API Resources and first endpoints

This commit is contained in:
Miguel Nogueira 2021-03-31 03:55:09 +01:00
parent 2bc07d8ca0
commit ddd79d38fe
Signed by: miguel456
GPG Key ID: 2CF61B825316C6A0
23 changed files with 497 additions and 209 deletions

View File

@ -103,11 +103,13 @@ class JSON
public function build($headers = [])
{
// Uses the same structure as model resources, for consistency when they aren't used.
$response = [
'data' => $this->getData(),
'meta' => [
'status' => $this->getStatus(),
'message' => $this->getMessage(),
'type' => $this->getType(),
'response' => $this->getData()
],
];
return response($response, $this->getCode(), $headers);

View File

@ -11,30 +11,14 @@ use Illuminate\Support\Facades\Hash;
class ApiKeyController extends Controller
{
/**
* Display a listing of the resource.
*
*/
public function index()
{
return view('dashboard.user.api.index')
->with('keys', Auth::user()->keys);
}
$this->authorize('viewAny', ApiKey::class);
public function adminKeys()
{
if (Auth::user()->hasRole('admin'))
{
return view('dashboard.administration.keys')
->with('keys', ApiKey::all());
}
else
{
return redirect()
->back()
->with('error', 'You do not have permission to access this page.');
}
}
/**
* Store a newly created resource in storage.
@ -43,6 +27,8 @@ class ApiKeyController extends Controller
*/
public function store(CreateApiKeyRequest $request)
{
$this->authorize('create', ApiKey::class);
$discriminator = "#" . bin2hex(openssl_random_pseudo_bytes(7));
$secret = bin2hex(openssl_random_pseudo_bytes(32));
@ -71,8 +57,8 @@ class ApiKeyController extends Controller
public function revokeKey(Request $request, ApiKey $key)
{
if (Auth::user()->is($key->user) || Auth::user()->hasRole('admin'))
{
$this->authorize('update', $key);
if ($key->status == 'active')
{
$key->status = 'disabled';
@ -88,11 +74,7 @@ class ApiKeyController extends Controller
return redirect()
->back()
->with('success', 'Key revoked. Apps using this key will stop working.');
}
return redirect()
->back()
->with('error', 'You do not have permission to modify this key.');
}
/**
@ -101,18 +83,13 @@ class ApiKeyController extends Controller
public function destroy($id)
{
$key = ApiKey::findOrFail($id);
$this->authorize('delete', $key);
if (Auth::user()->is($key->user) || Auth::user()->hasRole('admin'))
{
$key->delete();
return redirect()
->back()
->with('success', 'Key deleted successfully. Apps using this key will stop working.');
}
return redirect()
->back()
->with('error', 'You do not have permission to modify this key.');
}
}

View File

@ -23,6 +23,7 @@ namespace App\Http\Controllers;
use App\Application;
use App\Events\ApplicationDeniedEvent;
use App\Http\Resources\ApplicationResource;
use App\Notifications\ApplicationMoved;
use App\Notifications\NewApplicant;
use App\Response;
@ -55,6 +56,8 @@ class ApplicationController extends Controller
}
public function showUserApp(Request $request, Application $application)
{
if (!$request->wantsJson())
{
$this->authorize('view', $application);
@ -77,7 +80,17 @@ class ApplicationController extends Controller
return redirect()->back();
}
public function showAllApps()
return (new ApplicationResource($application))->additional([
'meta' => [
'code' => 200,
'status' => 'success'
]
]);
}
public function showAllApps(Request $request)
{
if (!$request->wantsJson())
{
$this->authorize('viewAny', Application::class);
@ -86,9 +99,16 @@ class ApplicationController extends Controller
}
// todo: eager load all relationships used
return ApplicationResource::collection(Application::paginate(6))->additional([
'code' => '200',
'status' => 'success',
]);
}
public function renderApplicationForm(Request $request, $vacancySlug)
{
// FIXME: Get rid of references to first(), this is a wonky query
$vacancyWithForm = Vacancy::with('forms')->where('vacancySlug', $vacancySlug)->get();
$firstVacancy = $vacancyWithForm->first();
@ -96,10 +116,8 @@ class ApplicationController extends Controller
if (! $vacancyWithForm->isEmpty() && $firstVacancy->vacancyCount !== 0 && $firstVacancy->vacancyStatus == 'OPEN') {
return view('dashboard.application-rendering.apply')
->with([
'vacancy' => $vacancyWithForm->first(),
'preprocessedForm' => json_decode($vacancyWithForm->first()->forms->formStructure, true),
]);
} else {
abort(404, 'The application you\'re looking for could not be found or it is currently unavailable.');

View File

@ -21,6 +21,7 @@
namespace App\Http;
use App\Http\Middleware\APIAuthenticationMiddleware;
use Illuminate\Foundation\Http\Kernel as HttpKernel;
class Kernel extends HttpKernel
@ -60,6 +61,7 @@ class Kernel extends HttpKernel
'api' => [
'throttle:60,1',
\Illuminate\Routing\Middleware\SubstituteBindings::class,
APIAuthenticationMiddleware::class
],
];

View File

@ -0,0 +1,61 @@
<?php
namespace App\Http\Middleware;
use App\ApiKey;
use App\Facades\JSON;
use Carbon\Carbon;
use Closure;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Str;
class APIAuthenticationMiddleware
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
* @return mixed
*/
public function handle(Request $request, Closure $next)
{
$key = $request->bearerToken();
if (!is_null($key))
{
// we have a valid discriminator
$discriminator = Str::before($key, '.');
$loneKey = Str::after($key, '.');
$keyRecord = ApiKey::where('discriminator', $discriminator)->first();
if ($keyRecord && Hash::check($loneKey, $keyRecord->secret) && $keyRecord->status == 'active')
{
Log::alert('API Authentication Success', [
'discriminator' => $discriminator
]);
$keyRecord->last_used = Carbon::now();
$keyRecord->save();
return $next($request);
}
return JSON::setResponseType('error')
->setStatus('authfail')
->setMessage('Invalid / Revoked API key.')
->setCode(401)
->build();
}
return JSON::setResponseType('error')
->setStatus('malformed_key')
->setMessage('Missing or malformed API key.')
->setCode(400)
->build();
}
}

View File

@ -0,0 +1,28 @@
<?php
namespace App\Http\Resources;
use App\Response;
use App\User;
use Illuminate\Http\Resources\Json\JsonResource;
class ApplicationResource extends JsonResource
{
/**
* Transform the resource into an array.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function toArray($request)
{
return [
'id' => $this->id,
'applicationStatus' => $this->applicationStatus,
'applicant' => new UserResource(User::findOrFail($this->applicantUserID)),
'response' => new ResponseResource(Response::findOrFail($this->applicantFormResponseID)),
'created_at' => $this->created_at,
'updated_at' => $this->updated_at
];
}
}

View File

@ -0,0 +1,19 @@
<?php
namespace App\Http\Resources;
use Illuminate\Http\Resources\Json\JsonResource;
class AppointmentResource extends JsonResource
{
/**
* Transform the resource into an array.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function toArray($request)
{
return parent::toArray($request);
}
}

View File

@ -0,0 +1,19 @@
<?php
namespace App\Http\Resources;
use Illuminate\Http\Resources\Json\JsonResource;
class BanResource extends JsonResource
{
/**
* Transform the resource into an array.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function toArray($request)
{
return parent::toArray($request);
}
}

View File

@ -0,0 +1,26 @@
<?php
namespace App\Http\Resources;
use Illuminate\Http\Resources\Json\JsonResource;
class FormResource extends JsonResource
{
/**
* Transform the resource into an array.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function toArray($request)
{
return [
'id' => $this->id,
'formName' => $this->formName,
'formStructure' => json_decode($this->formStructure),
'formStatus' => $this->formStatus,
'created_at' => $this->created_at,
'updated_at' => $this->updated_at
];
}
}

View File

@ -0,0 +1,19 @@
<?php
namespace App\Http\Resources;
use Illuminate\Http\Resources\Json\JsonResource;
class OptionResource extends JsonResource
{
/**
* Transform the resource into an array.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function toArray($request)
{
return parent::toArray($request);
}
}

View File

@ -0,0 +1,19 @@
<?php
namespace App\Http\Resources;
use Illuminate\Http\Resources\Json\JsonResource;
class ProfileResource extends JsonResource
{
/**
* Transform the resource into an array.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function toArray($request)
{
return parent::toArray($request);
}
}

View File

@ -0,0 +1,28 @@
<?php
namespace App\Http\Resources;
use App\Form;
use App\Vacancy;
use Illuminate\Http\Resources\Json\JsonResource;
class ResponseResource extends JsonResource
{
/**
* Transform the resource into an array.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function toArray($request)
{
return [
'id' => $this->id,
'form' => new FormResource(Form::findOrFail($this->responseFormID)),
'responseData' => json_decode($this->responseData),
'vacancy' => new VacancyResource(Vacancy::findOrFail($this->associatedVacancyID)),
'created_at' => $this->created_at,
'updated_at' => $this->updated_at
];
}
}

View File

@ -0,0 +1,19 @@
<?php
namespace App\Http\Resources;
use Illuminate\Http\Resources\Json\JsonResource;
class TeamFileResource extends JsonResource
{
/**
* Transform the resource into an array.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function toArray($request)
{
return parent::toArray($request);
}
}

View File

@ -0,0 +1,19 @@
<?php
namespace App\Http\Resources;
use Illuminate\Http\Resources\Json\JsonResource;
class TeamResource extends JsonResource
{
/**
* Transform the resource into an array.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function toArray($request)
{
return parent::toArray($request);
}
}

View File

@ -0,0 +1,28 @@
<?php
namespace App\Http\Resources;
use Illuminate\Http\Resources\Json\JsonResource;
class UserResource extends JsonResource
{
/**
* Transform the resource into an array.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function toArray($request)
{
return [
'id' => $this->id,
'uuid' => $this->uuid,
'name' => $this->name,
'email' => $this->email,
'username' => $this->username,
'created_at' => $this->created_at,
'updated_at' => $this->updated_at,
'current_team_id' => $this->current_team_id
];
}
}

View File

@ -0,0 +1,19 @@
<?php
namespace App\Http\Resources;
use Illuminate\Http\Resources\Json\JsonResource;
class VacancyResource extends JsonResource
{
/**
* Transform the resource into an array.
*
* @param \Illuminate\Http\Request $request
* @return array
*/
public function toArray($request)
{
return parent::toArray($request);
}
}

View File

@ -0,0 +1,72 @@
<?php
namespace App\Policies;
use App\ApiKey;
use App\User;
use Illuminate\Auth\Access\HandlesAuthorization;
class ApiKeyPolicy
{
use HandlesAuthorization;
/**
* Determine whether the user can view any models.
*
* @param \App\User $user
* @return mixed
*/
public function viewAny(User $user)
{
if ($user->hasRole('admin'))
return true;
return false;
}
/**
* Determine whether the user can create models.
*
* @param \App\User $user
* @return mixed
*/
public function create(User $user)
{
if ($user->hasRole('admin'))
return true;
return false;
}
/**
* Determine whether the user can update the model.
*
* @param \App\User $user
* @param \App\ApiKey $apiKey
* @return mixed
*/
public function update(User $user, ApiKey $apiKey)
{
if ($user->hasRole('admin'))
return true;
return false;
}
/**
* Determine whether the user can delete the model.
*
* @param \App\User $user
* @param \App\ApiKey $apiKey
* @return mixed
*/
public function delete(User $user, ApiKey $apiKey)
{
if ($user->hasRole('admin'))
return true;
return false;
}
}

View File

@ -21,10 +21,12 @@
namespace App\Providers;
use App\ApiKey;
use App\Application;
use App\Appointment;
use App\Ban;
use App\Form;
use App\Policies\ApiKeyPolicy;
use App\Policies\ApplicationPolicy;
use App\Policies\AppointmentPolicy;
use App\Policies\BanPolicy;
@ -61,7 +63,8 @@ class AuthServiceProvider extends ServiceProvider
Ban::class => BanPolicy::class,
Appointment::class => AppointmentPolicy::class,
Team::class => TeamPolicy::class,
TeamFile::class, TeamFilePolicy::class
TeamFile::class => TeamFilePolicy::class,
ApiKey::class => ApiKeyPolicy::class
];
/**

View File

@ -268,11 +268,6 @@ return [
'icon' => 'fas fa-user-circle',
'url' => '/profile/settings/account',
],
[
'text' => 'Programmatic Access',
'icon' => 'fas fa-wrench',
'route' => 'keys.index'
],
[
'header' => 'h_app_management',
'can' => ['applications.view.all', 'applications.vote'],
@ -374,7 +369,7 @@ return [
'text' => 'API Keys',
'icon' => 'fas fa-user-shield',
'can' => 'admin.settings.view',
'route' => 'adminKeys'
'route' => 'keys.index'
]
],
],

View File

@ -16,6 +16,24 @@
@section('content')
<x-modal id="createKeyModal" modal-label="createKeyModalLabel" modal-title="New API Key" include-close-button="true">
<form id="createKey" method="post" action="{{ route('keys.store') }}">
@csrf
<div class="form-group">
<label for="name">Give your new API key a name to easily identify it.</label>
<input type="text" name="keyName" class="form-control" id="name" required>
</div>
</form>
<x-slot name="modalFooter">
<button onclick="$('#createKey').submit()" type="button" class="btn btn-success"><i class="fas fa-key"></i> Register new key</button>
</x-slot>
</x-modal>
<div class="row">
<div class="col">
<div class="alert alert-primary">
@ -24,6 +42,17 @@
</div>
</div>
@if (session()->has('finalKey'))
<div class="row">
<div class="col">
<div class="alert alert-success">
<p><i class="fas fa-key"></i> This is your API key: {{ session('finalKey') }}</p>
<p>Please copy it <b>now</b> as it'll only appear once.</p>
</div>
</div>
</div>
@endif
<div class="row">
<div class="col">
@ -68,6 +97,12 @@
@else
<button disabled type="button" class="btn btn-danger btn-sm ml-2"><i class="fas fa-lock"></i> Revoke</button>
@endif
<form class="d-inline-block" action="{{ route('keys.destroy', ['key' => $key->id]) }}" method="post">
@csrf
@method('DELETE')
<button type="submit" class="btn btn-danger btn-sm ml-2"><i class="fas fa-trash"></i> Delete</button>
</form>
</td>
</tr>
@endforeach
@ -82,8 +117,8 @@
<x-slot name="cardFooter">
<button onclick="window.location.href='{{ route('keys.index') }}'" type="button" class="btn btn-success ml-2"><i class="fas fa-key"></i> Your Keys</button>
<button type="button" onclick="window.location.href='/admin/maintenance/system-logs'" class="btn btn-secondary"><i class="fas fa-clipboard"></i> Search Logs</button>
<button onclick="$('#createKeyModal').modal('show')" type="button" class="btn btn-secondary ml-2"><i class="fas fa-plus"></i> New API Key</button>
<button type="button" onclick="window.location.href='/admin/maintenance/system-logs'" class="btn btn-secondary ml-2"><i class="fas fa-clipboard"></i> Search Logs</button>
</x-slot>
</x-card>

View File

@ -1,118 +0,0 @@
@extends('adminlte::page')
@section('title', config('app.name') . ' | ' . __('API Key Management'))
@section('content_header')
<h4>Profile / Settings / API Keys</h4>
@stop
@section('js')
<x-global-errors></x-global-errors>
@stop
@section('content')
<x-modal id="createKeyModal" modal-label="createKeyModalLabel" modal-title="New API Key" include-close-button="true">
<form id="createKey" method="post" action="{{ route('keys.store') }}">
@csrf
<div class="form-group">
<label for="name">Give your new API key a name to easily identify it.</label>
<input type="text" name="keyName" class="form-control" id="name" required>
</div>
</form>
<x-slot name="modalFooter">
<button onclick="$('#createKey').submit()" type="button" class="btn btn-success"><i class="fas fa-key"></i> Register new key</button>
</x-slot>
</x-modal>
<div class="row">
<div class="col">
<div class="alert alert-warning">
<p><i class="fas fa-exclamation-triangle"></i> <b>Friendly reminder: </b> API keys can access your whole account and the resources it has access to. Please treat them like a password. If they are leaked, please revoke them.</p>
</div>
</div>
</div>
@if (session()->has('finalKey'))
<div class="row">
<div class="col">
<div class="alert alert-success">
<p><i class="fas fa-key"></i> This is your API key: {{ session('finalKey') }}</p>
<p>Please copy it <b>now</b> as it'll only appear once.</p>
</div>
</div>
</div>
@endif
<div class="row">
<div class="col">
<x-card id="keyListing" card-title="Manage API Keys" footer-style="text-center">
<x-slot name="cardHeader"></x-slot>
@if(!$keys->isEmpty())
<table class="table table-borderless">
<thead>
<tr>
<th>Key name</th>
<th>Status</th>
<th>Last Used</th>
<th>Last Modified</th>
<th>Actions</th>
</tr>
</thead>
<tbody>
@foreach($keys as $key)
<tr>
<td>{{ $key->name }}</td>
<td><span class="badge badge-{{ ($key->status == 'disabled') ? 'danger' : 'primary' }}">{{ ($key->status == 'disabled') ? 'Revoked' : 'Active' }}</span></td>
<td><span class="badge badge-{{ ($key->last_used == null) ? 'danger' : 'primary' }}">{{ ($key->last_used == null) ? 'No recent activity' : $key->last_used }}</span></td>
<td><span class="badge badge-primary">{{ $key->updated_at }}</span></td>
<td>
@if ($key->status == 'active')
<form class="d-inline-block" action="{{ route('revokeKey', ['key' => $key->id]) }}" method="post">
@csrf
@method('PATCH')
<button type="submit" class="btn btn-danger btn-sm ml-2"><i class="fas fa-lock"></i> Revoke</button>
</form>
@endif
<form class="d-inline-block" action="{{ route('keys.destroy', ['key' => $key->id]) }}" method="post">
@csrf
@method('DELETE')
<button type="submit" class="btn btn-danger btn-sm ml-2"><i class="fas fa-trash"></i> Delete</button>
</form>
</td>
</tr>
@endforeach
</tbody>
</table>
@else
<div class="alert alert-success">
<p><i class="fa fa-info-circle"></i> You don't have any API keys yet.</p>
</div>
@endif
<x-slot name="cardFooter">
<button onclick="$('#createKeyModal').modal('show')" type="button" class="btn btn-secondary"><i class="fas fa-plus"></i> New API Key</button>
</x-slot>
</x-card>
</div>
</div>
@stop
@section('footer')
@include('breadcrumbs.dashboard.footer')
@stop

View File

@ -33,6 +33,9 @@ use Illuminate\Support\Facades\Route;
|
*/
Route::middleware('auth:api')->get('/user', function (Request $request) {
return $request->user();
Route::middleware(['api'])->group(function (){
Route::get('applications', [\App\Http\Controllers\ApplicationController::class, 'showAllApps']);
Route::get('applications/view/{application}', [\App\Http\Controllers\ApplicationController::class, 'showUserApp']);
});

View File

@ -164,13 +164,6 @@ Route::group(['prefix' => LaravelLocalization::setLocale(), 'middleware' => ['lo
->name('showProfileSettings')
->middleware('passwordredirect');
Route::resource('keys', ApiKeyController::class)
->middleware('passwordredirect');
Route::patch('keys/revoke/{key}', [ApiKeyController::class, 'revokeKey'])
->name('revokeKey')
->middleware('passwordredirect');
Route::patch('/settings/save', [ProfileController::class, 'saveProfile'])
->name('saveProfileSettings')
->middleware('passwordredirect');
@ -229,8 +222,10 @@ Route::group(['prefix' => LaravelLocalization::setLocale(), 'middleware' => ['lo
Route::get('settings', [OptionsController::class, 'index'])
->name('showSettings');
Route::get('keys', [ApiKeyController::class, 'adminKeys'])
->name('adminKeys');
Route::resource('keys', ApiKeyController::class);
Route::patch('keys/revoke/{key}', [ApiKeyController::class, 'revokeKey'])
->name('revokeKey');
Route::post('settings/save', [OptionsController::class, 'saveSettings'])
->name('saveSettings');