From a82290cf73fdbaa6461fa6121913c10d7c1cc8e6 Mon Sep 17 00:00:00 2001 From: David Bailey Date: Thu, 14 Dec 2023 11:47:33 +0100 Subject: [PATCH] feat: :sparkles: add api lock key --- www/router.php | 30 ++++++++++++++++++++++++++---- www/secrets/.gitignore | 3 ++- www/templates/upload.html | 3 ++- 3 files changed, 30 insertions(+), 6 deletions(-) diff --git a/www/router.php b/www/router.php index 1de15f3..04388c8 100644 --- a/www/router.php +++ b/www/router.php @@ -36,6 +36,32 @@ $SURI = $_SERVER['REQUEST_URI']; if($SURI == '/') { echo $twig->render('root.html'); +} elseif(preg_match('/^\/api\/admin/', $SURI)) { + header('Content-Type: application/json'); + + $user_api_key = ''; + if(isset($_GET['api_key'])) { + $user_api_key = $_GET['api_key']; + } + if(isset($_POST['api_key'])) { + $user_api_key = $_POST['api_key']; + } + + if($user_api_key != file_get_contents('secrets/api_admin_key')) { + http_response_code(401); + + echo json_encode([ + "authorized" => false + ]); + + die(); + } + + if($SURI = '/api/admin/upload') { + $adapter->handle_upload($_POST['post_path'], $_FILES['post_data']['tmp_name']); + + echo json_encode(["ok" => true]); + } } elseif(preg_match('/^\/api/', $SURI)) { if(preg_match('/^\/api\/posts(.*)$/', $SURI, $match)) { @@ -47,10 +73,6 @@ if($SURI == '/') { header('Content-Type: application/json'); echo json_encode(get_subposts($match[1])); } elseif($SURI == '/api/upload') { - - if(array_key_exists('post_data', $_FILES)) { - $adapter->handle_upload($_POST['post_path'], $_FILES['post_data']['tmp_name']); - } echo $twig->render('upload.html'); } diff --git a/www/secrets/.gitignore b/www/secrets/.gitignore index 94a2dd1..f573c46 100644 --- a/www/secrets/.gitignore +++ b/www/secrets/.gitignore @@ -1 +1,2 @@ -*.json \ No newline at end of file +*.json +api_admin_key \ No newline at end of file diff --git a/www/templates/upload.html b/www/templates/upload.html index 6e4ad19..bee8710 100644 --- a/www/templates/upload.html +++ b/www/templates/upload.html @@ -8,8 +8,9 @@ {%block main_content%}
-
+ +