added key check to use AdminAPI, updated front end classes

brain/controller/APIControl.inc.php

@@ -20,7 +20,15 @@ class APIControl
 
     switch (isset($args["third"]) ? $args["third"] : "none") {
       case "status":
-        $result = AuthAPI::status();
+        if (Member::verifyKey($_GET["key"])) {
+          $result = AuthAPI::status();
+        } else {
+          $result = [
+            "message" => "Valid key required. API access denied, homie",
+            "type" => "API_ERROR",
+          ];
+        }
+
         break;
       case "page":
         //echo

brain/data/Auth.inc.php

@@ -48,7 +48,7 @@ class Auth
         ];
 
         $token = Token::create(
-          $found["id"],
+          $found["key"],
           $found["secret"],
           time() + 3600,
           "localhost"

src/com/controllers/NavIndex.js

@@ -11,7 +11,10 @@ export default class NavIndex {
   //--------------------------
   constructor() {
     this.processing = false;
-    this.admin = new FipamoAdminAPI();
+    this.admin = new FipamoAdminAPI(
+      null,
+      "fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a"
+    );
     this.start();
   }
   //--------------------------

src/com/controllers/PageEditor.js

@@ -19,7 +19,10 @@ export default class PostEditor {
   constructor() {
     this.processing = false;
     let self = this;
-    this.admin = new FipamoAdminAPI();
+    this.admin = new FipamoAdminAPI(
+      null,
+      "fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a"
+    );
     this.urlPieces = document.URL.split("/");
     this.post = [];
     this.postID = null;

src/com/controllers/SettingsIndex.js

@@ -11,7 +11,10 @@ export default class SettingsIndex {
   constructor() {
     this.processing = false;
     this.start();
-    this.admin = new FipamoAdminAPI();
+    this.admin = new FipamoAdminAPI(
+      null,
+      "fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a"
+    );
   }
   //--------------------------
   // methods

src/libraries/FipamoAdminAPI.js

@@ -28,8 +28,8 @@ export const TASK_PAGE_DELETE = "deletePage";
 export const TASK_SEND_MAIL = "sendMail";
 export const TASK_REINDEX_PAGE = "reIndexPages";
 //** API STATUS **//
-export const API_ACCESS_GOOD = "apiConnected";
+export const API_ACCESS_GOOD = "apiUseAuthorized";
-export const API_ACCESS_BAD = "apiNotConnected";
+export const API_ACCESS_BAD = "apiUseNotAuthorized";
 
 /**
  * A can of methods used to edit install settings, navigation pages.
@@ -48,29 +48,30 @@ class FipamoAdminAPI {
     this.key = null;
     if (key) this.key = key;
     if (baseURL) this.baseURL = baseURL;
-    //checks backend to see if user is logged in and requests encrypted token for api calls
+    //if key is valid, checks to see if a session is active and returns
-    this._request(API_STATUS).then((response) => {
+    this._request(
+      this.baseURL
+        ? this.baseURL + API_STATUS + "?key=" + this.key
+        : API_STATUS + "?key=" + this.key
+    ).then((response) => {
       if (response.type === API_ACCESS_GOOD) {
         this.token = response.token;
       } else {
         //don't set token
+        //console.log("NO TOKEN");
       }
     });
   }
   /**
-   * Method for retrieving user authorizing user login
+   * Promise method for checking credentials. Must login to use Admin API.
    * @param {object} data - json object that contains data for set up
    * @property {string} handle - handle for site user
    * @property {string} password - password for site user
    */
   login(data) {
     return new Promise((resolve, reject) => {
-      if (this.baseURL) {
+      this.baseURL ? (data.remote = true) : (data.remote = false);
-        data.key = this.key;
+      this.key ? (data.key = this.key) : (data.key = null);
-        data.remote = true;
-      } else {
-        data.remote = false;
-      }
       this._request(
         this.baseURL ? this.baseURL + API_LOGIN : API_LOGIN,
         AUTH_STATUS,
@@ -109,7 +110,9 @@ class FipamoAdminAPI {
   syncSettings(data) {
     return new Promise((resolve, reject) => {
       this._request(
-        this.baseURL ? this.baseURL + API_SETTINGS_SYNC : API_SETTINGS_SYNC,
+        this.baseURL
+          ? this.baseURL + API_SETTINGS_SYNC + "?key=" + this.key
+          : API_SETTINGS_SYNC + "?key=" + this.key,
         TASK_SETTINGS_WRITE,
         REQUEST_TYPE_POST,
         CONTENT_TYPE_JSON,
@@ -190,6 +193,13 @@ class FipamoAdminAPI {
         break;
     }
 
+    if (this.baseURL) {
+      data.key = this.key;
+      data.remote = true;
+    } else {
+      data.remote = false;
+    }
+
     return new Promise((resolve, reject) => {
       this._request(
         this.baseURL ? this.baseURL + url : url,
@@ -292,7 +302,6 @@ class FipamoAdminAPI {
       request.open(requestType, requestURL, true);
       request.onload = () => {
         if (request.status == 200) {
-          //console.log("RESPONSE", request);
           let response = JSON.parse(request["response"]);
           resolve(response);
         } else {

src/libraries/FipamoContentAPI.js

@@ -21,7 +21,7 @@ export const TASK_GET_CONTENT = "retrieveContent";
 /**
  * Fipamo Content API
  * A bag of methods for getting page info from an install.
- * To use remotely, include url of install and user key found in settings.
+ * To use remotely, include url of install and user key found in settings in the Dashboard.
  */
 class FipamoContentAPI {
   /**