AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add create asset functionality to API

Browse Source
This commit is contained in:
Marcus Hill
2022-02-27 16:09:21 +00:00
parent 90f62cecaa
commit 4b077cf6e0
5 changed files with 172 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
api/v1/validate_api_key.php
View File

@@ -1,4 +1,11 @@
<?php
/*
* API - validate_api_key.php
* Called by API endpoint to validate API key is valid
* Allows execution to continue or exits returning errors to the user
*/
// Includes
include( __DIR__ . '../../../functions.php');
include(__DIR__ . "../../../config.php");
@@ -6,6 +13,9 @@ include(__DIR__ . "../../../config.php");
// JSON header
header('Content-Type: application/json');
// POST data
$_POST = json_decode(file_get_contents('php://input'), true);
// Get user IP
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
// Get user agent
@@ -31,72 +41,72 @@ $return_arr = array();
// Decline methods other than GET/POST
if($_SERVER['REQUEST_METHOD'] !== "GET" AND $_SERVER['REQUEST_METHOD'] !== "POST"){
header("HTTP/1.1 405 Method Not Allowed");
var_dump($_SERVER['REQUEST_METHOD']);
exit();
header("HTTP/1.1 405 Method Not Allowed");
var_dump($_SERVER['REQUEST_METHOD']);
exit();
}
// Check API key is provided
if(!isset($_GET['api_key']) AND !isset($_POST['api_key'])){
header("HTTP/1.1 401 Unauthorized");
exit();
header("HTTP/1.1 401 Unauthorized");
exit();
}
// Set API key variable
if(isset($_GET['api_key'])){
$api_key = $_GET['api_key'];
$api_key = $_GET['api_key'];
}
if(isset($_POST['api_key'])){
$api_key = $_POST['api_key'];
$api_key = $_POST['api_key'];
}
// Validate API key
if(isset($api_key)){
$api_key = mysqli_real_escape_string($mysqli,$api_key);
$api_key = mysqli_real_escape_string($mysqli,$api_key);
$sql = mysqli_query($mysqli,"SELECT * FROM api_keys, companies WHERE api_keys.company_id = companies.company_id AND api_key_secret = '$api_key' AND api_key_expire > NOW()");
$sql = mysqli_query($mysqli,"SELECT * FROM api_keys WHERE api_key_secret = '$api_key' AND api_key_expire > NOW() LIMIT 1");
// Failed
if(mysqli_num_rows($sql) != 1){
// Invalid Key
header("HTTP/1.1 401 Unauthorized");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
// Failed
if(mysqli_num_rows($sql) !== 1){
// Invalid Key
header("HTTP/1.1 401 Unauthorized");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$return_arr['success'] = "False";
$return_arr['message'] = "API Key authentication failure or expired.";
$return_arr['success'] = "False";
$return_arr['message'] = "API Key authentication failure or expired.";
header("HTTP/1.1 401 Unauthorized");
echo json_encode($return_arr);
exit();
header("HTTP/1.1 401 Unauthorized");
echo json_encode($return_arr);
exit();
}
// Success
else{
// Set company ID
$row = mysqli_fetch_array($sql);
$company_id = $row['company_id'];
// Set limit & offset for queries
if(isset($_GET['limit'])){
$limit = intval($_GET['limit']);
}
elseif(isset($_POST['limit'])){
$limit = intval($_POST['limit']);
}
// Success
else{
// Set company ID
$row = mysqli_fetch_array($sql);
$company_id = $row['company_id'];
// Set limit & offset for queries
if(isset($_GET['limit'])){
$limit = intval($_GET['limit']);
}
elseif(isset($_POST['limit'])){
$limit = intval($_POST['limit']);
}
else{
$limit = 50;
}
if(isset($_GET['offset'])){
$offset = intval($_GET['offset']);
}
elseif(isset($_POST['offset'])){
$offset = intval($_POST['offset']);
}
else{
$offset = 0;
}
$limit = 50;
}
if(isset($_GET['offset'])){
$offset = intval($_GET['offset']);
}
elseif(isset($_POST['offset'])){
$offset = intval($_POST['offset']);
}
else{
$offset = 0;
}
}
}