Merge branch 'develop' into beta

Fixed #51, #52, #53, #55
This commit is contained in:
Ro 2021-09-14 12:54:06 -07:00
commit ccf65e1899
10 changed files with 87 additions and 19 deletions

View file

@ -104,7 +104,58 @@ class PagesAPI
case "delete": case "delete":
case "create": case "create":
case "write": case "write":
$result = (new Book("../content/pages"))->editPage($task, $request); $body = $request->getParsedBody();
$passed = true;
if (!isset($body["form_token"])) {
$result = [
"message" => "No form token. Not good, sport.",
"type" => "TASK_FORM_AUTH",
];
} else {
if ($body["form_token"] == Session::get("form_token")) {
//TODO: Verify form fields
$keys = [
"id",
"uuid",
"layout",
"current_title",
"content",
"title",
"created",
"slug",
"tags",
"menu",
"featured",
"published",
"form_token",
"feature_image",
];
foreach ($body as $key => $item) {
if (!in_array($key, $keys)) {
//found unnecessary key, so reject submission
$passed = false;
}
}
if ($passed) {
$result = (new Book("../content/pages"))->editPage(
$task,
$request
);
} else {
$result = [
"message" => "Form token, auth failed. Uh oh.",
"type" => "TASK_FORM_AUTH",
];
}
} else {
$result = [
"message" => "Form token, auth failed. Uh oh.",
"type" => "TASK_FORM_AUTH",
];
}
}
break; break;
case "add-entry-image": case "add-entry-image":
$result = ImagesAPI::uploadImage($request); $result = ImagesAPI::uploadImage($request);

View file

@ -101,6 +101,7 @@ class DashControl
"title" => "Fipamo | Edit Page", "title" => "Fipamo | Edit Page",
"page" => (new Book("../content/pages"))->findPageById($uuid), "page" => (new Book("../content/pages"))->findPageById($uuid),
"mode" => $mode, "mode" => $mode,
"token" => Session::get("form_token"),
"status" => Session::active(), "status" => Session::active(),
]; ];
} else { } else {

View file

@ -53,9 +53,12 @@ class Auth
time() + 3600, time() + 3600,
"localhost" "localhost"
); //expires in an hour ); //expires in an hour
$form_token = md5(uniqid(microtime(), true));
Session::start(); Session::start();
Session::set("member", $member); Session::set("member", $member);
Session::set("token", $token); Session::set("token", $token);
Session::set("form_token", $form_token);
$result = "good_login"; $result = "good_login";
} else { } else {

View file

@ -148,7 +148,9 @@ class Book
"id" => $uuid, "id" => $uuid,
]; ];
//**just testing to see why indexing isn't working ** //TODO: When form submission is successful, make new form token
$form_token = md5(uniqid(microtime(), true));
Session::set("form_token", $form_token);
//once saved, update menu //once saved, update menu
$body["path"] = $path; $body["path"] = $path;

View file

@ -8,6 +8,7 @@ class Session
private static $data = [ private static $data = [
"member" => "", "member" => "",
"token" => "", "token" => "",
"form_token" => "",
]; ];
public static function start() public static function start()
{ {

View file

@ -101,6 +101,7 @@ class SetUp
$backup = $request->getUploadedFiles(); $backup = $request->getUploadedFiles();
$file = $backup["backup-upload"]; $file = $backup["backup-upload"];
$size = $file->getSize();
$name = $file->getClientFileName(); $name = $file->getClientFileName();
//park it so it can be read //park it so it can be read
@ -128,11 +129,11 @@ class SetUp
//move to appropriate spots //move to appropriate spots
/* /*
rename( rename(
"../content/settings/settings.json", "../content/settings/settings.json",
"../config/settings.json" "../config/settings.json"
); );
*/ */
//load up old config file //load up old config file
$newConfig = json_decode( $newConfig = json_decode(
@ -151,15 +152,22 @@ class SetUp
rename("../content/settings/tags.json", "../config/tags.json"); rename("../content/settings/tags.json", "../config/tags.json");
rename( //images path for blog and user
"../content/public/assets/images/blog", $blogImagePath = "../public/assets/images/blog";
"../public/assets/images/blog" $userImagePath = "../public/assets/images/user";
);
rename( //check to see if image dirs are empty, if not chill
"../content/public/assets/images/user", if ($globs = glob($blogImagePath . "/*")) {
"../public/assets/images/user" //directory not empty, relax
); } else {
rename("../content/public/assets/images/blog", $blogImagePath);
}
if ($globs = glob($userImagePath . "/*")) {
//directory not empty, relax
} else {
rename("../content/public/assets/images/user", $userImagePath);
}
rename("../content/content/pages/", "../content/pages"); rename("../content/content/pages/", "../content/pages");

View file

@ -28,7 +28,7 @@
<div id="dash-restore" class="dash-restore"> <div id="dash-restore" class="dash-restore">
<form id="init-restore"> <form id="init-restore">
<img id="the-logo" src="/assets/images/global/fipamo-logo.svg"/> <img id="the-logo" src="/assets/images/global/fipamo-logo.svg"/>
<input type="text" name="restore_member_handle" id="restore_member_handle" placeholder="handle"/><input type="text" name="restore_member_pass" id="restore_member_pass" placeholder="password"/> <input type="text" name="restore_member_handle" id="restore_member_handle" placeholder="handle"/><input type="password" name="restore_member_pass" id="restore_member_pass" placeholder="password"/>
<div> <div>
<label>Grab your backup zip</label> <label>Grab your backup zip</label>
<input id="backup-upload" type="file" name="backup-upload" placeholder="Backup Zip"/> <input id="backup-upload" type="file" name="backup-upload" placeholder="Backup Zip"/>

View file

@ -78,6 +78,7 @@
{% endapply %} {% endapply %}
<input id="featured-image-upload" type="file" name="featured-image-upload"/> <input id="featured-image-upload" type="file" name="featured-image-upload"/>
<input id="post-image-upload" type="file" name="post-image-upload"/> <input id="post-image-upload" type="file" name="post-image-upload"/>
<input id="form_token" name="token" type="hidden" value="{{ token }}">
</div> </div>
</div> </div>
</div> </div>

File diff suppressed because one or more lines are too long

View file

@ -217,6 +217,7 @@ class FipamoAdminAPI {
* @param {boolean} form[].menu - property that indicates page is included in site menu * @param {boolean} form[].menu - property that indicates page is included in site menu
* @param {boolean} form[].featured - property that indicates page is featured * @param {boolean} form[].featured - property that indicates page is featured
* @param {boolean} form[].published - property that indicates page is public * @param {boolean} form[].published - property that indicates page is public
* @param {string} form[].form_token - hidden property to authenticate form submission
* @param {input} form[].feature_image - main image for page * @param {input} form[].feature_image - main image for page
* @example * @example
* api.pageActions(TASK, data).then(response=>{ * api.pageActions(TASK, data).then(response=>{