summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--application/config/migration.php2
-rw-r--r--application/controllers/file.php10
-rw-r--r--application/controllers/user.php65
-rw-r--r--application/helpers/filebin_helper.php6
-rw-r--r--application/libraries/Duser/Duser.php1
-rw-r--r--application/migrations/009_add_apikeys.php24
-rw-r--r--application/models/mfile.php2
-rw-r--r--application/models/muser.php64
-rw-r--r--application/views/file/client.php8
-rw-r--r--application/views/file/upload_form.php2
-rw-r--r--application/views/header.php4
-rw-r--r--application/views/user/apikeys.php36
-rw-r--r--application/views/user/nav.php1
13 files changed, 206 insertions, 19 deletions
diff --git a/application/config/migration.php b/application/config/migration.php
index 943ff0880..5fef0ad40 100644
--- a/application/config/migration.php
+++ b/application/config/migration.php
@@ -21,7 +21,7 @@ $config['migration_enabled'] = true;
| be upgraded / downgraded to.
|
*/
-$config['migration_version'] = 8;
+$config['migration_version'] = 9;
/*
diff --git a/application/controllers/file.php b/application/controllers/file.php
index c133539f7..7629b809b 100644
--- a/application/controllers/file.php
+++ b/application/controllers/file.php
@@ -282,7 +282,7 @@ class File extends CI_Controller {
"lexer" => $lexer
));
$this->session->set_flashdata("uri", "file/claim_id");
- $this->muser->require_access();
+ $this->muser->require_access("apikey");
}
foreach ($ids as $id) {
@@ -444,7 +444,7 @@ class File extends CI_Controller {
function upload_history()
{
- $this->muser->require_access();
+ $this->muser->require_access("apikey");
$user = $this->muser->get_userid();
@@ -523,7 +523,7 @@ class File extends CI_Controller {
function do_delete()
{
- $this->muser->require_access();
+ $this->muser->require_access("apikey");
$ids = $this->input->post("ids");
$errors = array();
@@ -563,7 +563,7 @@ class File extends CI_Controller {
function delete()
{
- $this->muser->require_access();
+ $this->muser->require_access("apikey");
if (!is_cli_client()) {
echo "Not a listed cli client, please use the history to delete uploads.\n";
@@ -634,7 +634,7 @@ class File extends CI_Controller {
{
// desktop clients get a cookie to claim the ID later
if (is_cli_client()) {
- $this->muser->require_access();
+ $this->muser->require_access("apikey");
}
$ids = array();
diff --git a/application/controllers/user.php b/application/controllers/user.php
index 21b58cf93..f1dbe5c31 100644
--- a/application/controllers/user.php
+++ b/application/controllers/user.php
@@ -84,6 +84,71 @@ class User extends CI_Controller {
}
}
+ function create_apikey()
+ {
+ $this->muser->require_access();
+
+ $userid = $this->muser->get_userid();
+ $comment = $this->input->post("comment");
+
+
+ if (strlen($comment) > 255 || !preg_match("/^[a-zA-Z0-9 -@,]*$/", $comment)) {
+ // display better error for
+ show_error("Comment invalid. Only 255 chars of a-zA-Z0-9, @, -, space and comma allowed");
+ }
+
+ $key = random_alphanum(32);
+
+ $this->db->query("
+ INSERT INTO `apikeys`
+ (`key`, `user`, `comment`)
+ VALUES (?, ?, ?)
+ ", array($key, $userid, $comment));
+
+ if (is_cli_client()) {
+ echo "$key\n";
+ } else {
+ redirect("user/apikeys");
+ }
+ }
+
+ function delete_apikey()
+ {
+ $this->muser->require_access();
+
+ $userid = $this->muser->get_userid();
+ $key = $this->input->post("key");
+
+ var_dump($userid, $key);
+
+ $this->db->query("
+ DELETE FROM `apikeys`
+ WHERE `user` = ?
+ AND `key` = ?
+ ", array($userid, $key));
+
+ redirect("user/apikeys");
+ }
+
+ function apikeys()
+ {
+ $this->muser->require_access();
+
+ $userid = $this->muser->get_userid();
+
+ $query = $this->db->query("
+ SELECT `key`, UNIX_TIMESTAMP(`created`) `created`, `comment`
+ FROM `apikeys`
+ WHERE `user` = ? order by created desc
+ ", array($userid))->result_array();
+
+ $this->data["query"] = $query;
+
+ $this->load->view('header', $this->data);
+ $this->load->view($this->var->view_dir.'apikeys', $this->data);
+ $this->load->view('footer', $this->data);
+ }
+
function create_invitation_key()
{
$this->duser->require_implemented("can_register_new_users");
diff --git a/application/helpers/filebin_helper.php b/application/helpers/filebin_helper.php
index 88bb290c4..4af106a14 100644
--- a/application/helpers/filebin_helper.php
+++ b/application/helpers/filebin_helper.php
@@ -323,6 +323,12 @@ function auth_driver_function_implemented($function)
return $result[$function];
}
+function user_logged_in()
+{
+ $CI =& get_instance();
+ return $CI->muser->logged_in();
+}
+
function send_json_reply($array)
{
$CI =& get_instance();
diff --git a/application/libraries/Duser/Duser.php b/application/libraries/Duser/Duser.php
index 19d1bfa09..733616b40 100644
--- a/application/libraries/Duser/Duser.php
+++ b/application/libraries/Duser/Duser.php
@@ -78,6 +78,7 @@ class Duser extends CI_Driver_Library {
$CI->session->set_userdata('logged_in', true);
$CI->session->set_userdata('username', $login_info["username"]);
$CI->session->set_userdata('userid', $login_info["userid"]);
+ $CI->session->set_userdata('access_level', 'full');
return true;
}
diff --git a/application/migrations/009_add_apikeys.php b/application/migrations/009_add_apikeys.php
new file mode 100644
index 000000000..8e88260a8
--- /dev/null
+++ b/application/migrations/009_add_apikeys.php
@@ -0,0 +1,24 @@
+<?php
+defined('BASEPATH') OR exit('No direct script access allowed');
+
+class Migration_Add_apikeys extends CI_Migration {
+
+ public function up()
+ {
+ $this->db->query("
+ CREATE TABLE `apikeys` (
+ `key` varchar(64) COLLATE utf8_bin NOT NULL,
+ `user` int(8) unsigned NOT NULL,
+ `created` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,
+ `comment` varchar(255) CHARACTER SET ascii COLLATE ascii_bin NOT NULL,
+ PRIMARY KEY (`key`),
+ KEY `user` (`user`)
+ ) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_bin
+ ");
+ }
+
+ public function down()
+ {
+ $this->dbforge->drop_table('apikeys');
+ }
+}
diff --git a/application/models/mfile.php b/application/models/mfile.php
index a7bab5d51..aaeebccaf 100644
--- a/application/models/mfile.php
+++ b/application/models/mfile.php
@@ -310,7 +310,7 @@ class Mfile extends CI_Model {
function delete_id($id)
{
- $this->muser->require_access();
+ $this->muser->require_access("apikey");
$filedata = $this->get_filedata($id);
$userid = $this->muser->get_userid();
diff --git a/application/models/muser.php b/application/models/muser.php
index 639b5ee3a..843b7cad6 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -67,6 +67,14 @@ class Muser extends CI_Model {
{
$username = $this->input->post("username");
$password = $this->input->post("password");
+ $apikey = $this->input->post("apikey");
+
+ if ($apikey !== false) {
+ if ($this->apilogin(trim($apikey))) {
+ return true;
+ }
+ show_error("API key login failed", 401);
+ }
// prefer post parameters if either (username or password) is set
if ($username === false && $password === false) {
@@ -76,18 +84,36 @@ class Muser extends CI_Model {
}
}
- if ($username !== false && $password !== false) {
+ if ($apikey === false && $username !== false && $password !== false) {
if ($this->login($username, $password)) {
return true;
} else {
- // TODO: better message
- $this->output->set_status_header(401);
- echo "login failed.\n";
- exit;
+ show_error("Login failed", 401);
}
}
}
+ function apilogin($apikey)
+ {
+ $this->require_session();
+
+ $query = $this->db->query("
+ SELECT a.user userid
+ FROM apikeys a
+ WHERE a.key = ?
+ ", array($apikey))->row_array();
+
+ if (isset($query["userid"])) {
+ $this->session->set_userdata('logged_in', true);
+ $this->session->set_userdata('username', "");
+ $this->session->set_userdata('userid', $query["userid"]);
+ $this->session->set_userdata('access_level', 'apikey');
+ return true;
+ }
+
+ return false;
+ }
+
function logout()
{
$this->require_session();
@@ -124,16 +150,36 @@ class Muser extends CI_Model {
return $this->duser->get_email($userid);
}
- function require_access()
+ private function check_access_level($wanted_level)
{
- if ($this->logged_in()) {
+ $session_level = $this->session->userdata("access_level");
+
+ // last level has the most access
+ $levels = array("apikey", "full");
+
+ $wanted = array_search($wanted_level, $levels);
+ $have = array_search($session_level, $levels);
+
+ if ($wanted === false || $have === false) {
+ show_error("Failed to determine access level");
+ }
+
+ if ($have >= $wanted) {
return true;
}
- // handle cli clients
+ show_error("Access denied", 403);
+ }
+
+ function require_access($wanted_level = "full")
+ {
+ if ($this->logged_in()) {
+ return $this->check_access_level($wanted_level);
+ }
+
if (is_cli_client()) {
if ($this->login_cli_client()) {
- return true;
+ return $this->check_access_level($wanted_level);
}
echo "FileBin requires you to have an account, please go to the homepage for more information.\n";
diff --git a/application/views/file/client.php b/application/views/file/client.php
index 19e6a01fb..5e141f141 100644
--- a/application/views/file/client.php
+++ b/application/views/file/client.php
@@ -13,6 +13,14 @@ machine <?php echo $domain; ?> login my_username password my_secret_password
</pre>
<p>
+ If you are using fb-client &ge;1.2 you can
+ <a href="<?php echo site_url("user/apikeys"); ?>">create an API key</a>,
+ save it in <code>~/.config/fb-client/apikey</code> and remove
+ your password from <code>.netrc</code>. Please refer to <code>man
+ 1 fb</code> for further details.
+</p>
+
+<p>
If you are using fb-client &ge;1.1 you can use
<code>~/.config/fb-client/config</code> to upload to a different
pastebin URL (https or you own installation). Please refer to
diff --git a/application/views/file/upload_form.php b/application/views/file/upload_form.php
index 99c1d9e42..841ac3746 100644
--- a/application/views/file/upload_form.php
+++ b/application/views/file/upload_form.php
@@ -1,4 +1,4 @@
-<?php if (isset($username) && $username) { ?>
+<?php if (user_logged_in()) { ?>
<div class="well">
<div class="row-fluid">
<div class="span12 text-upload-form">
diff --git a/application/views/header.php b/application/views/header.php
index e85463735..ba6d6ae9d 100644
--- a/application/views/header.php
+++ b/application/views/header.php
@@ -45,7 +45,7 @@ if (is_cli_client() && !isset($force_full_html)) {
</a>
<?php if(!isset($GLOBALS["is_error_page"])) { ?>
<ul class="nav pull-right">
- <?php if(isset($username) && $username) { ?>
+ <?php if(user_logged_in()) { ?>
<li><a href="<?php echo site_url("/user/logout"); ?>">Logout</a></li>
<?php } else { ?>
<li class="dropdown">
@@ -65,7 +65,7 @@ if (is_cli_client() && !isset($force_full_html)) {
</ul>
<?php }; ?>
<ul class="nav">
- <?php if(isset($username) && $username) { ?>
+ <?php if(user_logged_in()) { ?>
<li><a href="<?php echo site_url("file/index") ?>"><i class="icon-pencil icon-white"></i> New</a></li>
<li><a href="<?php echo site_url("file/upload_history") ?>"><i class="icon-book icon-white"></i> History</a></li>
<li class="dropdown">
diff --git a/application/views/user/apikeys.php b/application/views/user/apikeys.php
new file mode 100644
index 000000000..14d829ffa
--- /dev/null
+++ b/application/views/user/apikeys.php
@@ -0,0 +1,36 @@
+<h2>API keys</h2>
+<table class="table table-striped">
+ <thead>
+ <tr>
+ <th>#</th>
+ <th>Key</th>
+ <th style="width: 30%;">Comment</th>
+ <th>Created on</th>
+ <th></th>
+ </tr>
+ </thead>
+ <tbody>
+ <?php $i = 1; ?>
+ <?php foreach($query as $key => $item): ?>
+ <tr>
+ <td><?php echo $i++; ?></td>
+ <td><?php echo $item["key"]; ?></td>
+ <td><?php echo $item["comment"]; ?></td>
+ <td><?php echo date("Y/m/d H:i", $item["created"]); ?></td>
+ <td>
+ <?php echo form_open("user/delete_apikey", array("style" => "margin-bottom: 0")); ?>
+ <?php echo form_hidden("key", $item["key"]); ?>
+ <button class="btn btn-danger btn-mini" type="submit">Delete</input>
+ </form>
+ </td>
+ </tr>
+ <?php endforeach; ?>
+ </tbody>
+</table>
+
+<p>
+ <?php echo form_open('user/create_apikey', array("class" => "form-horizontal")); ?>
+ <input type="text" name="comment" placeholder="Comment" />
+ <input class="btn btn-primary" type="submit" value="Create a new key" name="process" />
+ </form>
+</p>
diff --git a/application/views/user/nav.php b/application/views/user/nav.php
index 26898fde8..90f76e05e 100644
--- a/application/views/user/nav.php
+++ b/application/views/user/nav.php
@@ -3,6 +3,7 @@
<?php } ?>
<li><a href="<?php echo site_url("user/profile") ?>"><i class="icon-user icon-black"></i> Profile</a></li>
+<li><a href="<?php echo site_url("user/apikeys") ?>"><i class="icon-tags icon-black"></i> API keys</a></li>
<?php if(auth_driver_function_implemented("can_reset_password")) { ?>
<li><a href="<?php echo site_url("user/reset_password") ?>"><i class="icon-lock icon-black"></i> Change password</a></li>