rbrecruiter/app/Http/Controllers/ApiKeyController.php
2021-03-30 18:16:01 +01:00

119 lines
3.1 KiB
PHP

<?php
namespace App\Http\Controllers;
use App\ApiKey;
use App\Http\Requests\CreateApiKeyRequest;
use App\User;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Auth;
use Illuminate\Support\Facades\Hash;
class ApiKeyController extends Controller
{
/**
* Display a listing of the resource.
*
*/
public function index()
{
return view('dashboard.user.api.index')
->with('keys', Auth::user()->keys);
}
public function adminKeys()
{
if (Auth::user()->hasRole('admin'))
{
return view('dashboard.administration.keys')
->with('keys', ApiKey::all());
}
else
{
return redirect()
->back()
->with('error', 'You do not have permission to access this page.');
}
}
/**
* Store a newly created resource in storage.
*
* @param \Illuminate\Http\Request $request
*/
public function store(CreateApiKeyRequest $request)
{
$discriminator = "#" . bin2hex(openssl_random_pseudo_bytes(7));
$secret = bin2hex(openssl_random_pseudo_bytes(32));
$key = ApiKey::create([
'name' => $request->keyName,
'discriminator' => $discriminator,
'secret' => Hash::make($secret),
'status' => 'active',
'owner_user_id' => Auth::user()->id
]);
if ($key)
{
$request->session()->flash('success', 'Key successfully registered!');
$request->session()->flash('finalKey', $discriminator . '.' . $secret);
return redirect()
->back();
}
return redirect()
->back()
->with('error', 'An error occurred whilst trying to create an API key.');
}
public function revokeKey(Request $request, ApiKey $key)
{
if (Auth::user()->is($key->user) || Auth::user()->hasRole('admin'))
{
if ($key->status == 'active')
{
$key->status = 'disabled';
$key->save();
}
else
{
return redirect()
->back()
->with('error', 'Key already revoked.');
}
return redirect()
->back()
->with('success', 'Key revoked. Apps using this key will stop working.');
}
return redirect()
->back()
->with('error', 'You do not have permission to modify this key.');
}
/**
* Remove the specified resource from storage.
*/
public function destroy($id)
{
$key = ApiKey::findOrFail($id);
if (Auth::user()->is($key->user) || Auth::user()->hasRole('admin'))
{
$key->delete();
return redirect()
->back()
->with('success', 'Key deleted successfully. Apps using this key will stop working.');
}
return redirect()
->back()
->with('error', 'You do not have permission to modify this key.');
}
}