From 03c580a9b31fb82187de3c882bc274441c41847d Mon Sep 17 00:00:00 2001 From: Florian Pritz Date: Thu, 14 Feb 2013 15:36:58 +0100 Subject: Add API key support Signed-off-by: Florian Pritz --- application/models/mfile.php | 2 +- application/models/muser.php | 67 ++++++++++++++++++++++++++++++++++++++------ 2 files changed, 59 insertions(+), 10 deletions(-) (limited to 'application/models') diff --git a/application/models/mfile.php b/application/models/mfile.php index a7bab5d51..aaeebccaf 100644 --- a/application/models/mfile.php +++ b/application/models/mfile.php @@ -310,7 +310,7 @@ class Mfile extends CI_Model { function delete_id($id) { - $this->muser->require_access(); + $this->muser->require_access("apikey"); $filedata = $this->get_filedata($id); $userid = $this->muser->get_userid(); diff --git a/application/models/muser.php b/application/models/muser.php index 639b5ee3a..312d895e5 100644 --- a/application/models/muser.php +++ b/application/models/muser.php @@ -67,6 +67,14 @@ class Muser extends CI_Model { { $username = $this->input->post("username"); $password = $this->input->post("password"); + $apikey = $this->input->post("apikey"); + + if ($apikey !== false) { + if ($this->apilogin(trim($apikey))) { + return true; + } + show_error("API key login failed", 401); + } // prefer post parameters if either (username or password) is set if ($username === false && $password === false) { @@ -76,18 +84,39 @@ class Muser extends CI_Model { } } - if ($username !== false && $password !== false) { + if ($apikey === false && $username !== false && $password !== false) { if ($this->login($username, $password)) { return true; } else { - // TODO: better message - $this->output->set_status_header(401); - echo "login failed.\n"; - exit; + show_error("Login failed", 401); } } } + function apilogin($apikey) + { + $this->require_session(); + + // FIXME: get username/id from duser or move them to apikeys table + // (users is empty when using any other driver than duser_db) + $query = $this->db->query(" + SELECT a.user userid, u.username + FROM apikeys a + JOIN users u on a.user = u.id + WHERE a.key = ? + ", array($apikey))->row_array(); + + if (isset($query["userid"])) { + $this->session->set_userdata('logged_in', true); + $this->session->set_userdata('username', $query["username"]); + $this->session->set_userdata('userid', $query["userid"]); + $this->session->set_userdata('access_level', 'apikey'); + return true; + } + + return false; + } + function logout() { $this->require_session(); @@ -124,16 +153,36 @@ class Muser extends CI_Model { return $this->duser->get_email($userid); } - function require_access() + private function check_access_level($wanted_level) { - if ($this->logged_in()) { + $session_level = $this->session->userdata("access_level"); + + // last level has the most access + $levels = array("apikey", "full"); + + $wanted = array_search($wanted_level, $levels); + $have = array_search($session_level, $levels); + + if ($wanted === false || $have === false) { + show_error("Failed to determine access level"); + } + + if ($have >= $wanted) { return true; } - // handle cli clients + show_error("Access denied", 403); + } + + function require_access($wanted_level = "full") + { + if ($this->logged_in()) { + return $this->check_access_level($wanted_level); + } + if (is_cli_client()) { if ($this->login_cli_client()) { - return true; + return $this->check_access_level($wanted_level); } echo "FileBin requires you to have an account, please go to the homepage for more information.\n"; -- cgit v1.2.3-24-g4f1b