API key
This commit is contained in:
parent
80b3c0bbdb
commit
ffe3540565
|
|
@ -7,7 +7,10 @@ security:
|
||||||
login_required_to_view_embeded_gist: false
|
login_required_to_view_embeded_gist: false
|
||||||
api:
|
api:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
api_key_required: false
|
||||||
base_url: 'https://gist.deblan.org/'
|
base_url: 'https://gist.deblan.org/'
|
||||||
|
client:
|
||||||
|
api_key:
|
||||||
data:
|
data:
|
||||||
path: data/git
|
path: data/git
|
||||||
git:
|
git:
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,7 @@ class ApiController extends Controller
|
||||||
return new Response('', 403);
|
return new Response('', 403);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (false === $this->isValidApiKey($apiKey)) {
|
if (false === $this->isValidApiKey($apiKey, true)) {
|
||||||
return $this->invalidApiKeyResponse();
|
return $this->invalidApiKeyResponse();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -240,9 +240,13 @@ class ApiController extends Controller
|
||||||
return new JsonResponse($data, 400);
|
return new JsonResponse($data, 400);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function isValidApiKey($apiKey)
|
protected function isValidApiKey($apiKey, $required = false)
|
||||||
{
|
{
|
||||||
return !empty($apiKey) && UserQuery::create()
|
if (empty($apiKey)) {
|
||||||
|
return !$required;
|
||||||
|
}
|
||||||
|
|
||||||
|
return UserQuery::create()
|
||||||
->filterByApiKey($apiKey)
|
->filterByApiKey($apiKey)
|
||||||
->count() === 1;
|
->count() === 1;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,7 @@ use Symfony\Component\HttpFoundation\Response;
|
||||||
*
|
*
|
||||||
* @author Simon Vieille <simon@deblan.fr>
|
* @author Simon Vieille <simon@deblan.fr>
|
||||||
*/
|
*/
|
||||||
class Controller
|
abstract class Controller
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* @var Application
|
* @var Application
|
||||||
|
|
@ -128,12 +128,18 @@ class Controller
|
||||||
/**
|
/**
|
||||||
* Returns the connected user.
|
* Returns the connected user.
|
||||||
*
|
*
|
||||||
|
* @param Request $request An API request
|
||||||
|
*
|
||||||
* @return mixed
|
* @return mixed
|
||||||
*/
|
*/
|
||||||
public function getUser()
|
public function getUser(Request $request = null)
|
||||||
{
|
{
|
||||||
$app = $this->getApp();
|
$app = $this->getApp();
|
||||||
|
|
||||||
|
if (!empty($request)) {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
$securityContext = $app['security.token_storage'];
|
$securityContext = $app['security.token_storage'];
|
||||||
$securityToken = $securityContext->getToken();
|
$securityToken = $securityContext->getToken();
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -62,7 +62,9 @@ class MyController extends Controller
|
||||||
|
|
||||||
if (empty($apiKey)) {
|
if (empty($apiKey)) {
|
||||||
$regenerateApiKey = true;
|
$regenerateApiKey = true;
|
||||||
} elseif ($request->request->get('apiKey') === $apiKey && $request->request->has('generateApiKey')) {
|
}
|
||||||
|
// FIXME: CSRF issue!.
|
||||||
|
elseif ($request->request->get('apiKey') === $apiKey && $request->request->has('generateApiKey')) {
|
||||||
$regenerateApiKey = true;
|
$regenerateApiKey = true;
|
||||||
} else {
|
} else {
|
||||||
$regenerateApiKey = false;
|
$regenerateApiKey = false;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue