diff options
author | Chaoyi Zha <summermontreal@gmail.com> | 2017-04-08 01:30:03 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-04-08 01:30:03 +0300 |
commit | 4286d209d5bd459275a0e4ab8bf706b3ee1da890 (patch) | |
tree | 8f3ffc944768c1f1e00304f4f008c371f09d9947 | |
parent | 4ed599f1f18b33f2486b6bdf3a9d1379bf9838ed (diff) | |
parent | e17aeff740509cf27008bc2b88fb34b248b7bad5 (diff) |
Merge pull request #320 from cydrobolt/api_fixes_quota
API bugfixes & add anonymous API quota setting
-rw-r--r-- | app/Helpers/ApiHelper.php | 5 | ||||
-rw-r--r-- | app/Http/Controllers/Api/ApiAnalyticsController.php | 4 | ||||
-rw-r--r-- | app/Http/Controllers/SetupController.php | 2 | ||||
-rw-r--r-- | app/Http/Middleware/ApiMiddleware.php | 6 | ||||
-rw-r--r-- | public/css/admin.css | 1 | ||||
-rw-r--r-- | public/js/SetupCtrl.js | 10 | ||||
-rw-r--r-- | resources/views/env.blade.php | 3 | ||||
-rw-r--r-- | resources/views/setup.blade.php | 29 |
8 files changed, 41 insertions, 19 deletions
diff --git a/app/Helpers/ApiHelper.php b/app/Helpers/ApiHelper.php index 91c1238..5f629f8 100644 --- a/app/Helpers/ApiHelper.php +++ b/app/Helpers/ApiHelper.php @@ -20,10 +20,7 @@ class ApiHelper { $api_quota = $user->api_quota; } else { - // TODO add option to change default quota for anonymous - // API users - - $api_quota = 5; + $api_quota = env('SETTING_ANON_API_QUOTA') ?: 5; } $links_last_minute = Link::where('is_api', 1) diff --git a/app/Http/Controllers/Api/ApiAnalyticsController.php b/app/Http/Controllers/Api/ApiAnalyticsController.php index c1bc5ad..4c7a1e4 100644 --- a/app/Http/Controllers/Api/ApiAnalyticsController.php +++ b/app/Http/Controllers/Api/ApiAnalyticsController.php @@ -12,6 +12,10 @@ class ApiAnalyticsController extends ApiController { $user = $request->user; $response_type = $request->input('response_type') ?: 'json'; + if ($user->anonymous) { + throw new ApiException('AUTH_ERROR', 'Anonymous access of this API is not permitted.', 401, $response_type); + } + if ($response_type != 'json') { throw new ApiException('JSON_ONLY', 'Only JSON-encoded data is available for this endpoint.', 401, $response_type); } diff --git a/app/Http/Controllers/SetupController.php b/app/Http/Controllers/SetupController.php index 12a898b..8234c3f 100644 --- a/app/Http/Controllers/SetupController.php +++ b/app/Http/Controllers/SetupController.php @@ -118,6 +118,7 @@ class SetupController extends Controller { $st_base = $request->input('setting:base'); $st_auto_api_key = $request->input('setting:auto_api_key'); $st_anon_api = $request->input('setting:anon_api'); + $st_anon_api_quota = $request->input('setting:anon_api_quota'); $st_pseudor_ending = $request->input('setting:pseudor_ending'); $st_adv_analytics = $request->input('setting:adv_analytics'); @@ -171,6 +172,7 @@ class SetupController extends Controller { 'ST_BASE' => $st_base, 'ST_AUTO_API' => $st_auto_api_key, 'ST_ANON_API' => $st_anon_api, + 'ST_ANON_API_QUOTA' => $st_anon_api_quota, 'ST_PSEUDOR_ENDING' => $st_pseudor_ending, 'ST_ADV_ANALYTICS' => $st_adv_analytics, diff --git a/app/Http/Middleware/ApiMiddleware.php b/app/Http/Middleware/ApiMiddleware.php index bbab80c..4582989 100644 --- a/app/Http/Middleware/ApiMiddleware.php +++ b/app/Http/Middleware/ApiMiddleware.php @@ -23,7 +23,8 @@ class ApiMiddleware { throw new ApiException('AUTH_ERROR', 'Authentication token required.', 401, $response_type); } $user = (object) [ - 'username' => $username + 'username' => $username, + 'anonymous' => true ]; } else { @@ -33,9 +34,10 @@ class ApiMiddleware { ->first(); if (!$user) { - throw new ApiException('AUTH_ERROR', 'Authentication token required.', 401, $response_type); + throw new ApiException('AUTH_ERROR', 'Authentication token invalid.', 401, $response_type); } $username = $user->username; + $user->anonymous = false; } $api_limit_reached = ApiHelper::checkUserApiQuota($username); diff --git a/public/css/admin.css b/public/css/admin.css index f33a96d..b718f20 100644 --- a/public/css/admin.css +++ b/public/css/admin.css @@ -38,6 +38,7 @@ input.api-quota { width: 9em; font-size: .85em; height: .85em; + padding-left: 0.8em; } .wrap-text { diff --git a/public/js/SetupCtrl.js b/public/js/SetupCtrl.js index ed6c8a2..c5fced4 100644 --- a/public/js/SetupCtrl.js +++ b/public/js/SetupCtrl.js @@ -1,3 +1,13 @@ +polr.directive('setupTooltip', function() { + return { + scope: { + content: '@', + }, + replace: true, + template: '<button data-content="{{ content }}" type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button>' + } +}) + polr.controller('SetupCtrl', function($scope) { $scope.init = function () { $('[data-toggle="popover"]').popover({ diff --git a/resources/views/env.blade.php b/resources/views/env.blade.php index 971df5d..7bfd358 100644 --- a/resources/views/env.blade.php +++ b/resources/views/env.blade.php @@ -71,6 +71,9 @@ SETTING_AUTO_API={{$ST_AUTO_API}} # Set to true to allow anonymous API access SETTING_ANON_API={{$ST_ANON_API}} +# Set the anonymous API quota per IP +SETTING_ANON_API_QUOTA={{$ST_ANON_API_QUOTA}} + # Set to true to use pseudorandom strings rather than using a counter by default SETTING_PSEUDORANDOM_ENDING={{$ST_PSEUDOR_ENDING}} diff --git a/resources/views/setup.blade.php b/resources/views/setup.blade.php index 264811a..c94ec85 100644 --- a/resources/views/setup.blade.php +++ b/resources/views/setup.blade.php @@ -39,7 +39,7 @@ Setup <p> Database Name: - <button data-content="Name of existing database. You must create the Polr database manually." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button> + <setup-tooltip content="Name of existing database. You must create the Polr database manually."></setup-tooltip> </p> <input type='text' class='form-control' name='db:name' value='polr'> @@ -85,7 +85,7 @@ Setup <p> Redirect URL: - <button data-content="Required if you wish to redirect the index page or 404s to a different website. To use Polr, login by directly heading to yoursite.com/login first." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button> + <setup-tooltip content="Required if you wish to redirect the index page or 404s to a different website. To use Polr, login by directly heading to yoursite.com/login first."></setup-tooltip> </p> <input type='text' class='form-control' name='setting:index_redirect' placeholder='http://your-main-site.com'> <p class='text-muted'> @@ -96,7 +96,7 @@ Setup <p> Default URL Ending Type: - <button data-content="If you choose to use pseudorandom strings, you will not have the option to use a counter-based ending." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button> + <setup-tooltip content="If you choose to use pseudorandom strings, you will not have the option to use a counter-based ending."></setup-tooltip> </p> <select name='setting:pseudor_ending' class='form-control'> <option value='false' selected='selected'>Use base62 or base32 counter (shorter but more predictable, e.g 5a)</option> @@ -105,7 +105,7 @@ Setup <p> URL Ending Base: - <button data-content="This will have no effect if you choose to use pseudorandom endings." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button> + <setup-tooltip content="This will have no effect if you choose to use pseudorandom endings."></setup-tooltip> </p> <select name='setting:base' class='form-control'> <option value='32' selected='selected'>32 -- lowercase letters & numbers (default)</option> @@ -114,7 +114,7 @@ Setup <h4> Admin Account Settings - <button data-content="These credentials will be used for your admin account in Polr." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button> + <setup-tooltip content="These credentials will be used for your admin account in Polr."></setup-tooltip> </h4> <p>Admin Username:</p> @@ -128,7 +128,7 @@ Setup <h4> SMTP Settings - <button data-content="Required only if the email verification or password recovery features are enabled." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button> + <setup-tooltip content="Required only if the email verification or password recovery features are enabled."></setup-tooltip> </h4> <p>SMTP Server:</p> @@ -156,6 +156,12 @@ Setup <option value='true'>On -- empty key API requests are allowed</option> </select> + <p> + Anonymous API Quota: + <setup-tooltip content="API quota for non-authenticated users per minute per IP."></setup-tooltip> + </p> + <input type='text' class='form-control' name='setting:anon_api_quota' placeholder='10'> + <p>Automatic API Assignment:</p> <select name='setting:auto_api_key' class='form-control'> <option selected value='false'>Off -- admins must manually enable API for each user</option> @@ -166,7 +172,7 @@ Setup <p> Registration: - <button data-content="Enabling registration allows any user to create an account." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button> + <setup-tooltip content="Enabling registration allows any user to create an account."></setup-tooltip> </p> <select name='setting:registration_permission' class='form-control'> <option value='none'>Registration disabled</option> @@ -176,7 +182,7 @@ Setup <p> Restrict Registration Email Domains: - <button data-content="Restrict registration to certain email domains." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button> + <setup-tooltip content="Restrict registration to certain email domains."></setup-tooltip> </p> <select name='setting:restrict_email_domain' class='form-control'> <option value='false'>Allow any email domain to register</option> @@ -185,13 +191,13 @@ Setup <p> Permitted Email Domains: - <button data-content="A comma-separated list of emails permitted to register." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button> + <setup-tooltip content="A comma-separated list of emails permitted to register."></setup-tooltip> </p> <input type='text' class='form-control' name='setting:allowed_email_domains' placeholder='company.com,company-corp.com'> <p> Password Recovery: - <button data-content="Password recovery allows users to reset their password through email." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button> + <setup-tooltip content="Password recovery allows users to reset their password through email."></setup-tooltip> </p> <select name='setting:password_recovery' class='form-control'> <option value='false'>Password recovery disabled</option> @@ -201,9 +207,6 @@ Setup Please ensure SMTP is properly set up before enabling password recovery. </p> - {{-- <p>Path relative to root (leave blank if /, if http://site.com/polr, then write /polr/):</p> - <input type='text' class='form-control' name='path' placeholder='/polr/' value=''> --}} - <p>Theme (<a href='https://github.com/cydrobolt/polr/wiki/Themes-Screenshots'>screenshots</a>):</p> <select name='app:stylesheet' class='form-control'> <option value=''>Modern (default)</option> |