mirror of
https://github.com/FH-Complete/FHC-Core.git
synced 2026-06-02 04:39:28 +00:00
Paminger
317 lines
8.6 KiB
PHP
317 lines
8.6 KiB
PHP
<?php
|
|
|
|
if (! defined('BASEPATH'))
|
|
exit('No direct script access allowed');
|
|
|
|
// This can be removed if you use __autoload() in config.php OR use Modular Extensions
|
|
require APPPATH.'/libraries/REST_Controller.php';
|
|
|
|
/**
|
|
* Keys Controller
|
|
* This is a basic Key Management REST controller to make and delete keys
|
|
*
|
|
* @package CodeIgniter
|
|
* @subpackage Rest Server
|
|
* @category Controller
|
|
* @author Phil Sturgeon, Chris Kacerguis
|
|
* @license MIT
|
|
* @link https://github.com/chriskacerguis/codeigniter-restserver
|
|
*/
|
|
class APIKey extends REST_Controller
|
|
{
|
|
protected $methods = [
|
|
'index_put' => ['level' => 10, 'limit' => 10],
|
|
'index_delete' => ['level' => 10],
|
|
'level_post' => ['level' => 10],
|
|
'regenerate_post' => ['level' => 10],
|
|
];
|
|
|
|
/**
|
|
* Insert a key into the database
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
public function index_put()
|
|
{
|
|
// Build a new key
|
|
$key = $this->__generateKey();
|
|
|
|
// If no key level provided, provide a generic key
|
|
$level = $this->put('level') ? $this->put('level') : 1;
|
|
$ignore_limits = ctype_digit($this->put('ignore_limits')) ? (int)$this->put('ignore_limits') : 1;
|
|
|
|
// Insert the new key
|
|
if ($this->_insert_key($key, ['level' => $level, 'ignore_limits' => $ignore_limits]))
|
|
{
|
|
$this->response([
|
|
'status' => true,
|
|
'key' => $key
|
|
], REST_Controller::HTTP_CREATED); // CREATED (201) being the HTTP response code
|
|
}
|
|
else
|
|
{
|
|
$this->response([
|
|
'status' => false,
|
|
'message' => 'Could not save the key'
|
|
], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Remove a key from the database to stop it working
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
public function index_delete()
|
|
{
|
|
$key = $this->delete('key');
|
|
|
|
// Does this key exist?
|
|
if (!$this->_key_exists($key))
|
|
{
|
|
// It doesn't appear the key exists
|
|
$this->response([
|
|
'status' => false,
|
|
'message' => 'Invalid API key'
|
|
], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
|
|
}
|
|
|
|
// Destroy it
|
|
$this->_delete_key($key);
|
|
|
|
// Respond that the key was destroyed
|
|
$this->response([
|
|
'status' => true,
|
|
'message' => 'API key was deleted'
|
|
], REST_Controller::HTTP_NO_CONTENT); // NO_CONTENT (204) being the HTTP response code
|
|
}
|
|
|
|
/**
|
|
* Change the level
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
public function level_post()
|
|
{
|
|
$key = $this->post('key');
|
|
$new_level = $this->post('level');
|
|
|
|
// Does this key exist?
|
|
if (!$this->_key_exists($key))
|
|
{
|
|
// It doesn't appear the key exists
|
|
$this->response([
|
|
'status' => false,
|
|
'message' => 'Invalid API key'
|
|
], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
|
|
}
|
|
|
|
// Update the key level
|
|
if ($this->_update_key($key, ['level' => $new_level]))
|
|
{
|
|
$this->response([
|
|
'status' => true,
|
|
'message' => 'API key was updated'
|
|
], REST_Controller::HTTP_OK); // OK (200) being the HTTP response code
|
|
}
|
|
else
|
|
{
|
|
$this->response([
|
|
'status' => false,
|
|
'message' => 'Could not update the key level'
|
|
], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Suspend a key
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
public function suspend_post()
|
|
{
|
|
$key = $this->post('key');
|
|
|
|
// Does this key exist?
|
|
if (!$this->_key_exists($key))
|
|
{
|
|
// It doesn't appear the key exists
|
|
$this->response([
|
|
'status' => false,
|
|
'message' => 'Invalid API key'
|
|
], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
|
|
}
|
|
|
|
// Update the key level
|
|
if ($this->_update_key($key, ['level' => 0]))
|
|
{
|
|
$this->response([
|
|
'status' => true,
|
|
'message' => 'Key was suspended'
|
|
], REST_Controller::HTTP_OK); // OK (200) being the HTTP response code
|
|
}
|
|
else
|
|
{
|
|
$this->response([
|
|
'status' => false,
|
|
'message' => 'Could not suspend the user'
|
|
], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Regenerate a key
|
|
*
|
|
* @access public
|
|
* @return void
|
|
*/
|
|
public function regenerate_post()
|
|
{
|
|
$old_key = $this->post('key');
|
|
$key_details = $this->__getKey($old_key);
|
|
|
|
// Does this key exist?
|
|
if (!$key_details)
|
|
{
|
|
// It doesn't appear the key exists
|
|
$this->response([
|
|
'status' => false,
|
|
'message' => 'Invalid API key'
|
|
], REST_Controller::HTTP_BAD_REQUEST); // BAD_REQUEST (400) being the HTTP response code
|
|
}
|
|
|
|
// Build a new key
|
|
$new_key = $this->__generateKey();
|
|
|
|
// Insert the new key
|
|
if ($this->_insert_key($new_key, ['level' => $key_details->level, 'ignore_limits' => $key_details->ignore_limits]))
|
|
{
|
|
// Suspend old key
|
|
$this->_update_key($old_key, ['level' => 0]);
|
|
|
|
$this->response([
|
|
'status' => true,
|
|
'key' => $new_key
|
|
], REST_Controller::HTTP_CREATED); // CREATED (201) being the HTTP response code
|
|
}
|
|
else
|
|
{
|
|
$this->response([
|
|
'status' => false,
|
|
'message' => 'Could not save the key'
|
|
], REST_Controller::HTTP_INTERNAL_SERVER_ERROR); // INTERNAL_SERVER_ERROR (500) being the HTTP response code
|
|
}
|
|
}
|
|
|
|
/* Helper Methods */
|
|
|
|
/**
|
|
* Generate a key
|
|
*
|
|
* @access private
|
|
* @return void
|
|
*/
|
|
private function __generateKey()
|
|
{
|
|
do
|
|
{
|
|
// Generate a random salt
|
|
$salt = base_convert(bin2hex($this->security->get_random_bytes(64)), 16, 36);
|
|
|
|
// If an error occurred, then fall back to the previous method
|
|
if ($salt === false)
|
|
{
|
|
$salt = hash('sha256', time().mt_rand());
|
|
}
|
|
|
|
$new_key = substr($salt, 0, config_item('rest_key_length'));
|
|
}
|
|
while ($this->_key_exists($new_key));
|
|
|
|
return $new_key;
|
|
}
|
|
|
|
/* Private Data Methods */
|
|
|
|
/**
|
|
* Get a key
|
|
*
|
|
* @access private
|
|
* @param string $key The API-Key.
|
|
* @return array
|
|
*/
|
|
private function __getKey($key)
|
|
{
|
|
return $this->db
|
|
->where(config_item('rest_key_column'), $key)
|
|
->get(config_item('rest_keys_table'))
|
|
->row();
|
|
}
|
|
|
|
/**
|
|
* Check if key exists
|
|
*
|
|
* @access private
|
|
* @param string $key The API-Key.
|
|
* @return bool
|
|
*/
|
|
private function _key_exists($key)
|
|
{
|
|
return $this->db
|
|
->where(config_item('rest_key_column'), $key)
|
|
->count_all_results(config_item('rest_keys_table')) > 0;
|
|
}
|
|
|
|
/**
|
|
* Insert a key
|
|
*
|
|
* @access private
|
|
* @param string $key The API-Key.
|
|
* @param array $data The API-Key-Data.
|
|
* @return bool
|
|
*/
|
|
private function _insert_key($key, $data)
|
|
{
|
|
$data[config_item('rest_key_column')] = $key;
|
|
$data['date_created'] = function_exists('now') ? now() : time();
|
|
|
|
return $this->db
|
|
->set($data)
|
|
->insert(config_item('rest_keys_table'));
|
|
}
|
|
|
|
/**
|
|
* Update a key
|
|
*
|
|
* @access private
|
|
* @param string $key The API-Key.
|
|
* @param array $data The API-Key-Data.
|
|
* @return bool
|
|
*/
|
|
private function _update_key($key, $data)
|
|
{
|
|
return $this->db
|
|
->where(config_item('rest_key_column'), $key)
|
|
->update(config_item('rest_keys_table'), $data);
|
|
}
|
|
|
|
/**
|
|
* Delete a key
|
|
*
|
|
* @access private
|
|
* @param string $key The API-Key.
|
|
* @return bool
|
|
*/
|
|
private function _delete_key($key)
|
|
{
|
|
return $this->db
|
|
->where(config_item('rest_key_column'), $key)
|
|
->delete(config_item('rest_keys_table'));
|
|
}
|
|
|
|
}
|