API key

2017-06-25 23:06:24 +02:00 · 2017-06-25 23:06:24 +02:00 · ffe3540565
parent 80b3c0bbdb
commit ffe3540565
4 changed files with 21 additions and 6 deletions
--- a/app/config/config.yml.dist
+++ b/app/config/config.yml.dist
@ -7,7 +7,10 @@ security:
    login_required_to_view_embeded_gist: false
 api:
    enabled: true
+    api_key_required: false
    base_url: 'https://gist.deblan.org/'
+    client:
+        api_key: 
 data:
    path: data/git
 git:
--- a/src/Gist/Controller/ApiController.php
+++ b/src/Gist/Controller/ApiController.php
@ -34,7 +34,7 @@ class ApiController extends Controller
            return new Response('', 403);
        }

-        if (false === $this->isValidApiKey($apiKey)) {
+        if (false === $this->isValidApiKey($apiKey, true)) {
            return $this->invalidApiKeyResponse();
        }

@ -240,9 +240,13 @@ class ApiController extends Controller
        return new JsonResponse($data, 400);
    }

-    protected function isValidApiKey($apiKey)
+    protected function isValidApiKey($apiKey, $required = false)
    {
-        return !empty($apiKey) && UserQuery::create()
+        if (empty($apiKey)) {
+            return !$required;
+        }
+
+        return UserQuery::create()
            ->filterByApiKey($apiKey)
            ->count() === 1;
    }
--- a/src/Gist/Controller/Controller.php
+++ b/src/Gist/Controller/Controller.php
@ -13,7 +13,7 @@ use Symfony\Component\HttpFoundation\Response;
 *
 * @author Simon Vieille <simon@deblan.fr>
 */
-class Controller
+abstract class Controller
 {
    /**
     * @var Application
@ -128,12 +128,18 @@ class Controller
    /**
     * Returns the connected user.
     *
+     * @param Request $request An API request
+     *
     * @return mixed
     */
-    public function getUser()
+    public function getUser(Request $request = null)
    {
        $app = $this->getApp();

+        if (!empty($request)) {
+
+        }
+
        $securityContext = $app['security.token_storage'];
        $securityToken = $securityContext->getToken();

--- a/src/Gist/Controller/MyController.php
+++ b/src/Gist/Controller/MyController.php
@ -62,7 +62,9 @@ class MyController extends Controller

        if (empty($apiKey)) {
            $regenerateApiKey = true;
-        } elseif ($request->request->get('apiKey') === $apiKey && $request->request->has('generateApiKey')) {
+        } 
+        // FIXME: CSRF issue!.
+        elseif ($request->request->get('apiKey') === $apiKey && $request->request->has('generateApiKey')) {
            $regenerateApiKey = true;
        } else {
            $regenerateApiKey = false;