => [ "ismanagerof" => [
"load" => "ismanagerof.php", "load" => "ismanagerof.php",
@ -71,7 +79,8 @@ $APIS = [
"manager" => "string", "manager" => "string",
"employee" => "string", "employee" => "string",
"uid (optional)" => "numeric" "uid (optional)" => "numeric"
] ],
"keytype" => "READ"
], ],
"getmanaged" => [ "getmanaged" => [
"load" => "getmanaged.php", "load" => "getmanaged.php",
@ -81,7 +90,8 @@ $APIS = [
"uid" => "numeric" "uid" => "numeric"
], ],
"get (optional)" => "string" "get (optional)" => "string"
] ],
"keytype" => "READ"
], ],
"getmanagers" => [ "getmanagers" => [
"load" => "getmanagers.php", "load" => "getmanagers.php",
@ -90,13 +100,15 @@ $APIS = [
"username" => "string", "username" => "string",
"uid" => "numeric" "uid" => "numeric"
] ]
] ],
"keytype" => "READ"
], ],
"usersearch" => [ "usersearch" => [
"load" => "usersearch.php", "load" => "usersearch.php",
"vars" => [ "vars" => [
"search" => "string" "search" => "string"
] ],
"keytype" => "READ"
], ],
"permission" => [ "permission" => [
"load" => "permission.php", "load" => "permission.php",
@ -106,40 +118,47 @@ $APIS = [
"uid" => "numeric" "uid" => "numeric"
], ],
"code" => "string" "code" => "string"
] ],
"keytype" => "READ"
], ],
"mobileenabled" => [ "mobileenabled" => [
"load" => "mobileenabled.php" "load" => "mobileenabled.php",
"keytype" => "NONE"
], ],
"mobilevalid" => [ "mobilevalid" => [
"load" => "mobilevalid.php", "load" => "mobilevalid.php",
"vars" => [ "vars" => [
"username" => "string", "username" => "string",
"code" => "string" "code" => "string"
] ],
"keytype" => "AUTH"
], ],
"alertemail" => [ "alertemail" => [
"load" => "alertemail.php", "load" => "alertemail.php",
"vars" => [ "vars" => [
"username" => "string", "username" => "string",
"appname (optional)" => "string" "appname (optional)" => "string"
] ],
"keytype" => "FULL"
], ],
"codelogin" => [ "codelogin" => [
"load" => "codelogin.php", "load" => "codelogin.php",
"vars" => [ "vars" => [
"code" => "string" "code" => "string"
] ],
"keytype" => "AUTH"
], ],
"listapps" => [ "listapps" => [
"load" => "listapps.php" "load" => "listapps.php",
"keytype" => "NONE"
], ],
"getusersbygroup" => [ "getusersbygroup" => [
"load" => "getusersbygroup.php", "load" => "getusersbygroup.php",
"vars" => [ "vars" => [
"gid" => "numeric", "gid" => "numeric",
"get (optional)" => "string" "get (optional)" => "string"
] ],
"keytype" => "READ"
], ],
"getgroupsbyuser" => [ "getgroupsbyuser" => [
"load" => "getgroupsbyuser.php", "load" => "getgroupsbyuser.php",
@ -148,16 +167,19 @@ $APIS = [
"uid" => "numeric", "uid" => "numeric",
"username" => "string" "username" => "string"
] ]
] ],
"keytype" => "READ"
], ],
"getgroups" => [ "getgroups" => [
"load" => "getgroups.php" "load" => "getgroups.php",
"keytype" => "READ"
], ],
"groupsearch" => [ "groupsearch" => [
"load" => "groupsearch.php", "load" => "groupsearch.php",
"vars" => [ "vars" => [
"search" => "string" "search" => "string"
] ],
"keytype" => "READ"
], ],
"checkpin" => [ "checkpin" => [
"load" => "checkpin.php", "load" => "checkpin.php",
@ -167,7 +189,8 @@ $APIS = [
"uid" => "numeric", "uid" => "numeric",
"username" => "string" "username" => "string"
] ]
] ],
"keytype" => "AUTH"
], ],
"getnotifications" => [ "getnotifications" => [
"load" => "getnotifications.php", "load" => "getnotifications.php",
@ -176,7 +199,8 @@ $APIS = [
"uid" => "numeric", "uid" => "numeric",
"username" => "string" "username" => "string"
] ]
] ],
"keytype" => "READ"
], ],
"readnotification" => [ "readnotification" => [
"load" => "readnotification.php", "load" => "readnotification.php",
@ -186,7 +210,8 @@ $APIS = [
"username" => "string" "username" => "string"
], ],
"id" => "numeric" "id" => "numeric"
] ],
"keytype" => "FULL"
], ],
"addnotification" => [ "addnotification" => [
"load" => "addnotification.php", "load" => "addnotification.php",
@ -200,7 +225,8 @@ $APIS = [
"timestamp (optional)" => "string", "timestamp (optional)" => "string",
"url (optional)" => "string", "url (optional)" => "string",
"sensitive (optional)" => "string" "sensitive (optional)" => "string"
] ],
"keytype" => "FULL"
], ],
"deletenotification" => [ "deletenotification" => [
"load" => "deletenotification.php", "load" => "deletenotification.php",
@ -210,19 +236,22 @@ $APIS = [
"username" => "string" "username" => "string"
], ],
"id" => "numeric" "id" => "numeric"
] ],
"keytype" => "FULL"
], ],
"getloginkey" => [ "getloginkey" => [
"load" => "getloginkey.php", "load" => "getloginkey.php",
"vars" => [ "vars" => [
"appname" => "string", "appname" => "string",
"appicon (optional)" => "string" "appicon (optional)" => "string"
] ],
"keytype" => "AUTH"
], ],
"checkloginkey" => [ "checkloginkey" => [
"load" => "checkloginkey.php", "load" => "checkloginkey.php",
"vars" => [ "vars" => [
"code" => "string" "code" => "string"
] ],
"keytype" => "AUTH"
] ]
]; ];

38
api/functions.php
View File

@ -121,3 +121,41 @@ function checkVars($vars, $or = false) {
} }
} }
} }
/**
* Check if the client API key is allowed to access API functions that require the
* specified API key type.
* @global type $VARS
* @global type $database
* @param string $type The required key type: "NONE", "AUTH", "READ", or "FULL"
* @return bool
*/
function checkkeytype(string $type): bool {
global $VARS, $database;
if (empty($VARS['key'])) {
return false;
} else {
$key = $VARS['key'];
$keytype = $database->get('apikeys', 'type', ['key' => $key]);
$allowedtypes = [];
switch ($type) {
case "NONE":
$allowedtypes = ["NONE", "AUTH", "READ", "FULL"];
break;
case "AUTH":
$allowedtypes = ["AUTH", "READ", "FULL"];
break;
case "READ":
$allowedtypes = ["READ", "FULL"];
break;
case "FULL":
$allowedtypes = ["FULL"];
}
if (!in_array($type, $allowedtypes)) {
http_response_code(403);
Log::insert(LogType::API_BAD_KEY, null, "Key: " . $key);
return false;
}
}
return true;
}

9
api/index.php
View File

@ -74,4 +74,13 @@ if (!empty($APIACTION["vars"])) {
checkVars($APIACTION["vars"]); checkVars($APIACTION["vars"]);
} }
// Assume we need full API access
if (empty($APIACTION["keytype"])) {
$APIACTION["keytype"] = "FULL";
}
if (!checkkeytype($APIACTION["keytype"])) {
die("403 Unauthorized");
}
require_once __DIR__ . "/actions/" . $APIACTION["load"]; require_once __DIR__ . "/actions/" . $APIACTION["load"];

BIN
database.mwb
View File

Binary file not shown.