Merge pull request #320 from cydrobolt/api_fixes_quota

API bugfixes & add anonymous API quota setting

8 files changed, 41 insertions, 19 deletions

diff --git a/app/Helpers/ApiHelper.php b/app/Helpers/ApiHelper.php
index 91c1238..5f629f8 100644
--- a/app/Helpers/ApiHelper.php
+++ b/app/Helpers/ApiHelper.php
@@ -20,10 +20,7 @@ class ApiHelper {
             $api_quota = $user->api_quota;
         }
         else {
-            // TODO add option to change default quota for anonymous
-            // API users
-
-            $api_quota = 5;
+            $api_quota = env('SETTING_ANON_API_QUOTA') ?: 5;
         }
 
         $links_last_minute = Link::where('is_api', 1)
diff --git a/app/Http/Controllers/Api/ApiAnalyticsController.php b/app/Http/Controllers/Api/ApiAnalyticsController.php
index c1bc5ad..4c7a1e4 100644
--- a/app/Http/Controllers/Api/ApiAnalyticsController.php
+++ b/app/Http/Controllers/Api/ApiAnalyticsController.php
@@ -12,6 +12,10 @@ class ApiAnalyticsController extends ApiController {
         $user = $request->user;
         $response_type = $request->input('response_type') ?: 'json';
 
+        if ($user->anonymous) {
+            throw new ApiException('AUTH_ERROR', 'Anonymous access of this API is not permitted.', 401, $response_type);
+        }
+
         if ($response_type != 'json') {
             throw new ApiException('JSON_ONLY', 'Only JSON-encoded data is available for this endpoint.', 401, $response_type);
         }
diff --git a/app/Http/Controllers/SetupController.php b/app/Http/Controllers/SetupController.php
index 12a898b..8234c3f 100644
--- a/app/Http/Controllers/SetupController.php
+++ b/app/Http/Controllers/SetupController.php
@@ -118,6 +118,7 @@ class SetupController extends Controller {
         $st_base = $request->input('setting:base');
         $st_auto_api_key = $request->input('setting:auto_api_key');
         $st_anon_api = $request->input('setting:anon_api');
+        $st_anon_api_quota = $request->input('setting:anon_api_quota');
         $st_pseudor_ending = $request->input('setting:pseudor_ending');
         $st_adv_analytics = $request->input('setting:adv_analytics');
 
@@ -171,6 +172,7 @@ class SetupController extends Controller {
             'ST_BASE' => $st_base,
             'ST_AUTO_API' => $st_auto_api_key,
             'ST_ANON_API' => $st_anon_api,
+            'ST_ANON_API_QUOTA' => $st_anon_api_quota,
             'ST_PSEUDOR_ENDING' => $st_pseudor_ending,
             'ST_ADV_ANALYTICS' => $st_adv_analytics,
 
diff --git a/app/Http/Middleware/ApiMiddleware.php b/app/Http/Middleware/ApiMiddleware.php
index bbab80c..4582989 100644
--- a/app/Http/Middleware/ApiMiddleware.php
+++ b/app/Http/Middleware/ApiMiddleware.php
@@ -23,7 +23,8 @@ class ApiMiddleware {
                 throw new ApiException('AUTH_ERROR', 'Authentication token required.', 401, $response_type);
             }
             $user = (object) [
-                'username' => $username
+                'username' => $username,
+                'anonymous' => true
             ];
         }
         else {
@@ -33,9 +34,10 @@ class ApiMiddleware {
                 ->first();
 
             if (!$user) {
-                throw new ApiException('AUTH_ERROR', 'Authentication token required.', 401, $response_type);
+                throw new ApiException('AUTH_ERROR', 'Authentication token invalid.', 401, $response_type);
             }
             $username = $user->username;
+            $user->anonymous = false;
         }
 
         $api_limit_reached = ApiHelper::checkUserApiQuota($username);
diff --git a/public/css/admin.css b/public/css/admin.css
index f33a96d..b718f20 100644
--- a/public/css/admin.css
+++ b/public/css/admin.css
@@ -38,6 +38,7 @@ input.api-quota {
     width: 9em;
     font-size: .85em;
     height: .85em;
+    padding-left: 0.8em;
 }
 
 .wrap-text {
diff --git a/public/js/SetupCtrl.js b/public/js/SetupCtrl.js
index ed6c8a2..c5fced4 100644
--- a/public/js/SetupCtrl.js
+++ b/public/js/SetupCtrl.js
@@ -1,3 +1,13 @@
+polr.directive('setupTooltip', function() {
+    return {
+        scope: {
+            content: '@',
+        },
+        replace: true,
+        template: '<button data-content="{{ content }}" type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button>'
+    }
+})
+
 polr.controller('SetupCtrl', function($scope) {
     $scope.init = function () {
         $('[data-toggle="popover"]').popover({
diff --git a/resources/views/env.blade.php b/resources/views/env.blade.php
index 971df5d..7bfd358 100644
--- a/resources/views/env.blade.php
+++ b/resources/views/env.blade.php
@@ -71,6 +71,9 @@ SETTING_AUTO_API={{$ST_AUTO_API}}
 # Set to true to allow anonymous API access
 SETTING_ANON_API={{$ST_ANON_API}}
 
+# Set the anonymous API quota per IP
+SETTING_ANON_API_QUOTA={{$ST_ANON_API_QUOTA}}
+
 # Set to true to use pseudorandom strings rather than using a counter by default
 SETTING_PSEUDORANDOM_ENDING={{$ST_PSEUDOR_ENDING}}
 
diff --git a/resources/views/setup.blade.php b/resources/views/setup.blade.php
index 264811a..c94ec85 100644
--- a/resources/views/setup.blade.php
+++ b/resources/views/setup.blade.php
@@ -39,7 +39,7 @@ Setup
 
             <p>
                 Database Name:
-                <button data-content="Name of existing database. You must create the Polr database manually." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button>
+                <setup-tooltip content="Name of existing database. You must create the Polr database manually."></setup-tooltip>
             </p>
             <input type='text' class='form-control' name='db:name' value='polr'>
 
@@ -85,7 +85,7 @@ Setup
 
             <p>
                 Redirect URL:
-                <button data-content="Required if you wish to redirect the index page or 404s to a different website. To use Polr, login by directly heading to yoursite.com/login first." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button>
+                <setup-tooltip content="Required if you wish to redirect the index page or 404s to a different website. To use Polr, login by directly heading to yoursite.com/login first."></setup-tooltip>
             </p>
             <input type='text' class='form-control' name='setting:index_redirect' placeholder='http://your-main-site.com'>
             <p class='text-muted'>
@@ -96,7 +96,7 @@ Setup
 
             <p>
                 Default URL Ending Type:
-                <button data-content="If you choose to use pseudorandom strings, you will not have the option to use a counter-based ending." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button>
+                <setup-tooltip content="If you choose to use pseudorandom strings, you will not have the option to use a counter-based ending."></setup-tooltip>
             </p>
             <select name='setting:pseudor_ending' class='form-control'>
                 <option value='false' selected='selected'>Use base62 or base32 counter (shorter but more predictable, e.g 5a)</option>
@@ -105,7 +105,7 @@ Setup
 
             <p>
                 URL Ending Base:
-                <button data-content="This will have no effect if you choose to use pseudorandom endings." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button>
+                <setup-tooltip content="This will have no effect if you choose to use pseudorandom endings."></setup-tooltip>
             </p>
             <select name='setting:base' class='form-control'>
                 <option value='32' selected='selected'>32 -- lowercase letters & numbers (default)</option>
@@ -114,7 +114,7 @@ Setup
 
             <h4>
                 Admin Account Settings
-                <button data-content="These credentials will be used for your admin account in Polr." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button>
+                <setup-tooltip content="These credentials will be used for your admin account in Polr."></setup-tooltip>
             </h4>
 
             <p>Admin Username:</p>
@@ -128,7 +128,7 @@ Setup
 
             <h4>
                 SMTP Settings
-                <button data-content="Required only if the email verification or password recovery features are enabled." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button>
+                <setup-tooltip content="Required only if the email verification or password recovery features are enabled."></setup-tooltip>
             </h4>
 
             <p>SMTP Server:</p>
@@ -156,6 +156,12 @@ Setup
                 <option value='true'>On -- empty key API requests are allowed</option>
             </select>
 
+            <p>
+                Anonymous API Quota:
+                <setup-tooltip content="API quota for non-authenticated users per minute per IP."></setup-tooltip>
+            </p>
+            <input type='text' class='form-control' name='setting:anon_api_quota' placeholder='10'>
+
             <p>Automatic API Assignment:</p>
             <select name='setting:auto_api_key' class='form-control'>
                 <option selected value='false'>Off -- admins must manually enable API for each user</option>
@@ -166,7 +172,7 @@ Setup
 
             <p>
                 Registration:
-                <button data-content="Enabling registration allows any user to create an account." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button>
+                <setup-tooltip content="Enabling registration allows any user to create an account."></setup-tooltip>
             </p>
             <select name='setting:registration_permission' class='form-control'>
                 <option value='none'>Registration disabled</option>
@@ -176,7 +182,7 @@ Setup
 
             <p>
                 Restrict Registration Email Domains:
-                <button data-content="Restrict registration to certain email domains." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button>
+                <setup-tooltip content="Restrict registration to certain email domains."></setup-tooltip>
             </p>
             <select name='setting:restrict_email_domain' class='form-control'>
                 <option value='false'>Allow any email domain to register</option>
@@ -185,13 +191,13 @@ Setup
 
             <p>
                 Permitted Email Domains:
-                <button data-content="A comma-separated list of emails permitted to register." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button>
+                <setup-tooltip content="A comma-separated list of emails permitted to register."></setup-tooltip>
             </p>
             <input type='text' class='form-control' name='setting:allowed_email_domains' placeholder='company.com,company-corp.com'>
 
             <p>
                 Password Recovery:
-                <button data-content="Password recovery allows users to reset their password through email." type="button" class="btn btn-xs btn-default setup-qmark" data-toggle="popover">?</button>
+                <setup-tooltip content="Password recovery allows users to reset their password through email."></setup-tooltip>
             </p>
             <select name='setting:password_recovery' class='form-control'>
                 <option value='false'>Password recovery disabled</option>
@@ -201,9 +207,6 @@ Setup
                 Please ensure SMTP is properly set up before enabling password recovery.
             </p>
 
-            {{-- <p>Path relative to root (leave blank if /, if http://site.com/polr, then write /polr/):</p>
-            <input type='text' class='form-control' name='path' placeholder='/polr/' value=''> --}}
-
             <p>Theme (<a href='https://github.com/cydrobolt/polr/wiki/Themes-Screenshots'>screenshots</a>):</p>
             <select name='app:stylesheet' class='form-control'>
                 <option value=''>Modern (default)</option>