new: [API auth] added

remotes/origin/main
iglocska 2020-06-21 23:13:17 +02:00
parent 8aff53ee89
commit 7d74ee7241
No known key found for this signature in database
GPG Key ID: BEA224F1FEF113AC
1 changed files with 25 additions and 1 deletions

View File

@ -84,7 +84,7 @@ class AppController extends Controller
public function beforeFilter(EventInterface $event)
{
$this->isAdmin = true;
$this->authApiUser();
$this->ACL->setPublicInterfaces();
if (!empty($this->request->getAttribute('identity'))) {
$this->loadModel('Users');
@ -98,12 +98,36 @@ class AppController extends Controller
}
unset($user['password']);
$this->ACL->setUser($user);
$this->isAdmin = $user['role']['perm_admin'];
} else if ($this->ParamHandler->isRest()) {
throw new MethodNotAllowedException(__('Invalid user credentials.'));
}
$this->ACL->checkAccess();
$this->set('menu', $this->{$this->modelClass}->getMenu());
$this->set('ajax', $this->request->is('ajax'));
}
private function authApiUser(): void
{
if (!empty($_SERVER['HTTP_AUTHORIZATION']) && strlen($_SERVER['HTTP_AUTHORIZATION'])) {
$this->loadModel('AuthKeys');
$authKey = $this->AuthKeys->find()->where([
'authkey' => $_SERVER['HTTP_AUTHORIZATION'],
'OR' => [
'valid_until' => 0,
'valid_until >' => time()
]
])->first();
if (!empty($authKey)) {
$this->loadModel('Users');
$user = $this->Users->get($authKey['user_id']);
if (!empty($user)) {
$this->Authentication->setIdentity($user);
}
}
}
}
public function generateUUID()
{
$uuid = Text::uuid();