API auto key assign, anonymous API #141 #142

author: Chaoyi Zha <summermontreal@gmail.com> 2016-02-20 03:13:50 +0300
committer: Chaoyi Zha <summermontreal@gmail.com> 2016-02-20 03:13:50 +0300
commit: d53c000a0bcf3f972b1716f841ea76a745b10418 (patch)
tree: e5e7aa83dc496547d853d6dfdc1ec8aaa7cb1b9e
parent: 370f59bf4b0edbb5873b709f082acd230751f6fe (diff)
17 files changed, 125 insertions, 49 deletions
diff --git a/.env b/.env
deleted file mode 100644
index bb73053..0000000
--- a/.env
+++ /dev/null
@@ -1,22 +0,0 @@
-APP_ENV=local
-APP_DEBUG=true
-APP_KEY=F8Lj#2v%!@$ku6FXrTBscBSs^O$VOvus
-
-APP_LOCALE=en
-APP_FALLBACK_LOCALE=en
-
-# DB_CONNECTION=mysql
-# DB_HOST=localhost
-# DB_PORT=3306
-# DB_DATABASE=homestead
-# DB_USERNAME=homestead
-# DB_PASSWORD=secret
-
-CACHE_DRIVER=file
-SESSION_DRIVER=file
-QUEUE_DRIVER=file
-
-VERSION=2.0.0 Alpha 1
-VERSION_RELMONTH=January
-VERSION_RELDAY=18
-VERSION_RELYEAR=2016
diff --git a/.gitignore b/.gitignore
index ab95405..e7cac24 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,9 +1,7 @@
 #/vendor
 bootstrap/cache/
 storage/
-env.*.php
 env
-.env.php
 .env
 .env.bak
 .env.example
diff --git a/app/Factories/UserFactory.php b/app/Factories/UserFactory.php
index 480c3c0..ae75a91 100644
--- a/app/Factories/UserFactory.php
+++ b/app/Factories/UserFactory.php
@@ -5,8 +5,8 @@ use Hash;
 use App\Models\User;
 use App\Helpers\CryptoHelper;
 
-class UserFactory {    
-    public static function createUser($username, $email, $password, $active=0, $ip='127.0.0.1') {
+class UserFactory {
+    public static function createUser($username, $email, $password, $active=0, $ip='127.0.0.1', $api_key=false, $api_active=0) {
         $hashed_password = Hash::make($password);
 
         $recovery_key = CryptoHelper::generateRandomHex(50);
@@ -17,6 +17,10 @@ class UserFactory {
         $user->recovery_key = $recovery_key;
         $user->active = $active;
         $user->ip = $ip;
+
+        $user->api_key = $api_key;
+        $user->api_active = $api_active;
+
         $user->save();
 
         return $user;
diff --git a/app/Http/Controllers/AdminController.php b/app/Http/Controllers/AdminController.php
index 60c3d91..65cd2ac 100644
--- a/app/Http/Controllers/AdminController.php
+++ b/app/Http/Controllers/AdminController.php
@@ -29,6 +29,12 @@ class AdminController extends Controller {
             $admin_links = Link::paginate(15);
         }
 
+        $user = UserHelper::getUserByUsername($username);
+
+        if (!$user) {
+            return redirect(route('index'))->with('error', 'Invalid or disabled account.');
+        }
+
         $user_links = Link::where('creator', $username)
             ->paginate(15);
 
@@ -36,7 +42,10 @@ class AdminController extends Controller {
             'role' => $role,
             'admin_users' => $admin_users,
             'admin_links' => $admin_links,
-            'user_links' => $user_links
+            'user_links' => $user_links,
+            'api_key' => $user->api_key,
+            'api_active' => $user->api_active,
+            'api_quota' => $user->api_quota
         ]);
     }
 
diff --git a/app/Http/Controllers/AjaxController.php b/app/Http/Controllers/AjaxController.php
index 9f246c5..ecf7f44 100644
--- a/app/Http/Controllers/AjaxController.php
+++ b/app/Http/Controllers/AjaxController.php
@@ -63,7 +63,7 @@ class AjaxController extends Controller {
             abort(404, 'User not found.');
         }
 
-        $new_api_key = CryptoHelper::generateRandomHex(15);
+        $new_api_key = CryptoHelper::generateRandomHex(env('_API_KEY_LENGTH'));
         $user->api_key = $new_api_key;
         $user->save();
 
diff --git a/app/Http/Controllers/Api/ApiController.php b/app/Http/Controllers/Api/ApiController.php
index 6cf7600..dc42f34 100644
--- a/app/Http/Controllers/Api/ApiController.php
+++ b/app/Http/Controllers/Api/ApiController.php
@@ -10,16 +10,32 @@ use App\Helpers\ApiHelper;
 class ApiController extends Controller {
     protected static function getApiUserInfo(Request $request) {
         $api_key = $request->input('key');
-        $user = User::where('active', 1)
-            ->where('api_key', $api_key)
-            ->where('api_active', 1)
-            ->first();
 
-        if (!$user) {
-            abort(401, "Invalid authentication token.");
+        if (!$api_key) {
+            // no API key provided -- check whether anonymous API is on
+            if (env('SETTING_ANON_API') == 'on') {
+                $username = 'ANONIP-' . $request->ip();
+            }
+            else {
+                abort(401, "Authentication token required.");
+            }
+            $user = (object) [
+                'username' => $username
+            ];
+        }
+        else {
+            $user = User::where('active', 1)
+                ->where('api_key', $api_key)
+                ->where('api_active', 1)
+                ->first();
+
+            if (!$user) {
+                abort(401, "Invalid authentication token.");
+            }
+            $username = $user->username;
         }
 
-        $api_limit_reached = ApiHelper::checkUserApiQuota($user->username);
+        $api_limit_reached = ApiHelper::checkUserApiQuota($username);
 
         if ($api_limit_reached) {
             abort(403, "Quota exceeded.");
diff --git a/app/Http/Controllers/SetupController.php b/app/Http/Controllers/SetupController.php
index 048ddf8..8ab78f6 100644
--- a/app/Http/Controllers/SetupController.php
+++ b/app/Http/Controllers/SetupController.php
@@ -102,6 +102,9 @@ class SetupController extends Controller {
 
         $st_base = $request->input('setting:base');
 
+        $st_auto_api_key = $request->input('setting:auto_api_key');
+        $st_anon_api = $request->input('setting:anon_api');
+
         $mail_host = $request->input('app:smtp_server');
         $mail_port = $request->input('app:smtp_port');
         $mail_username = $request->input('app:smtp_username');
@@ -147,6 +150,8 @@ class SetupController extends Controller {
             'MAIL_FROM_NAME' => $mail_from_name,
 
             'ST_BASE' => $st_base,
+            'ST_AUTO_API' => $st_auto_api_key,
+            'ST_ANON_API' => $st_anon_api
         ])->render();
 
         $handle = fopen('../.env', 'w');
diff --git a/app/Http/Controllers/UserController.php b/app/Http/Controllers/UserController.php
index 795b325..4a5e15a 100644
--- a/app/Http/Controllers/UserController.php
+++ b/app/Http/Controllers/UserController.php
@@ -3,7 +3,10 @@ namespace App\Http\Controllers;
 use Mail;
 use App\Models\User;
 use Illuminate\Http\Request;
+
+use App\Helpers\CryptoHelper;
 use App\Helpers\UserHelper;
+
 use App\Factories\UserFactory;
 
 class UserController extends Controller {
@@ -91,8 +94,17 @@ class UserController extends Controller {
             $response = redirect(route('login'))->with('success', 'Thanks for signing up! Please confirm your email to continue..');
             $active = 0;
         }
-        $user = UserFactory::createUser($username, $email, $password, $active, $ip);
 
+        $api_active = false;
+        $api_key = null;
+        if (env('SETTING_AUTO_API') == 'on') {
+            // if automatic API key assignment is on
+            $api_active = 1;
+            $api_key = CryptoHelper::generateRandomHex(env('_API_KEY_LENGTH'));
+        }
+
+
+        $user = UserFactory::createUser($username, $email, $password, $active, $ip, $api_key, $api_active);
         return $response;
     }
 
diff --git a/database/migrations/2015_11_04_015823_create_users_table.php b/database/migrations/2015_11_04_015823_create_users_table.php
index 61d7ce4..285016d 100644
--- a/database/migrations/2015_11_04_015823_create_users_table.php
+++ b/database/migrations/2015_11_04_015823_create_users_table.php
@@ -26,7 +26,7 @@ class CreateUsersTable extends Migration
             $table->string('role');
             $table->string('active');
 
-            $table->string('api_key');
+            $table->string('api_key')->nullable();
             $table->boolean('api_active')->default(0);
             $table->string('api_quota')->default(60);
 
diff --git a/public/css/admin.css b/public/css/admin.css
index 220e085..a6cd537 100644
--- a/public/css/admin.css
+++ b/public/css/admin.css
@@ -18,3 +18,7 @@
 .hidden-metadata {
     display: none;
 }
+
+.api-quota {
+    display: inline;
+}
diff --git a/public/css/setup.css b/public/css/setup.css
index c4dc5c5..b6119ba 100644
--- a/public/css/setup.css
+++ b/public/css/setup.css
@@ -15,7 +15,7 @@
 }
 
 body {
-    background-size: 100%;
+    background-size: 100% 100%;
     background-attachment: fixed;
     background-position: center;
     background-repeat: no-repeat;
@@ -61,6 +61,10 @@ body {
     color: grey;
 }
 
+.footer-well {
+    margin-top: 30px;
+}
+
 h4, p {
     margin-top: 20px;
 }
diff --git a/public/js/shorten_result.js b/public/js/shorten_result.js
index 9e3150b..5c6f4a3 100644
--- a/public/js/shorten_result.js
+++ b/public/js/shorten_result.js
@@ -8,6 +8,7 @@ $('.result-box').click(select_text);
 $('.result-box').change(function () {
     $(this).val(original_link);
 });
+
 $(function () {
     original_link = $('.result-box').val();
     select_text();
diff --git a/resources/views/admin.blade.php b/resources/views/admin.blade.php
index 085a34f..99d3b42 100644
--- a/resources/views/admin.blade.php
+++ b/resources/views/admin.blade.php
@@ -14,6 +14,10 @@
         @if ($role == 'admin')
         <li role='presentation' class='admin-nav-item'><a href='#admin'>Admin</a></li>
         @endif
+
+        @if ($api_active == 1)
+        <li role='presentation' class='admin-nav-item'><a href='#developer'>Developer</a></li>
+        @endif
     </ul>
 </div>
 <div class='col-md-9'>
@@ -61,8 +65,28 @@
 
         </div>
         @endif
+
+        @if ($api_active == 1)
+        <div role="tabpanel" class="tab-pane" id="developer">
+            <h3>Developer</h3>
+
+            <p>API keys and documentation for developers.</p>
+            <p>
+                Documentation:
+                <a href='http://docs.polr.me/en/latest/developer-guide/api/'>http://docs.polr.me/en/latest/developer-guide/api/</a>
+            </p>
+
+            <h4>API Key: </h4>
+            <input class='form-control' disabled type='text' value='{{$api_key}}'>
+
+            <h4>API Quota: </h4>
+            <h2 class='api-quota'><code>{{$api_quota}}</code></h2>
+            <span> requests per minute</span>
+        </div>
+        @endif
     </div>
 </div>
+</div>
 
 
 @endsection
diff --git a/resources/views/env.blade.php b/resources/views/env.blade.php
index 4e5ae54..0f84196 100644
--- a/resources/views/env.blade.php
+++ b/resources/views/env.blade.php
@@ -51,6 +51,9 @@ SETTING_SHORTEN_PERMISSION={{$ST_SHORTEN_PERMISSION}}
 SETTING_INDEX_REDIRECT={{$ST_INDEX_REDIRECT}}
 SETTING_PASSWORD_RECOV={{$ST_PASSWORD_RECOV}}
 
+SETTING_AUTO_API={{$ST_AUTO_API}}
+SETTING_ANON_API={{$ST_ANON_API}}
+
 @if($MAIL_ENABLED)
 MAIL_DRIVER=smtp
 # e.g mailtrap.io
@@ -71,6 +74,8 @@ CACHE_DRIVER=file
 SESSION_DRIVER=file
 QUEUE_DRIVER=database
 
+_API_KEY_LENGTH=15
+
 # FILESYSTEM_DRIVER=local
 # FILESYSTEM_CLOUD=s3
 
diff --git a/resources/views/layouts/base.blade.php b/resources/views/layouts/base.blade.php
index a87b175..123b088 100644
--- a/resources/views/layouts/base.blade.php
+++ b/resources/views/layouts/base.blade.php
@@ -38,11 +38,6 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
     <link href="/css/font-awesome.min.css" rel="stylesheet">
 
     <link rel="shortcut icon" href="favicon.ico">
-
-    {{-- Load header JavaScript --}}
-    <script src='/js/constants.js'></script>
-    <script src="/js/jquery-1.11.3.min.js"></script>
-    <script src="/js/bootstrap.min.js"></script>
     @yield('css')
 </head>
 <body>
@@ -53,6 +48,11 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
         </div>
     </div>
 
+    {{-- Load header JavaScript --}}
+    <script src='/js/constants.js'></script>
+    <script src="/js/jquery-1.11.3.min.js"></script>
+    <script src="/js/bootstrap.min.js"></script>
+
     <script src='/js/toastr.min.js'></script>
     <script src='/js/base.js'></script>
     <script>
diff --git a/resources/views/setup.blade.php b/resources/views/setup.blade.php
index a027338..6620fcd 100644
--- a/resources/views/setup.blade.php
+++ b/resources/views/setup.blade.php
@@ -106,6 +106,20 @@ Setup
             <p>SMTP From Name:</p>
             <input type='text' class='form-control' name='app:smtp_from_name' placeholder='noreply'>
 
+            <h4>API Settings</h4>
+
+            <p>Anonymous API:</p>
+            <select name='setting:anon_api' class='form-control'>
+                <option selected value='off'>Off -- only registered users can use API</option>
+                <option value='on'>On -- empty key API requests are allowed</option>
+            </select>
+
+            <p>Automatic API Assignment:</p>
+            <select name='setting:auto_api_key' class='form-control'>
+                <option selected value='off'>Off -- admins must manually enable API for each user</option>
+                <option value='on'>On -- each user receives an API key</option>
+            </select>
+
             <h4>Other Settings</h4>
 
             <p>Registration:</p>
@@ -124,8 +138,8 @@ Setup
                 Please ensure SMTP is properly set up before enabling password recovery.
             </p>
 
-            <p>Path relative to root (leave blank if /, if http://site.com/polr, then write /polr/):</p>
-            <input type='text' class='form-control' name='path' placeholder='/polr/' value=''>
+            {{-- <p>Path relative to root (leave blank if /, if http://site.com/polr, then write /polr/):</p>
+            <input type='text' class='form-control' name='path' placeholder='/polr/' value=''> --}}
 
             <p>Theme (click <a href='https://github.com/cydrobolt/polr/wiki/Themes-Screenshots'>here</a> for screenshots:</p>
             <select name='app:stylesheet' class='form-control'>
@@ -160,13 +174,13 @@ Setup
 
     <div>
         Polr Version {{env('VERSION')}} released {{env('VERSION_RELMONTH')}} {{env('VERSION_RELDAY')}}, {{env('VERSION_RELYEAR')}} -
-        <a href='//github.com/cydrobolt/polr'>Github</a></div></div><br />
+        <a href='//github.com/cydrobolt/polr'>Github</a>
 
-        <span style='font-weight:bold;'>
+        <div class='footer-well'>
             &copy; Copyright {{env('VERSION_RELYEAR')}}
             <a class='footer-link' href='//cydrobolt.com'>Chaoyi Zha</a> &
             <a class='footer-link' href='//github.com/Cydrobolt/polr/graphs/contributors'>Other Polr Contributors</a>
-        </span>
+        </div>
     </div>
 </div>
 
diff --git a/resources/views/snippets/link_table.blade.php b/resources/views/snippets/link_table.blade.php
index e941031..171a013 100644
--- a/resources/views/snippets/link_table.blade.php
+++ b/resources/views/snippets/link_table.blade.php
@@ -6,6 +6,7 @@
         <th>Date</th>
         <th>Secret</th>
         @if ($role == 'admin')
+        <th>Creator</th>
         <th>Disable</th>
         @endif
 
@@ -18,8 +19,9 @@
         <td>{{$link->clicks}}</td>
         <td>{{$link->created_at}}</td>
         <td>{{isset($link->secret_key)}}</td>
-        @if ($role == 'admin')
 
+        @if ($role == 'admin')
+        <td>{{$link->creator}}</td>
         <td>
             <a data-link-ending='{{$link->short_url}}' class='btn btn-sm @if($link->is_disabled) btn-success @else btn-danger @endif toggle-link'>
                 @if ($link->is_disabled)
author	Chaoyi Zha <summermontreal@gmail.com>	2016-02-20 03:13:50 +0300
committer	Chaoyi Zha <summermontreal@gmail.com>	2016-02-20 03:13:50 +0300
commit	d53c000a0bcf3f972b1716f841ea76a745b10418 (patch)
tree	e5e7aa83dc496547d853d6dfdc1ec8aaa7cb1b9e
parent	370f59bf4b0edbb5873b709f082acd230751f6fe (diff)