Added API List, Create, Update Delete Interface

2022-02-03 19:12:10 -05:00 · 2022-02-03 19:12:10 -05:00 · b58696f079
parent 74ba71acd7
commit b58696f079
6 changed files with 313 additions and 7 deletions
--- a/api_key_add_modal.php
+++ b/api_key_add_modal.php
@ -0,0 +1,54 @@
+<div class="modal" id="addApiKeyModal" tabindex="-1">
+  <div class="modal-dialog">
+    <div class="modal-content bg-dark">
+      <div class="modal-header">
+        <h5 class="modal-title"><i class="fa fa-fw fa-key"></i> New Key</h5>
+        <button type="button" class="close text-white" data-dismiss="modal">
+          <span>&times;</span>
+        </button>
+      </div>
+      <form action="post.php" method="post" autocomplete="off">
+        <div class="modal-body bg-white">
+
+          <div class="form-group">
+            <label>Name <strong class="text-danger">*</strong></label>
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
+              </div>
+              <input type="text" class="form-control" name="name" placeholder="Key Name" required autofocus>
+            </div>
+          </div>
+
+          <div class="form-group">
+            <label>Secret <strong class="text-danger">*</strong></label>
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
+              </div>
+              <input type="password" class="form-control" data-toggle="password" name="secret" placeholder="Enter a Secret" autocomplete="new-password" required>
+              <div class="input-group-append">
+                <span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
+              </div>
+            </div>
+          </div>
+
+          <div class="form-group">
+            <label>Expiration Date</label>
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
+              </div>
+              <input type="date" class="form-control" name="expire">
+            </div>
+          </div>
+
+        </div>
+        <div class="modal-footer bg-white">
+          <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
+          <button type="submit" name="add_api_key" class="btn btn-primary">Save</button>
+        </div>
+      </form>
+    </div>
+  </div>
+</div>
--- a/api_key_edit_modal.php
+++ b/api_key_edit_modal.php
@ -0,0 +1,56 @@
+<div class="modal" id="editApiKeyModal<?php echo $api_key_id; ?>" tabindex="-1">
+  <div class="modal-dialog">
+    <div class="modal-content bg-dark">
+      <div class="modal-header">
+        <h5 class="modal-title"><i class="fa fa-fw fa-key"></i> <?php echo $api_key_name; ?></h5>
+        <button type="button" class="close text-white" data-dismiss="modal">
+          <span>&times;</span>
+        </button>
+      </div>
+      <form action="post.php" method="post" autocomplete="off">
+        <input type="hidden" name="api_key_id" value="<?php echo $api_key_id; ?>">
+
+        <div class="modal-body bg-white">
+
+          <div class="form-group">
+            <label>Name <strong class="text-danger">*</strong></label>
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-key"></i></span>
+              </div>
+              <input type="text" class="form-control" name="name" placeholder="Key Name" value="<?php echo $api_key_name; ?>" required autofocus>
+            </div>
+          </div>
+
+          <div class="form-group">
+            <label>Secret <strong class="text-danger">*</strong></label>
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-lock"></i></span>
+              </div>
+              <input type="password" class="form-control" data-toggle="password" name="secret" placeholder="Enter a Secret" autocomplete="new-password" value="<?php echo $api_key_secret; ?>" required>
+              <div class="input-group-append">
+                <span class="input-group-text"><i class="fa fa-fw fa-eye"></i></span>
+              </div>
+            </div>
+          </div>
+
+          <div class="form-group">
+            <label>Expiration Date</label>
+            <div class="input-group">
+              <div class="input-group-prepend">
+                <span class="input-group-text"><i class="fa fa-fw fa-calendar"></i></span>
+              </div>
+              <input type="date" class="form-control" name="expire" value="<?php echo $api_key_expire; ?>">
+            </div>
+          </div>
+
+        </div>
+        <div class="modal-footer bg-white">
+          <button type="button" class="btn btn-secondary" data-dismiss="modal">Cancel</button>
+          <button type="submit" name="edit_api_key" class="btn btn-primary">Save</button>
+        </div>
+      </form>
+    </div>
+  </div>
+</div>
--- a/api_keys.php
+++ b/api_keys.php
@ -0,0 +1,132 @@
+<?php include("header.php");
+
+  //Paging
+  if(isset($_GET['p'])){
+    $p = intval($_GET['p']);
+    $record_from = (($p)-1)*$_SESSION['records_per_page'];
+    $record_to = $_SESSION['records_per_page'];
+  }else{
+    $record_from = 0;
+    $record_to = $_SESSION['records_per_page'];
+    $p = 1;
+  }
+    
+  if(isset($_GET['q'])){
+    $q = mysqli_real_escape_string($mysqli,$_GET['q']);
+  }else{
+    $q = "";
+  }
+
+  if(!empty($_GET['sb'])){
+    $sb = mysqli_real_escape_string($mysqli,$_GET['sb']);
+  }else{
+    $sb = "api_key_name";
+  }
+
+  if(isset($_GET['o'])){
+    if($_GET['o'] == 'ASC'){
+      $o = "ASC";
+      $disp = "DESC";
+    }else{
+      $o = "DESC";
+      $disp = "ASC";
+    }
+  }else{
+    $o = "ASC";
+    $disp = "DESC";
+  }
+
+  //Rebuild URL
+  $url_query_strings_sb = http_build_query(array_merge($_GET,array('sb' => $sb, 'o' => $o)));
+
+  $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM api_keys
+    WHERE (api_key_name LIKE '%$q%')
+    AND company_id = $session_company_id
+    ORDER BY $sb $o LIMIT $record_from, $record_to");
+
+  $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
+
+?>
+
+<div class="card card-dark">
+  <div class="card-header py-2">
+    <h3 class="card-title mt-2"><i class="fa fa-fw fa-key"></i> API Keys</h3>
+    <div class="card-tools">
+      <button type="button" class="btn btn-primary" data-toggle="modal" data-target="#addApiKeyModal"><i class="fas fa-fw fa-plus"></i> New Key</button>
+    </div>
+  </div>
+  <div class="card-body">
+    <form autocomplete="off">
+      <div class="input-group">
+        <input type="search" class="form-control col-md-4" name="q" value="<?php if(isset($q)){echo stripslashes($q);} ?>" placeholder="Search keys">
+        <div class="input-group-append">
+          <button class="btn btn-primary"><i class="fa fa-search"></i></button>
+        </div>
+      </div>
+    </form>
+    <hr>
+    <div class="table-responsive">
+      <table class="table table-striped table-borderless table-hover">
+        <thead class="text-dark <?php if($num_rows[0] == 0){ echo "d-none"; } ?>">
+          <tr>
+            <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=api_key_name&o=<?php echo $disp; ?>">Name</a></th>
+            <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=api_key_secret&o=<?php echo $disp; ?>">Secret</a></th>
+            <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=api_key_created_at&o=<?php echo $disp; ?>">Created</a></th>
+            <th><a class="text-dark" href="?<?php echo $url_query_strings_sb; ?>&sb=api_key_expire&o=<?php echo $disp; ?>">Expire</a></th>
+            <th class="text-center">Action</th>
+          </tr>
+        </thead>
+        <tbody>
+          <?php
+      
+          while($row = mysqli_fetch_array($sql)){
+            $api_key_id = $row['api_key_id'];
+            $api_key_name = $row['api_key_name'];
+            $api_key_secret = $row['api_key_secret'];
+            $api_key_created_at = $row['api_key_created_at'];
+            $api_key_expire = $row['api_key_expire'];
+  
+          ?>
+          <tr>
+            <td>
+              <a class="text-dark" href="#" data-toggle="modal" data-target="#editApiKeyModal<?php echo $api_key_id; ?>"><?php echo $api_key_name; ?></a>
+            </td>
+            <td><?php echo $api_key_secret; ?></td>
+            <td><?php echo $api_key_created_at; ?></td>
+            <td><?php echo $api_key_expire; ?></td>
+            <td>
+              <div class="dropdown dropleft text-center">
+                <button class="btn btn-secondary btn-sm" type="button" data-toggle="dropdown">
+                  <i class="fas fa-ellipsis-h"></i>
+                </button>
+                <div class="dropdown-menu">
+                  <a class="dropdown-item" href="#" data-toggle="modal" data-target="#editApiKeyModal<?php echo $api_key_id; ?>">Edit</a>
+                  <div class="dropdown-divider"></div>
+                  <a class="dropdown-item text-danger" href="post.php?delete_api_key=<?php echo $api_key_id; ?>">Delete</a>
+                </div>
+              </div>   
+            </td>
+          </tr>
+
+          <?php
+
+          include("api_key_edit_modal.php");
+          
+          }
+      
+          ?>
+
+        </tbody>
+      </table>
+    </div>
+    <?php include("pagination.php"); ?>
+  </div>
+</div>
+
+<?php
+  
+  include("api_key_add_modal.php");
+  
+  include("footer.php");
+
+?>
--- a/db.sql
+++ b/db.sql
@ -63,10 +63,11 @@ DROP TABLE IF EXISTS `api_keys`;
 /*!40101 SET character_set_client = utf8 */;
 CREATE TABLE `api_keys` (
  `api_key_id` int(11) NOT NULL AUTO_INCREMENT,
+  `api_key_name` varchar(255) NOT NULL,
  `api_key_secret` varchar(255) NOT NULL,
-  `api_key_description` varchar(255) DEFAULT NULL,
  `api_key_created_at` datetime NOT NULL,
-  `api_key_expire` datetime NOT NULL,
+  `api_key_updated_at` datetime DEFAULT NULL,
+  `api_key_expire` date NOT NULL,
  `company_id` int(11) NOT NULL,
  PRIMARY KEY (`api_key_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8;
@ -1367,4 +1368,4 @@ CREATE TABLE `vendors` (
 /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
 /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;

-- Dump completed on 2022-02-01 16:24:45
+-- Dump completed on 2022-02-03 19:11:34
--- a/post.php
+++ b/post.php
@ -397,6 +397,63 @@ if(isset($_GET['delete_user'])){
    
    header("Location: " . $_SERVER["HTTP_REFERER"]);
  
+}
+// API Key
+if(isset($_POST['add_api_key'])){
+
+    $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
+    $secret = trim(mysqli_real_escape_string($mysqli,$_POST['secret']));
+    $expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['expire'])));
+
+    mysqli_query($mysqli,"INSERT INTO api_keys SET api_key_name = '$name', api_key_secret = '$secret', api_key_expire = '$expire', api_key_created_at = NOW(), company_id = $session_company_id");
+
+    $api_key_id = mysqli_insert_id($mysqli);
+
+    // Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API Key', log_action = 'Create', log_description = '$session_name created API Key $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
+
+    $_SESSION['alert_message'] = "API Key <strong>$name</strong> created";
+    
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if(isset($_POST['edit_api_key'])){
+
+    $api_key_id = intval($_POST['api_key_id']);
+    $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
+    $secret = trim(mysqli_real_escape_string($mysqli,$_POST['secret']));
+    $expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['expire'])));
+
+    mysqli_query($mysqli,"UPDATE api_keys SET api_key_name = '$name', api_key_secret = '$secret', api_key_expire = '$expire', api_key_updated_at = NOW() WHERE api_key_id = $api_key_id AND company_id = $session_company_id");
+
+    // Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API Key', log_action = 'Modify', log_description = '$session_name modified API Key $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
+
+    $_SESSION['alert_message'] = "API Key <strong>$name</strong> updated";
+    
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if(isset($_GET['delete_api_key'])){
+    $api_key_id = intval($_GET['delete_api_key']);
+
+    // Get API Key Name
+    $sql = mysqli_query($mysqli,"SELECT * FROM api_keys WHERE api_key_id = $api_key_id AND company_id = $session_company_id");
+    $row = mysqli_fetch_array($sql);
+    $name = $row['api_key_name'];
+
+    mysqli_query($mysqli,"DELETE FROM api_keys WHERE api_key_id = $api_key_id AND company_id = $session_company_id");
+
+    // Logging   
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API Key', log_action = 'Delete', log_description = '$session_name deleted user $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
+
+    $_SESSION['alert_type'] = "danger";
+    $_SESSION['alert_message'] = "API Key <strong>$name</strong> deleted";
+    
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+  
 }

 if(isset($_POST['add_company'])){
--- a/side_nav.php
+++ b/side_nav.php
@ -229,7 +229,7 @@
            </li>
            <li class="nav-item">
              <a href="tags.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "tags.php") { echo "active"; } ?>">
-                <i class="far fa-circle nav-icon"></i>
+                <i class="fa fa-tag nav-icon"></i>
                <p>Tags</p>
              </a>
            </li>
@ -247,19 +247,25 @@
            </li>
            <li class="nav-item">
              <a href="users.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "users.php") { echo "active"; } ?>">
-                <i class="far fa-circle nav-icon"></i>
+                <i class="far fa-user nav-icon"></i>
                <p>Users</p>
              </a>
            </li>
+            <li class="nav-item">
+              <a href="api_keys.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "api_keys.php") { echo "active"; } ?>">
+                <i class="fas fa-key nav-icon"></i>
+                <p>API Keys</p>
+              </a>
+            </li>
            <li class="nav-item">
              <a href="companies.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "companies.php") { echo "active"; } ?>">
-                <i class="far fa-circle nav-icon"></i>
+                <i class="far fa-building nav-icon"></i>
                <p>Companies</p>
              </a>
            </li>
            <li class="nav-item">
              <a href="logs.php" class="nav-link <?php if(basename($_SERVER["PHP_SELF"]) == "logs.php") { echo "active"; } ?>">
-                <i class="far fa-circle nav-icon"></i>
+                <i class="far fa-eye nav-icon"></i>
                <p>Audit Logs</p>
              </a>
            </li>