miguel456/athenahr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

API key management interface

Browse Source
This commit is contained in:
Miguel Nogueira
2021-03-30 01:27:49 +01:00
parent 6d94263ede
commit 99779c9053
11 changed files with 406 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
app/ApiKey.php Normal file
View File

@@ -0,0 +1,25 @@
<?php
namespace App;
use Illuminate\Database\Eloquent\Factories\HasFactory;
use Illuminate\Database\Eloquent\Model;
class ApiKey extends Model
{
use HasFactory;
protected $fillable = [
'name',
'status',
'discriminator',
'last_used',
'secret',
'owner_user_id'
];
public function user()
{
return $this->belongsTo('App\User', 'id');
}
}

103
app/Http/Controllers/ApiKeyController.php Normal file
View File

@@ -0,0 +1,103 @@
<?php
namespace App\Http\Controllers;
use App\ApiKey;
use App\Http\Requests\CreateApiKeyRequest;
use App\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
class ApiKeyController extends Controller
{
/**
* Display a listing of the resource.
*
*/
public function index()
{
return view('dashboard.user.api.index')
->with('keys', Auth::user()->keys);
}
/**
* Store a newly created resource in storage.
*
* @param \Illuminate\Http\Request $request
*/
public function store(CreateApiKeyRequest $request)
{
$discriminator = "#" . bin2hex(openssl_random_pseudo_bytes(7));
$secret = bin2hex(openssl_random_pseudo_bytes(32));
$key = ApiKey::create([
'name' => $request->keyName,
'discriminator' => $discriminator,
'secret' => Hash::make($secret),
'status' => 'active',
'owner_user_id' => Auth::user()->id
]);
if ($key)
{
$request->session()->flash('success', 'Key successfully registered!');
$request->session()->flash('finalKey', $discriminator . '.' . $secret);
return redirect()
->back();
}
return redirect()
->back()
->with('error', 'An error occurred whilst trying to create an API key.');
}
public function revokeKey(Request $request, ApiKey $key)
{
if (Auth::user()->is($key->user) || Auth::user()->hasRole('admin'))
{
if ($key->status == 'active')
{
$key->status = 'disabled';
$key->save();
}
else
{
return redirect()
->back()
->with('error', 'Key already revoked.');
}
return redirect()
->back()
->with('success', 'Key revoked. Apps using this key will stop working.');
}
return redirect()
->back()
->with('error', 'You do not have permission to modify this key.');
}
/**
* Remove the specified resource from storage.
*/
public function destroy($id)
{
$key = ApiKey::findOrFail($id);
if (Auth::user()->is($key->user) || Auth::user()->hasRole('admin'))
{
$key->delete();
return redirect()
->back()
->with('success', 'Key deleted successfully. Apps using this key will stop working.');
}
return redirect()
->back()
->with('error', 'You do not have permission to modify this key.');
}
}

30
app/Http/Requests/CreateApiKeyRequest.php Normal file
View File

@@ -0,0 +1,30 @@
<?php
namespace App\Http\Requests;
use Illuminate\Foundation\Http\FormRequest;
class CreateApiKeyRequest extends FormRequest
{
/**
* Determine if the user is authorized to make this request.
*
* @return bool
*/
public function authorize()
{
return true;
}
/**
* Get the validation rules that apply to the request.
*
* @return array
*/
public function rules()
{
return [
'keyName' => 'required|string'
];
}
}

1
app/Providers/JSONProvider.php
View File

@@ -2,6 +2,7 @@
namespace App\Providers;
use App;
use App\Helpers\JSON;
use Illuminate\Support\ServiceProvider;

5
app/User.php
View File

@@ -92,6 +92,11 @@ class User extends Authenticatable implements MustVerifyEmail
return $this->hasMany('App\TeamFile', 'uploaded_by');
}
public function keys()
{
return $this->hasMany('App\ApiKey', 'owner_user_id');
}
// UTILITY LOGIC
public function isBanned()