diff options
author | Chaoyi Zha <summermontreal@gmail.com> | 2016-02-20 03:13:50 +0300 |
---|---|---|
committer | Chaoyi Zha <summermontreal@gmail.com> | 2016-02-20 03:13:50 +0300 |
commit | d53c000a0bcf3f972b1716f841ea76a745b10418 (patch) | |
tree | e5e7aa83dc496547d853d6dfdc1ec8aaa7cb1b9e | |
parent | 370f59bf4b0edbb5873b709f082acd230751f6fe (diff) |
API auto key assign, anonymous API #141 #142
-rw-r--r-- | .env | 22 | ||||
-rw-r--r-- | .gitignore | 2 | ||||
-rw-r--r-- | app/Factories/UserFactory.php | 8 | ||||
-rw-r--r-- | app/Http/Controllers/AdminController.php | 11 | ||||
-rw-r--r-- | app/Http/Controllers/AjaxController.php | 2 | ||||
-rw-r--r-- | app/Http/Controllers/Api/ApiController.php | 30 | ||||
-rw-r--r-- | app/Http/Controllers/SetupController.php | 5 | ||||
-rw-r--r-- | app/Http/Controllers/UserController.php | 14 | ||||
-rw-r--r-- | database/migrations/2015_11_04_015823_create_users_table.php | 2 | ||||
-rw-r--r-- | public/css/admin.css | 4 | ||||
-rw-r--r-- | public/css/setup.css | 6 | ||||
-rw-r--r-- | public/js/shorten_result.js | 1 | ||||
-rw-r--r-- | resources/views/admin.blade.php | 24 | ||||
-rw-r--r-- | resources/views/env.blade.php | 5 | ||||
-rw-r--r-- | resources/views/layouts/base.blade.php | 10 | ||||
-rw-r--r-- | resources/views/setup.blade.php | 24 | ||||
-rw-r--r-- | resources/views/snippets/link_table.blade.php | 4 |
17 files changed, 125 insertions, 49 deletions
@@ -1,22 +0,0 @@ -APP_ENV=local -APP_DEBUG=true -APP_KEY=F8Lj#2v%!@$ku6FXrTBscBSs^O$VOvus - -APP_LOCALE=en -APP_FALLBACK_LOCALE=en - -# DB_CONNECTION=mysql -# DB_HOST=localhost -# DB_PORT=3306 -# DB_DATABASE=homestead -# DB_USERNAME=homestead -# DB_PASSWORD=secret - -CACHE_DRIVER=file -SESSION_DRIVER=file -QUEUE_DRIVER=file - -VERSION=2.0.0 Alpha 1 -VERSION_RELMONTH=January -VERSION_RELDAY=18 -VERSION_RELYEAR=2016 @@ -1,9 +1,7 @@ #/vendor bootstrap/cache/ storage/ -env.*.php env -.env.php .env .env.bak .env.example diff --git a/app/Factories/UserFactory.php b/app/Factories/UserFactory.php index 480c3c0..ae75a91 100644 --- a/app/Factories/UserFactory.php +++ b/app/Factories/UserFactory.php @@ -5,8 +5,8 @@ use Hash; use App\Models\User; use App\Helpers\CryptoHelper; -class UserFactory { - public static function createUser($username, $email, $password, $active=0, $ip='127.0.0.1') { +class UserFactory { + public static function createUser($username, $email, $password, $active=0, $ip='127.0.0.1', $api_key=false, $api_active=0) { $hashed_password = Hash::make($password); $recovery_key = CryptoHelper::generateRandomHex(50); @@ -17,6 +17,10 @@ class UserFactory { $user->recovery_key = $recovery_key; $user->active = $active; $user->ip = $ip; + + $user->api_key = $api_key; + $user->api_active = $api_active; + $user->save(); return $user; diff --git a/app/Http/Controllers/AdminController.php b/app/Http/Controllers/AdminController.php index 60c3d91..65cd2ac 100644 --- a/app/Http/Controllers/AdminController.php +++ b/app/Http/Controllers/AdminController.php @@ -29,6 +29,12 @@ class AdminController extends Controller { $admin_links = Link::paginate(15); } + $user = UserHelper::getUserByUsername($username); + + if (!$user) { + return redirect(route('index'))->with('error', 'Invalid or disabled account.'); + } + $user_links = Link::where('creator', $username) ->paginate(15); @@ -36,7 +42,10 @@ class AdminController extends Controller { 'role' => $role, 'admin_users' => $admin_users, 'admin_links' => $admin_links, - 'user_links' => $user_links + 'user_links' => $user_links, + 'api_key' => $user->api_key, + 'api_active' => $user->api_active, + 'api_quota' => $user->api_quota ]); } diff --git a/app/Http/Controllers/AjaxController.php b/app/Http/Controllers/AjaxController.php index 9f246c5..ecf7f44 100644 --- a/app/Http/Controllers/AjaxController.php +++ b/app/Http/Controllers/AjaxController.php @@ -63,7 +63,7 @@ class AjaxController extends Controller { abort(404, 'User not found.'); } - $new_api_key = CryptoHelper::generateRandomHex(15); + $new_api_key = CryptoHelper::generateRandomHex(env('_API_KEY_LENGTH')); $user->api_key = $new_api_key; $user->save(); diff --git a/app/Http/Controllers/Api/ApiController.php b/app/Http/Controllers/Api/ApiController.php index 6cf7600..dc42f34 100644 --- a/app/Http/Controllers/Api/ApiController.php +++ b/app/Http/Controllers/Api/ApiController.php @@ -10,16 +10,32 @@ use App\Helpers\ApiHelper; class ApiController extends Controller { protected static function getApiUserInfo(Request $request) { $api_key = $request->input('key'); - $user = User::where('active', 1) - ->where('api_key', $api_key) - ->where('api_active', 1) - ->first(); - if (!$user) { - abort(401, "Invalid authentication token."); + if (!$api_key) { + // no API key provided -- check whether anonymous API is on + if (env('SETTING_ANON_API') == 'on') { + $username = 'ANONIP-' . $request->ip(); + } + else { + abort(401, "Authentication token required."); + } + $user = (object) [ + 'username' => $username + ]; + } + else { + $user = User::where('active', 1) + ->where('api_key', $api_key) + ->where('api_active', 1) + ->first(); + + if (!$user) { + abort(401, "Invalid authentication token."); + } + $username = $user->username; } - $api_limit_reached = ApiHelper::checkUserApiQuota($user->username); + $api_limit_reached = ApiHelper::checkUserApiQuota($username); if ($api_limit_reached) { abort(403, "Quota exceeded."); diff --git a/app/Http/Controllers/SetupController.php b/app/Http/Controllers/SetupController.php index 048ddf8..8ab78f6 100644 --- a/app/Http/Controllers/SetupController.php +++ b/app/Http/Controllers/SetupController.php @@ -102,6 +102,9 @@ class SetupController extends Controller { $st_base = $request->input('setting:base'); + $st_auto_api_key = $request->input('setting:auto_api_key'); + $st_anon_api = $request->input('setting:anon_api'); + $mail_host = $request->input('app:smtp_server'); $mail_port = $request->input('app:smtp_port'); $mail_username = $request->input('app:smtp_username'); @@ -147,6 +150,8 @@ class SetupController extends Controller { 'MAIL_FROM_NAME' => $mail_from_name, 'ST_BASE' => $st_base, + 'ST_AUTO_API' => $st_auto_api_key, + 'ST_ANON_API' => $st_anon_api ])->render(); $handle = fopen('../.env', 'w'); diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php index 795b325..4a5e15a 100644 --- a/app/Http/Controllers/UserController.php +++ b/app/Http/Controllers/UserController.php @@ -3,7 +3,10 @@ namespace App\Http\Controllers; use Mail; use App\Models\User; use Illuminate\Http\Request; + +use App\Helpers\CryptoHelper; use App\Helpers\UserHelper; + use App\Factories\UserFactory; class UserController extends Controller { @@ -91,8 +94,17 @@ class UserController extends Controller { $response = redirect(route('login'))->with('success', 'Thanks for signing up! Please confirm your email to continue..'); $active = 0; } - $user = UserFactory::createUser($username, $email, $password, $active, $ip); + $api_active = false; + $api_key = null; + if (env('SETTING_AUTO_API') == 'on') { + // if automatic API key assignment is on + $api_active = 1; + $api_key = CryptoHelper::generateRandomHex(env('_API_KEY_LENGTH')); + } + + + $user = UserFactory::createUser($username, $email, $password, $active, $ip, $api_key, $api_active); return $response; } diff --git a/database/migrations/2015_11_04_015823_create_users_table.php b/database/migrations/2015_11_04_015823_create_users_table.php index 61d7ce4..285016d 100644 --- a/database/migrations/2015_11_04_015823_create_users_table.php +++ b/database/migrations/2015_11_04_015823_create_users_table.php @@ -26,7 +26,7 @@ class CreateUsersTable extends Migration $table->string('role'); $table->string('active'); - $table->string('api_key'); + $table->string('api_key')->nullable(); $table->boolean('api_active')->default(0); $table->string('api_quota')->default(60); diff --git a/public/css/admin.css b/public/css/admin.css index 220e085..a6cd537 100644 --- a/public/css/admin.css +++ b/public/css/admin.css @@ -18,3 +18,7 @@ .hidden-metadata { display: none; } + +.api-quota { + display: inline; +} diff --git a/public/css/setup.css b/public/css/setup.css index c4dc5c5..b6119ba 100644 --- a/public/css/setup.css +++ b/public/css/setup.css @@ -15,7 +15,7 @@ } body { - background-size: 100%; + background-size: 100% 100%; background-attachment: fixed; background-position: center; background-repeat: no-repeat; @@ -61,6 +61,10 @@ body { color: grey; } +.footer-well { + margin-top: 30px; +} + h4, p { margin-top: 20px; } diff --git a/public/js/shorten_result.js b/public/js/shorten_result.js index 9e3150b..5c6f4a3 100644 --- a/public/js/shorten_result.js +++ b/public/js/shorten_result.js @@ -8,6 +8,7 @@ $('.result-box').click(select_text); $('.result-box').change(function () { $(this).val(original_link); }); + $(function () { original_link = $('.result-box').val(); select_text(); diff --git a/resources/views/admin.blade.php b/resources/views/admin.blade.php index 085a34f..99d3b42 100644 --- a/resources/views/admin.blade.php +++ b/resources/views/admin.blade.php @@ -14,6 +14,10 @@ @if ($role == 'admin') <li role='presentation' class='admin-nav-item'><a href='#admin'>Admin</a></li> @endif + + @if ($api_active == 1) + <li role='presentation' class='admin-nav-item'><a href='#developer'>Developer</a></li> + @endif </ul> </div> <div class='col-md-9'> @@ -61,8 +65,28 @@ </div> @endif + + @if ($api_active == 1) + <div role="tabpanel" class="tab-pane" id="developer"> + <h3>Developer</h3> + + <p>API keys and documentation for developers.</p> + <p> + Documentation: + <a href='http://docs.polr.me/en/latest/developer-guide/api/'>http://docs.polr.me/en/latest/developer-guide/api/</a> + </p> + + <h4>API Key: </h4> + <input class='form-control' disabled type='text' value='{{$api_key}}'> + + <h4>API Quota: </h4> + <h2 class='api-quota'><code>{{$api_quota}}</code></h2> + <span> requests per minute</span> + </div> + @endif </div> </div> +</div> @endsection diff --git a/resources/views/env.blade.php b/resources/views/env.blade.php index 4e5ae54..0f84196 100644 --- a/resources/views/env.blade.php +++ b/resources/views/env.blade.php @@ -51,6 +51,9 @@ SETTING_SHORTEN_PERMISSION={{$ST_SHORTEN_PERMISSION}} SETTING_INDEX_REDIRECT={{$ST_INDEX_REDIRECT}} SETTING_PASSWORD_RECOV={{$ST_PASSWORD_RECOV}} +SETTING_AUTO_API={{$ST_AUTO_API}} +SETTING_ANON_API={{$ST_ANON_API}} + @if($MAIL_ENABLED) MAIL_DRIVER=smtp # e.g mailtrap.io @@ -71,6 +74,8 @@ CACHE_DRIVER=file SESSION_DRIVER=file QUEUE_DRIVER=database +_API_KEY_LENGTH=15 + # FILESYSTEM_DRIVER=local # FILESYSTEM_CLOUD=s3 diff --git a/resources/views/layouts/base.blade.php b/resources/views/layouts/base.blade.php index a87b175..123b088 100644 --- a/resources/views/layouts/base.blade.php +++ b/resources/views/layouts/base.blade.php @@ -38,11 +38,6 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. <link href="/css/font-awesome.min.css" rel="stylesheet"> <link rel="shortcut icon" href="favicon.ico"> - - {{-- Load header JavaScript --}} - <script src='/js/constants.js'></script> - <script src="/js/jquery-1.11.3.min.js"></script> - <script src="/js/bootstrap.min.js"></script> @yield('css') </head> <body> @@ -53,6 +48,11 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. </div> </div> + {{-- Load header JavaScript --}} + <script src='/js/constants.js'></script> + <script src="/js/jquery-1.11.3.min.js"></script> + <script src="/js/bootstrap.min.js"></script> + <script src='/js/toastr.min.js'></script> <script src='/js/base.js'></script> <script> diff --git a/resources/views/setup.blade.php b/resources/views/setup.blade.php index a027338..6620fcd 100644 --- a/resources/views/setup.blade.php +++ b/resources/views/setup.blade.php @@ -106,6 +106,20 @@ Setup <p>SMTP From Name:</p> <input type='text' class='form-control' name='app:smtp_from_name' placeholder='noreply'> + <h4>API Settings</h4> + + <p>Anonymous API:</p> + <select name='setting:anon_api' class='form-control'> + <option selected value='off'>Off -- only registered users can use API</option> + <option value='on'>On -- empty key API requests are allowed</option> + </select> + + <p>Automatic API Assignment:</p> + <select name='setting:auto_api_key' class='form-control'> + <option selected value='off'>Off -- admins must manually enable API for each user</option> + <option value='on'>On -- each user receives an API key</option> + </select> + <h4>Other Settings</h4> <p>Registration:</p> @@ -124,8 +138,8 @@ Setup Please ensure SMTP is properly set up before enabling password recovery. </p> - <p>Path relative to root (leave blank if /, if http://site.com/polr, then write /polr/):</p> - <input type='text' class='form-control' name='path' placeholder='/polr/' value=''> + {{-- <p>Path relative to root (leave blank if /, if http://site.com/polr, then write /polr/):</p> + <input type='text' class='form-control' name='path' placeholder='/polr/' value=''> --}} <p>Theme (click <a href='https://github.com/cydrobolt/polr/wiki/Themes-Screenshots'>here</a> for screenshots:</p> <select name='app:stylesheet' class='form-control'> @@ -160,13 +174,13 @@ Setup <div> Polr Version {{env('VERSION')}} released {{env('VERSION_RELMONTH')}} {{env('VERSION_RELDAY')}}, {{env('VERSION_RELYEAR')}} - - <a href='//github.com/cydrobolt/polr'>Github</a></div></div><br /> + <a href='//github.com/cydrobolt/polr'>Github</a> - <span style='font-weight:bold;'> + <div class='footer-well'> © Copyright {{env('VERSION_RELYEAR')}} <a class='footer-link' href='//cydrobolt.com'>Chaoyi Zha</a> & <a class='footer-link' href='//github.com/Cydrobolt/polr/graphs/contributors'>Other Polr Contributors</a> - </span> + </div> </div> </div> diff --git a/resources/views/snippets/link_table.blade.php b/resources/views/snippets/link_table.blade.php index e941031..171a013 100644 --- a/resources/views/snippets/link_table.blade.php +++ b/resources/views/snippets/link_table.blade.php @@ -6,6 +6,7 @@ <th>Date</th> <th>Secret</th> @if ($role == 'admin') + <th>Creator</th> <th>Disable</th> @endif @@ -18,8 +19,9 @@ <td>{{$link->clicks}}</td> <td>{{$link->created_at}}</td> <td>{{isset($link->secret_key)}}</td> - @if ($role == 'admin') + @if ($role == 'admin') + <td>{{$link->creator}}</td> <td> <a data-link-ending='{{$link->short_url}}' class='btn btn-sm @if($link->is_disabled) btn-success @else btn-danger @endif toggle-link'> @if ($link->is_disabled) |