added key check to use AdminAPI, updated front end classes

pull/84/head
Ro 3 years ago
parent 2785ef6982
commit ab40219d9b

@ -20,7 +20,15 @@ class APIControl
switch (isset($args["third"]) ? $args["third"] : "none") { switch (isset($args["third"]) ? $args["third"] : "none") {
case "status": case "status":
$result = AuthAPI::status(); if (Member::verifyKey($_GET["key"])) {
$result = AuthAPI::status();
} else {
$result = [
"message" => "Valid key required. API access denied, homie",
"type" => "API_ERROR",
];
}
break; break;
case "page": case "page":
//echo //echo

@ -48,7 +48,7 @@ class Auth
]; ];
$token = Token::create( $token = Token::create(
$found["id"], $found["key"],
$found["secret"], $found["secret"],
time() + 3600, time() + 3600,
"localhost" "localhost"

File diff suppressed because one or more lines are too long

@ -11,7 +11,10 @@ export default class NavIndex {
//-------------------------- //--------------------------
constructor() { constructor() {
this.processing = false; this.processing = false;
this.admin = new FipamoAdminAPI(); this.admin = new FipamoAdminAPI(
null,
"fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a"
);
this.start(); this.start();
} }
//-------------------------- //--------------------------

@ -19,7 +19,10 @@ export default class PostEditor {
constructor() { constructor() {
this.processing = false; this.processing = false;
let self = this; let self = this;
this.admin = new FipamoAdminAPI(); this.admin = new FipamoAdminAPI(
null,
"fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a"
);
this.urlPieces = document.URL.split("/"); this.urlPieces = document.URL.split("/");
this.post = []; this.post = [];
this.postID = null; this.postID = null;

@ -11,7 +11,10 @@ export default class SettingsIndex {
constructor() { constructor() {
this.processing = false; this.processing = false;
this.start(); this.start();
this.admin = new FipamoAdminAPI(); this.admin = new FipamoAdminAPI(
null,
"fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a"
);
} }
//-------------------------- //--------------------------
// methods // methods

@ -28,8 +28,8 @@ export const TASK_PAGE_DELETE = "deletePage";
export const TASK_SEND_MAIL = "sendMail"; export const TASK_SEND_MAIL = "sendMail";
export const TASK_REINDEX_PAGE = "reIndexPages"; export const TASK_REINDEX_PAGE = "reIndexPages";
//** API STATUS **// //** API STATUS **//
export const API_ACCESS_GOOD = "apiConnected"; export const API_ACCESS_GOOD = "apiUseAuthorized";
export const API_ACCESS_BAD = "apiNotConnected"; export const API_ACCESS_BAD = "apiUseNotAuthorized";
/** /**
* A can of methods used to edit install settings, navigation pages. * A can of methods used to edit install settings, navigation pages.
@ -48,29 +48,30 @@ class FipamoAdminAPI {
this.key = null; this.key = null;
if (key) this.key = key; if (key) this.key = key;
if (baseURL) this.baseURL = baseURL; if (baseURL) this.baseURL = baseURL;
//checks backend to see if user is logged in and requests encrypted token for api calls //if key is valid, checks to see if a session is active and returns
this._request(API_STATUS).then((response) => { this._request(
this.baseURL
? this.baseURL + API_STATUS + "?key=" + this.key
: API_STATUS + "?key=" + this.key
).then((response) => {
if (response.type === API_ACCESS_GOOD) { if (response.type === API_ACCESS_GOOD) {
this.token = response.token; this.token = response.token;
} else { } else {
//don't set token //don't set token
//console.log("NO TOKEN");
} }
}); });
} }
/** /**
* Method for retrieving user authorizing user login * Promise method for checking credentials. Must login to use Admin API.
* @param {object} data - json object that contains data for set up * @param {object} data - json object that contains data for set up
* @property {string} handle - handle for site user * @property {string} handle - handle for site user
* @property {string} password - password for site user * @property {string} password - password for site user
*/ */
login(data) { login(data) {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
if (this.baseURL) { this.baseURL ? (data.remote = true) : (data.remote = false);
data.key = this.key; this.key ? (data.key = this.key) : (data.key = null);
data.remote = true;
} else {
data.remote = false;
}
this._request( this._request(
this.baseURL ? this.baseURL + API_LOGIN : API_LOGIN, this.baseURL ? this.baseURL + API_LOGIN : API_LOGIN,
AUTH_STATUS, AUTH_STATUS,
@ -109,7 +110,9 @@ class FipamoAdminAPI {
syncSettings(data) { syncSettings(data) {
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
this._request( this._request(
this.baseURL ? this.baseURL + API_SETTINGS_SYNC : API_SETTINGS_SYNC, this.baseURL
? this.baseURL + API_SETTINGS_SYNC + "?key=" + this.key
: API_SETTINGS_SYNC + "?key=" + this.key,
TASK_SETTINGS_WRITE, TASK_SETTINGS_WRITE,
REQUEST_TYPE_POST, REQUEST_TYPE_POST,
CONTENT_TYPE_JSON, CONTENT_TYPE_JSON,
@ -190,6 +193,13 @@ class FipamoAdminAPI {
break; break;
} }
if (this.baseURL) {
data.key = this.key;
data.remote = true;
} else {
data.remote = false;
}
return new Promise((resolve, reject) => { return new Promise((resolve, reject) => {
this._request( this._request(
this.baseURL ? this.baseURL + url : url, this.baseURL ? this.baseURL + url : url,
@ -292,7 +302,6 @@ class FipamoAdminAPI {
request.open(requestType, requestURL, true); request.open(requestType, requestURL, true);
request.onload = () => { request.onload = () => {
if (request.status == 200) { if (request.status == 200) {
//console.log("RESPONSE", request);
let response = JSON.parse(request["response"]); let response = JSON.parse(request["response"]);
resolve(response); resolve(response);
} else { } else {

@ -21,7 +21,7 @@ export const TASK_GET_CONTENT = "retrieveContent";
/** /**
* Fipamo Content API * Fipamo Content API
* A bag of methods for getting page info from an install. * A bag of methods for getting page info from an install.
* To use remotely, include url of install and user key found in settings. * To use remotely, include url of install and user key found in settings in the Dashboard.
*/ */
class FipamoContentAPI { class FipamoContentAPI {
/** /**

Loading…
Cancel
Save