added key check to use AdminAPI, updated front end classes

This commit is contained in:
Ro 2021-06-28 13:47:06 -07:00
parent 2785ef6982
commit ab40219d9b
8 changed files with 49 additions and 23 deletions

View file

@ -20,7 +20,15 @@ class APIControl
switch (isset($args["third"]) ? $args["third"] : "none") {
case "status":
$result = AuthAPI::status();
if (Member::verifyKey($_GET["key"])) {
$result = AuthAPI::status();
} else {
$result = [
"message" => "Valid key required. API access denied, homie",
"type" => "API_ERROR",
];
}
break;
case "page":
//echo

View file

@ -48,7 +48,7 @@ class Auth
];
$token = Token::create(
$found["id"],
$found["key"],
$found["secret"],
time() + 3600,
"localhost"

File diff suppressed because one or more lines are too long

View file

@ -11,7 +11,10 @@ export default class NavIndex {
//--------------------------
constructor() {
this.processing = false;
this.admin = new FipamoAdminAPI();
this.admin = new FipamoAdminAPI(
null,
"fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a"
);
this.start();
}
//--------------------------

View file

@ -19,7 +19,10 @@ export default class PostEditor {
constructor() {
this.processing = false;
let self = this;
this.admin = new FipamoAdminAPI();
this.admin = new FipamoAdminAPI(
null,
"fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a"
);
this.urlPieces = document.URL.split("/");
this.post = [];
this.postID = null;

View file

@ -11,7 +11,10 @@ export default class SettingsIndex {
constructor() {
this.processing = false;
this.start();
this.admin = new FipamoAdminAPI();
this.admin = new FipamoAdminAPI(
null,
"fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a"
);
}
//--------------------------
// methods

View file

@ -28,8 +28,8 @@ export const TASK_PAGE_DELETE = "deletePage";
export const TASK_SEND_MAIL = "sendMail";
export const TASK_REINDEX_PAGE = "reIndexPages";
//** API STATUS **//
export const API_ACCESS_GOOD = "apiConnected";
export const API_ACCESS_BAD = "apiNotConnected";
export const API_ACCESS_GOOD = "apiUseAuthorized";
export const API_ACCESS_BAD = "apiUseNotAuthorized";
/**
* A can of methods used to edit install settings, navigation pages.
@ -48,29 +48,30 @@ class FipamoAdminAPI {
this.key = null;
if (key) this.key = key;
if (baseURL) this.baseURL = baseURL;
//checks backend to see if user is logged in and requests encrypted token for api calls
this._request(API_STATUS).then((response) => {
//if key is valid, checks to see if a session is active and returns
this._request(
this.baseURL
? this.baseURL + API_STATUS + "?key=" + this.key
: API_STATUS + "?key=" + this.key
).then((response) => {
if (response.type === API_ACCESS_GOOD) {
this.token = response.token;
} else {
//don't set token
//console.log("NO TOKEN");
}
});
}
/**
* Method for retrieving user authorizing user login
* Promise method for checking credentials. Must login to use Admin API.
* @param {object} data - json object that contains data for set up
* @property {string} handle - handle for site user
* @property {string} password - password for site user
*/
login(data) {
return new Promise((resolve, reject) => {
if (this.baseURL) {
data.key = this.key;
data.remote = true;
} else {
data.remote = false;
}
this.baseURL ? (data.remote = true) : (data.remote = false);
this.key ? (data.key = this.key) : (data.key = null);
this._request(
this.baseURL ? this.baseURL + API_LOGIN : API_LOGIN,
AUTH_STATUS,
@ -109,7 +110,9 @@ class FipamoAdminAPI {
syncSettings(data) {
return new Promise((resolve, reject) => {
this._request(
this.baseURL ? this.baseURL + API_SETTINGS_SYNC : API_SETTINGS_SYNC,
this.baseURL
? this.baseURL + API_SETTINGS_SYNC + "?key=" + this.key
: API_SETTINGS_SYNC + "?key=" + this.key,
TASK_SETTINGS_WRITE,
REQUEST_TYPE_POST,
CONTENT_TYPE_JSON,
@ -190,6 +193,13 @@ class FipamoAdminAPI {
break;
}
if (this.baseURL) {
data.key = this.key;
data.remote = true;
} else {
data.remote = false;
}
return new Promise((resolve, reject) => {
this._request(
this.baseURL ? this.baseURL + url : url,
@ -292,7 +302,6 @@ class FipamoAdminAPI {
request.open(requestType, requestURL, true);
request.onload = () => {
if (request.status == 200) {
//console.log("RESPONSE", request);
let response = JSON.parse(request["response"]);
resolve(response);
} else {

View file

@ -21,7 +21,7 @@ export const TASK_GET_CONTENT = "retrieveContent";
/**
* Fipamo Content API
* A bag of methods for getting page info from an install.
* To use remotely, include url of install and user key found in settings.
* To use remotely, include url of install and user key found in settings in the Dashboard.
*/
class FipamoContentAPI {
/**