From ffe3540565c0061eb8fa241d6a1ccd80808399ee Mon Sep 17 00:00:00 2001
From: Simon Vieille <simon@deblan.fr>
Date: Sun, 25 Jun 2017 23:06:24 +0200
Subject: [PATCH] API key

---
 app/config/config.yml.dist            |  3 +++
 src/Gist/Controller/ApiController.php | 10 +++++++---
 src/Gist/Controller/Controller.php    | 10 ++++++++--
 src/Gist/Controller/MyController.php  |  4 +++-
 4 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/app/config/config.yml.dist b/app/config/config.yml.dist
index b988285..c9845ec 100644
--- a/app/config/config.yml.dist
+++ b/app/config/config.yml.dist
@@ -7,7 +7,10 @@ security:
     login_required_to_view_embeded_gist: false
 api:
     enabled: true
+    api_key_required: false
     base_url: 'https://gist.deblan.org/'
+    client:
+        api_key: 
 data:
     path: data/git
 git:
diff --git a/src/Gist/Controller/ApiController.php b/src/Gist/Controller/ApiController.php
index a27ac1a..1d974dd 100644
--- a/src/Gist/Controller/ApiController.php
+++ b/src/Gist/Controller/ApiController.php
@@ -34,7 +34,7 @@ class ApiController extends Controller
             return new Response('', 403);
         }
 
-        if (false === $this->isValidApiKey($apiKey)) {
+        if (false === $this->isValidApiKey($apiKey, true)) {
             return $this->invalidApiKeyResponse();
         }
 
@@ -240,9 +240,13 @@ class ApiController extends Controller
         return new JsonResponse($data, 400);
     }
 
-    protected function isValidApiKey($apiKey)
+    protected function isValidApiKey($apiKey, $required = false)
     {
-        return !empty($apiKey) && UserQuery::create()
+        if (empty($apiKey)) {
+            return !$required;
+        }
+
+        return UserQuery::create()
             ->filterByApiKey($apiKey)
             ->count() === 1;
     }
diff --git a/src/Gist/Controller/Controller.php b/src/Gist/Controller/Controller.php
index c96d8d0..e166f39 100644
--- a/src/Gist/Controller/Controller.php
+++ b/src/Gist/Controller/Controller.php
@@ -13,7 +13,7 @@ use Symfony\Component\HttpFoundation\Response;
  *
  * @author Simon Vieille <simon@deblan.fr>
  */
-class Controller
+abstract class Controller
 {
     /**
      * @var Application
@@ -128,12 +128,18 @@ class Controller
     /**
      * Returns the connected user.
      *
+     * @param Request $request An API request
+     *
      * @return mixed
      */
-    public function getUser()
+    public function getUser(Request $request = null)
     {
         $app = $this->getApp();
 
+        if (!empty($request)) {
+
+        }
+
         $securityContext = $app['security.token_storage'];
         $securityToken = $securityContext->getToken();
 
diff --git a/src/Gist/Controller/MyController.php b/src/Gist/Controller/MyController.php
index 375bdd2..e54a76c 100644
--- a/src/Gist/Controller/MyController.php
+++ b/src/Gist/Controller/MyController.php
@@ -62,7 +62,9 @@ class MyController extends Controller
 
         if (empty($apiKey)) {
             $regenerateApiKey = true;
-        } elseif ($request->request->get('apiKey') === $apiKey && $request->request->has('generateApiKey')) {
+        } 
+        // FIXME: CSRF issue!.
+        elseif ($request->request->get('apiKey') === $apiKey && $request->request->has('generateApiKey')) {
             $regenerateApiKey = true;
         } else {
             $regenerateApiKey = false;