From 230eda1974501e143989d2fe2c527d47d81c22ac Mon Sep 17 00:00:00 2001
From: Miguel N <miguel456@spacejewel-hosting.com>
Date: Fri, 29 Oct 2021 20:23:45 +0100
Subject: [PATCH] Removed API key feature

Removed API key generation feature in preparation for JWT authentication
---
 app/ApiKey.php                                |  25 ----
 app/Http/Controllers/ApiKeyController.php     |  95 -------------
 app/Http/Requests/CreateApiKeyRequest.php     |  30 ----
 config/adminlte.php                           |   6 -
 .../migrations/2021_03_29_224932_api_keys.php |  42 ------
 ...10_26_000036_add_linked_accounts_table.php |  28 ++++
 .../dashboard/administration/keys.blade.php   | 134 ------------------
 routes/web.php                                |   2 -
 8 files changed, 28 insertions(+), 334 deletions(-)
 delete mode 100644 app/ApiKey.php
 delete mode 100644 app/Http/Controllers/ApiKeyController.php
 delete mode 100644 app/Http/Requests/CreateApiKeyRequest.php
 delete mode 100644 database/migrations/2021_03_29_224932_api_keys.php
 create mode 100644 database/migrations/2021_10_26_000036_add_linked_accounts_table.php
 delete mode 100644 resources/views/dashboard/administration/keys.blade.php

diff --git a/app/ApiKey.php b/app/ApiKey.php
deleted file mode 100644
index 0ed33ff..0000000
--- a/app/ApiKey.php
+++ /dev/null
@@ -1,25 +0,0 @@
-<?php
-
-namespace App;
-
-use Illuminate\Database\Eloquent\Factories\HasFactory;
-use Illuminate\Database\Eloquent\Model;
-
-class ApiKey extends Model
-{
-    use HasFactory;
-
-    protected $fillable = [
-        'name',
-        'status',
-        'discriminator',
-        'last_used',
-        'secret',
-        'owner_user_id'
-    ];
-
-    public function user()
-    {
-        return $this->belongsTo('App\User', 'owner_user_id', 'id');
-    }
-}
diff --git a/app/Http/Controllers/ApiKeyController.php b/app/Http/Controllers/ApiKeyController.php
deleted file mode 100644
index f725ec4..0000000
--- a/app/Http/Controllers/ApiKeyController.php
+++ /dev/null
@@ -1,95 +0,0 @@
-<?php
-
-namespace App\Http\Controllers;
-
-use App\ApiKey;
-use App\Http\Requests\CreateApiKeyRequest;
-use App\User;
-use Illuminate\Http\Request;
-use Illuminate\Support\Facades\Auth;
-use Illuminate\Support\Facades\Hash;
-
-class ApiKeyController extends Controller
-{
-
-    public function index()
-    {
-        $this->authorize('viewAny', ApiKey::class);
-
-        return view('dashboard.administration.keys')
-            ->with('keys', ApiKey::all());
-    }
-
-    /**
-     * Store a newly created resource in storage.
-     *
-     * @param  \Illuminate\Http\Request  $request
-     */
-    public function store(CreateApiKeyRequest $request)
-    {
-        $this->authorize('create', ApiKey::class);
-
-        $discriminator = "#" . bin2hex(random_bytes(7));
-        $secret = bin2hex(random_bytes(32));
-
-        $key = ApiKey::create([
-            'name' => $request->keyName,
-            'discriminator' => $discriminator,
-            'secret' => Hash::make($secret),
-            'status' => 'active',
-            'owner_user_id' => Auth::user()->id
-        ]);
-
-        if ($key)
-        {
-            $request->session()->flash('success', __('Key successfully registered!'));
-            $request->session()->flash('finalKey', $discriminator . '.' . $secret);
-
-            return redirect()
-                ->back();
-        }
-
-        return redirect()
-            ->back()
-            ->with('error', __('An error occurred whilst trying to create an API key.'));
-    }
-
-
-   public function revokeKey(Request $request, ApiKey $key)
-   {
-       $this->authorize('update', $key);
-
-       if ($key->status == 'active')
-       {
-           $key->status = 'disabled';
-           $key->save();
-       }
-       else
-       {
-           return redirect()
-               ->back()
-               ->with('error', __('Key already revoked.'));
-       }
-
-       return redirect()
-           ->back()
-           ->with('success', __('Key revoked. Apps using this key will stop working.'));
-
-   }
-
-    /**
-     * Remove the specified resource from storage.
-     */
-    public function destroy($id)
-    {
-        $key = ApiKey::findOrFail($id);
-        $this->authorize('delete', $key);
-
-        $key->delete();
-
-        return redirect()
-            ->back()
-            ->with('success', __('Key deleted successfully. Apps using this key will stop working.'));
-
-    }
-}
diff --git a/app/Http/Requests/CreateApiKeyRequest.php b/app/Http/Requests/CreateApiKeyRequest.php
deleted file mode 100644
index d7bf22c..0000000
--- a/app/Http/Requests/CreateApiKeyRequest.php
+++ /dev/null
@@ -1,30 +0,0 @@
-<?php
-
-namespace App\Http\Requests;
-
-use Illuminate\Foundation\Http\FormRequest;
-
-class CreateApiKeyRequest extends FormRequest
-{
-    /**
-     * Determine if the user is authorized to make this request.
-     *
-     * @return bool
-     */
-    public function authorize()
-    {
-        return true;
-    }
-
-    /**
-     * Get the validation rules that apply to the request.
-     *
-     * @return array
-     */
-    public function rules()
-    {
-        return [
-            'keyName' => 'required|string'
-        ];
-    }
-}
diff --git a/config/adminlte.php b/config/adminlte.php
index 23d0b2c..32b0b5e 100755
--- a/config/adminlte.php
+++ b/config/adminlte.php
@@ -365,12 +365,6 @@ return [
                     'url' => '/admin/devtools',
                     'can' => 'admin.developertools.use',
                 ],
-                [
-                    'text' => 'API Keys',
-                    'icon' => 'fas fa-user-shield',
-                    'can' => 'admin.settings.view',
-                    'route' => 'keys.index'
-                ]
             ],
         ],
         [
diff --git a/database/migrations/2021_03_29_224932_api_keys.php b/database/migrations/2021_03_29_224932_api_keys.php
deleted file mode 100644
index 43a990d..0000000
--- a/database/migrations/2021_03_29_224932_api_keys.php
+++ /dev/null
@@ -1,42 +0,0 @@
-<?php
-
-use Illuminate\Database\Migrations\Migration;
-use Illuminate\Database\Schema\Blueprint;
-use Illuminate\Support\Facades\Schema;
-
-class ApiKeys extends Migration
-{
-    /**
-     * Run the migrations.
-     *
-     * @return void
-     */
-    public function up()
-    {
-        // API keys can only access resources the owner's account can access
-        Schema::create('api_keys', function (Blueprint $table) {
-
-            $table->id();
-            $table->string('discriminator');
-            $table->string('secret');
-            $table->enum('status', ['disabled', 'active']);
-            $table->bigInteger('owner_user_id')->unsigned();
-
-            $table->foreign('owner_user_id')
-                ->references('id')
-                ->on('users')
-                ->cascadeOnDelete()
-                ->cascadeOnUpdate();
-        });
-    }
-
-    /**
-     * Reverse the migrations.
-     *
-     * @return void
-     */
-    public function down()
-    {
-        //
-    }
-}
diff --git a/database/migrations/2021_10_26_000036_add_linked_accounts_table.php b/database/migrations/2021_10_26_000036_add_linked_accounts_table.php
new file mode 100644
index 0000000..712b9fb
--- /dev/null
+++ b/database/migrations/2021_10_26_000036_add_linked_accounts_table.php
@@ -0,0 +1,28 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+class AddLinkedAccountsTable extends Migration
+{
+    /**
+     * Run the migrations.
+     *
+     * @return void
+     */
+    public function up()
+    {
+        //
+    }
+
+    /**
+     * Reverse the migrations.
+     *
+     * @return void
+     */
+    public function down()
+    {
+        //
+    }
+}
diff --git a/resources/views/dashboard/administration/keys.blade.php b/resources/views/dashboard/administration/keys.blade.php
deleted file mode 100644
index f79d132..0000000
--- a/resources/views/dashboard/administration/keys.blade.php
+++ /dev/null
@@ -1,134 +0,0 @@
-@extends('adminlte::page')
-
-@section('title', config('app.name') . ' | Key Administration')
-
-@section('content_header')
-
-    <h4>{{__('messages.adm')}} / API Key Administration</h4>
-
-@stop
-
-@section('js')
-
-    <x-global-errors></x-global-errors>
-
-@stop
-
-@section('content')
-
-    <x-modal id="createKeyModal" modal-label="createKeyModalLabel" modal-title="New API Key" include-close-button="true">
-
-        <form id="createKey" method="post" action="{{ route('keys.store') }}">
-            @csrf
-
-            <div class="form-group">
-                <label for="name">Give your new API key a name to easily identify it.</label>
-                <input type="text" name="keyName" class="form-control" id="name" required>
-            </div>
-
-        </form>
-
-        <x-slot name="modalFooter">
-            <button onclick="$('#createKey').submit()" type="button" class="btn btn-success"><i class="fas fa-key"></i> Register new key</button>
-        </x-slot>
-
-    </x-modal>
-
-    <div class="row">
-        <div class="col">
-            <div class="alert alert-primary">
-                <p><i class="fas fa-info-circle"></i> You can use the key discriminator to identify it's API calls in the logs.</p>
-            </div>
-        </div>
-    </div>
-
-    @if (session()->has('finalKey'))
-        <div class="row">
-            <div class="col">
-                <div class="alert alert-success">
-                    <p><i class="fas fa-key"></i> This is your API key: {{ session('finalKey') }}</p>
-                    <p>Please copy it <b>now</b> as it'll only appear once.</p>
-                </div>
-            </div>
-        </div>
-    @endif
-
-    <div class="row">
-        <div class="col">
-
-            <x-card id="adminKeys" card-title="API Key Monitoring & Administration" footer-style="text-center">
-
-                <x-slot name="cardHeader">
-                    <p class="card-text">Here, you can view and manage all API keys created by users in the app. You can't, however, use this page to access someone else's account.</p>
-                </x-slot>
-
-
-                @if(!$keys->isEmpty())
-                    <table class="table table-borderless">
-                        <thead>
-                        <tr>
-                            <th>Name</th>
-                            <th>Discriminator</th>
-                            <th>Owner</th>
-                            <th>Status</th>
-                            <th>Last Used</th>
-                            <th>Last Modified</th>
-                            <th>Actions</th>
-                        </tr>
-                        </thead>
-
-                        <tbody>
-
-                        @foreach($keys as $key)
-                            <tr>
-                                <td>{{ $key->name }}</td>
-                                <td id="discr{{$key->id}}">{{ $key->discriminator }}</td>
-                                <td><a href="{{ route('showSingleProfile', ['user' => $key->user->id]) }}">{{ $key->user->name }}</a></td>
-                                <td><span class="badge badge-{{ ($key->status == 'disabled') ? 'danger' : 'primary' }}">{{ ($key->status == 'disabled') ? 'Revoked' : 'Active' }}</span></td>
-                                <td><span class="badge badge-{{ ($key->last_used == null) ? 'danger' : 'primary' }}">{{ ($key->last_used == null) ? 'No recent activity' : $key->last_used }}</span></td>
-                                <td><span class="badge badge-primary">{{ $key->updated_at }}</span></td>
-                                <td>
-                                    @if ($key->status == 'active')
-                                        <form class="d-inline-block" action="{{ route('revokeKey', ['key' => $key->id]) }}" method="post">
-                                            @csrf
-                                            @method('PATCH')
-                                            <button type="submit" class="btn btn-danger btn-sm ml-2"><i class="fas fa-lock"></i> Revoke</button>
-                                        </form>
-                                    @else
-                                        <button disabled type="button" class="btn btn-danger btn-sm ml-2"><i class="fas fa-lock"></i> Revoke</button>
-                                    @endif
-                                    <form class="d-inline-block" action="{{ route('keys.destroy', ['key' => $key->id]) }}" method="post">
-                                        @csrf
-                                        @method('DELETE')
-                                        <button type="submit" class="btn btn-danger btn-sm ml-2"><i class="fas fa-trash"></i> Delete</button>
-                                    </form>
-
-                                </td>
-                            </tr>
-                        @endforeach
-
-                        </tbody>
-                    </table>
-                @else
-                    <div class="alert alert-success">
-                        <p><i class="fa fa-info-circle"></i> No API keys have been registered yet.</p>
-                    </div>
-                @endif
-
-
-                <x-slot name="cardFooter">
-                    <button onclick="$('#createKeyModal').modal('show')" type="button" class="btn btn-secondary ml-2"><i class="fas fa-plus"></i> New API Key</button>
-                    <button type="button" onclick="window.location.href='/admin/maintenance/system-logs'" class="btn btn-secondary ml-2"><i class="fas fa-clipboard"></i> Search Logs</button>
-                </x-slot>
-
-            </x-card>
-
-        </div>
-    </div>
-
-@stop
-
-
-@section('footer')
-    @include('breadcrumbs.dashboard.footer')
-@stop
diff --git a/routes/web.php b/routes/web.php
index 5caaae9..f4e938e 100755
--- a/routes/web.php
+++ b/routes/web.php
@@ -241,8 +241,6 @@ Route::group(['prefix' => LaravelLocalization::setLocale(), 'middleware' => ['lo
             Route::get('settings', [OptionsController::class, 'index'])
                 ->name('showSettings');
 
-            Route::resource('keys', ApiKeyController::class);
-
             Route::patch('keys/revoke/{key}', [ApiKeyController::class, 'revokeKey'])
                 ->name('revokeKey');