From 7d74ee72419d7805237249b7788d51e85055e533 Mon Sep 17 00:00:00 2001 From: iglocska Date: Sun, 21 Jun 2020 23:13:17 +0200 Subject: [PATCH] new: [API auth] added --- app/src/Controller/AppController.php | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/app/src/Controller/AppController.php b/app/src/Controller/AppController.php index b464e3f..0106378 100644 --- a/app/src/Controller/AppController.php +++ b/app/src/Controller/AppController.php @@ -84,7 +84,7 @@ class AppController extends Controller public function beforeFilter(EventInterface $event) { - $this->isAdmin = true; + $this->authApiUser(); $this->ACL->setPublicInterfaces(); if (!empty($this->request->getAttribute('identity'))) { $this->loadModel('Users'); @@ -98,12 +98,36 @@ class AppController extends Controller } unset($user['password']); $this->ACL->setUser($user); + $this->isAdmin = $user['role']['perm_admin']; + } else if ($this->ParamHandler->isRest()) { + throw new MethodNotAllowedException(__('Invalid user credentials.')); } $this->ACL->checkAccess(); $this->set('menu', $this->{$this->modelClass}->getMenu()); $this->set('ajax', $this->request->is('ajax')); } + private function authApiUser(): void + { + if (!empty($_SERVER['HTTP_AUTHORIZATION']) && strlen($_SERVER['HTTP_AUTHORIZATION'])) { + $this->loadModel('AuthKeys'); + $authKey = $this->AuthKeys->find()->where([ + 'authkey' => $_SERVER['HTTP_AUTHORIZATION'], + 'OR' => [ + 'valid_until' => 0, + 'valid_until >' => time() + ] + ])->first(); + if (!empty($authKey)) { + $this->loadModel('Users'); + $user = $this->Users->get($authKey['user_id']); + if (!empty($user)) { + $this->Authentication->setIdentity($user); + } + } + } + } + public function generateUUID() { $uuid = Text::uuid();