added key check to use AdminAPI, updated front end classes

2021-06-28 13:47:06 -07:00 · 2021-06-28 13:47:06 -07:00 · ab40219d9b
commit ab40219d9b
parent 2785ef6982
8 changed files with 49 additions and 23 deletions
--- a/brain/controller/APIControl.inc.php
+++ b/brain/controller/APIControl.inc.php
@ -20,7 +20,15 @@ class APIControl

    switch (isset($args["third"]) ? $args["third"] : "none") {
      case "status":
-        $result = AuthAPI::status();
+        if (Member::verifyKey($_GET["key"])) {
+          $result = AuthAPI::status();
+        } else {
+          $result = [
+            "message" => "Valid key required. API access denied, homie",
+            "type" => "API_ERROR",
+          ];
+        }
+
        break;
      case "page":
        //echo
--- a/brain/data/Auth.inc.php
+++ b/brain/data/Auth.inc.php
@ -48,7 +48,7 @@ class Auth
        ];

        $token = Token::create(
-          $found["id"],
+          $found["key"],
          $found["secret"],
          time() + 3600,
          "localhost"
--- a/public/assets/scripts/dash.min.js
+++ b/public/assets/scripts/dash.min.js
--- a/src/com/controllers/NavIndex.js
+++ b/src/com/controllers/NavIndex.js
@ -11,7 +11,10 @@ export default class NavIndex {
  //--------------------------
  constructor() {
    this.processing = false;
-    this.admin = new FipamoAdminAPI();
+    this.admin = new FipamoAdminAPI(
+      null,
+      "fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a"
+    );
    this.start();
  }
  //--------------------------
--- a/src/com/controllers/PageEditor.js
+++ b/src/com/controllers/PageEditor.js
@ -19,7 +19,10 @@ export default class PostEditor {
  constructor() {
    this.processing = false;
    let self = this;
-    this.admin = new FipamoAdminAPI();
+    this.admin = new FipamoAdminAPI(
+      null,
+      "fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a"
+    );
    this.urlPieces = document.URL.split("/");
    this.post = [];
    this.postID = null;
--- a/src/com/controllers/SettingsIndex.js
+++ b/src/com/controllers/SettingsIndex.js
@ -11,7 +11,10 @@ export default class SettingsIndex {
  constructor() {
    this.processing = false;
    this.start();
-    this.admin = new FipamoAdminAPI();
+    this.admin = new FipamoAdminAPI(
+      null,
+      "fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a"
+    );
  }
  //--------------------------
  // methods
--- a/src/libraries/FipamoAdminAPI.js
+++ b/src/libraries/FipamoAdminAPI.js
@ -28,8 +28,8 @@ export const TASK_PAGE_DELETE = "deletePage";
 export const TASK_SEND_MAIL = "sendMail";
 export const TASK_REINDEX_PAGE = "reIndexPages";
 //** API STATUS **//
-export const API_ACCESS_GOOD = "apiConnected";
-export const API_ACCESS_BAD = "apiNotConnected";
+export const API_ACCESS_GOOD = "apiUseAuthorized";
+export const API_ACCESS_BAD = "apiUseNotAuthorized";

 /**
 * A can of methods used to edit install settings, navigation pages.
@ -48,29 +48,30 @@ class FipamoAdminAPI {
    this.key = null;
    if (key) this.key = key;
    if (baseURL) this.baseURL = baseURL;
-    //checks backend to see if user is logged in and requests encrypted token for api calls
-    this._request(API_STATUS).then((response) => {
+    //if key is valid, checks to see if a session is active and returns
+    this._request(
+      this.baseURL
+        ? this.baseURL + API_STATUS + "?key=" + this.key
+        : API_STATUS + "?key=" + this.key
+    ).then((response) => {
      if (response.type === API_ACCESS_GOOD) {
        this.token = response.token;
      } else {
        //don't set token
+        //console.log("NO TOKEN");
      }
    });
  }
  /**
-   * Method for retrieving user authorizing user login
+   * Promise method for checking credentials. Must login to use Admin API.
   * @param {object} data - json object that contains data for set up
   * @property {string} handle - handle for site user
   * @property {string} password - password for site user
   */
  login(data) {
    return new Promise((resolve, reject) => {
-      if (this.baseURL) {
-        data.key = this.key;
-        data.remote = true;
-      } else {
-        data.remote = false;
-      }
+      this.baseURL ? (data.remote = true) : (data.remote = false);
+      this.key ? (data.key = this.key) : (data.key = null);
      this._request(
        this.baseURL ? this.baseURL + API_LOGIN : API_LOGIN,
        AUTH_STATUS,
@ -109,7 +110,9 @@ class FipamoAdminAPI {
  syncSettings(data) {
    return new Promise((resolve, reject) => {
      this._request(
-        this.baseURL ? this.baseURL + API_SETTINGS_SYNC : API_SETTINGS_SYNC,
+        this.baseURL
+          ? this.baseURL + API_SETTINGS_SYNC + "?key=" + this.key
+          : API_SETTINGS_SYNC + "?key=" + this.key,
        TASK_SETTINGS_WRITE,
        REQUEST_TYPE_POST,
        CONTENT_TYPE_JSON,
@ -190,6 +193,13 @@ class FipamoAdminAPI {
        break;
    }

+    if (this.baseURL) {
+      data.key = this.key;
+      data.remote = true;
+    } else {
+      data.remote = false;
+    }
+
    return new Promise((resolve, reject) => {
      this._request(
        this.baseURL ? this.baseURL + url : url,
@ -292,7 +302,6 @@ class FipamoAdminAPI {
      request.open(requestType, requestURL, true);
      request.onload = () => {
        if (request.status == 200) {
-          //console.log("RESPONSE", request);
          let response = JSON.parse(request["response"]);
          resolve(response);
        } else {
--- a/src/libraries/FipamoContentAPI.js
+++ b/src/libraries/FipamoContentAPI.js
@ -21,7 +21,7 @@ export const TASK_GET_CONTENT = "retrieveContent";
 /**
 * Fipamo Content API
 * A bag of methods for getting page info from an install.
- * To use remotely, include url of install and user key found in settings.
+ * To use remotely, include url of install and user key found in settings in the Dashboard.
 */
 class FipamoContentAPI {
  /**