API auto key assign, anonymous API #141 #142

.gitignore

@@ -1,9 +1,7 @@
 #/vendor
 bootstrap/cache/
 storage/
-env.*.php
 env
-.env.php
 .env
 .env.bak
 .env.example

app/Factories/UserFactory.php

@@ -5,8 +5,8 @@
 use App\Models\User;
 use App\Helpers\CryptoHelper;
 
-class UserFactory {    
-    public static function createUser($username, $email, $password, $active=0, $ip='127.0.0.1') {
+class UserFactory {
+    public static function createUser($username, $email, $password, $active=0, $ip='127.0.0.1', $api_key=false, $api_active=0) {
         $hashed_password = Hash::make($password);
 
         $recovery_key = CryptoHelper::generateRandomHex(50);
@@ -17,6 +17,10 @@ public static function createUser($username, $email, $password, $active=0, $ip='
         $user->recovery_key = $recovery_key;
         $user->active = $active;
         $user->ip = $ip;
+
+        $user->api_key = $api_key;
+        $user->api_active = $api_active;
+
         $user->save();
 
         return $user;

app/Http/Controllers/AdminController.php

@@ -29,14 +29,23 @@ public function displayAdminPage(Request $request) {
             $admin_links = Link::paginate(15);
         }
 
+        $user = UserHelper::getUserByUsername($username);
+
+        if (!$user) {
+            return redirect(route('index'))->with('error', 'Invalid or disabled account.');
+        }
+
         $user_links = Link::where('creator', $username)
             ->paginate(15);
 
         return view('admin', [
             'role' => $role,
             'admin_users' => $admin_users,
             'admin_links' => $admin_links,
-            'user_links' => $user_links
+            'user_links' => $user_links,
+            'api_key' => $user->api_key,
+            'api_active' => $user->api_active,
+            'api_quota' => $user->api_quota
         ]);
     }
 

app/Http/Controllers/AjaxController.php

@@ -63,7 +63,7 @@ public function generateNewAPIKey(Request $request) {
             abort(404, 'User not found.');
         }
 
-        $new_api_key = CryptoHelper::generateRandomHex(15);
+        $new_api_key = CryptoHelper::generateRandomHex(env('_API_KEY_LENGTH'));
         $user->api_key = $new_api_key;
         $user->save();
 

app/Http/Controllers/Api/ApiController.php

@@ -10,16 +10,32 @@
 class ApiController extends Controller {
     protected static function getApiUserInfo(Request $request) {
         $api_key = $request->input('key');
-        $user = User::where('active', 1)
-            ->where('api_key', $api_key)
-            ->where('api_active', 1)
-            ->first();
 
-        if (!$user) {
-            abort(401, "Invalid authentication token.");
+        if (!$api_key) {
+            // no API key provided -- check whether anonymous API is on
+            if (env('SETTING_ANON_API') == 'on') {
+                $username = 'ANONIP-' . $request->ip();
+            }
+            else {
+                abort(401, "Authentication token required.");
+            }
+            $user = (object) [
+                'username' => $username
+            ];
+        }
+        else {
+            $user = User::where('active', 1)
+                ->where('api_key', $api_key)
+                ->where('api_active', 1)
+                ->first();
+
+            if (!$user) {
+                abort(401, "Invalid authentication token.");
+            }
+            $username = $user->username;
         }
 
-        $api_limit_reached = ApiHelper::checkUserApiQuota($user->username);
+        $api_limit_reached = ApiHelper::checkUserApiQuota($username);
 
         if ($api_limit_reached) {
             abort(403, "Quota exceeded.");

app/Http/Controllers/SetupController.php

@@ -102,6 +102,9 @@ public static function performSetup(Request $request) {
 
         $st_base = $request->input('setting:base');
 
+        $st_auto_api_key = $request->input('setting:auto_api_key');
+        $st_anon_api = $request->input('setting:anon_api');
+
         $mail_host = $request->input('app:smtp_server');
         $mail_port = $request->input('app:smtp_port');
         $mail_username = $request->input('app:smtp_username');
@@ -147,6 +150,8 @@ public static function performSetup(Request $request) {
             'MAIL_FROM_NAME' => $mail_from_name,
 
             'ST_BASE' => $st_base,
+            'ST_AUTO_API' => $st_auto_api_key,
+            'ST_ANON_API' => $st_anon_api
         ])->render();
 
         $handle = fopen('../.env', 'w');

app/Http/Controllers/UserController.php

@@ -3,7 +3,10 @@
 use Mail;
 use App\Models\User;
 use Illuminate\Http\Request;
+
+use App\Helpers\CryptoHelper;
 use App\Helpers\UserHelper;
+
 use App\Factories\UserFactory;
 
 class UserController extends Controller {
@@ -91,8 +94,17 @@ public function performSignup(Request $request) {
             $response = redirect(route('login'))->with('success', 'Thanks for signing up! Please confirm your email to continue..');
             $active = 0;
         }
-        $user = UserFactory::createUser($username, $email, $password, $active, $ip);
 
+        $api_active = false;
+        $api_key = null;
+        if (env('SETTING_AUTO_API') == 'on') {
+            // if automatic API key assignment is on
+            $api_active = 1;
+            $api_key = CryptoHelper::generateRandomHex(env('_API_KEY_LENGTH'));
+        }
+
+
+        $user = UserFactory::createUser($username, $email, $password, $active, $ip, $api_key, $api_active);
         return $response;
     }
 

database/migrations/2015_11_04_015823_create_users_table.php

@@ -26,7 +26,7 @@ public function up()
             $table->string('role');
             $table->string('active');
 
-            $table->string('api_key');
+            $table->string('api_key')->nullable();
             $table->boolean('api_active')->default(0);
             $table->string('api_quota')->default(60);
 

public/css/admin.css

@@ -18,3 +18,7 @@
 .hidden-metadata {
     display: none;
 }
+
+.api-quota {
+    display: inline;
+}

public/css/setup.css

@@ -15,7 +15,7 @@
 }
 
 body {
-    background-size: 100%;
+    background-size: 100% 100%;
     background-attachment: fixed;
     background-position: center;
     background-repeat: no-repeat;
@@ -61,6 +61,10 @@ body {
     color: grey;
 }
 
+.footer-well {
+    margin-top: 30px;
+}
+
 h4, p {
     margin-top: 20px;
 }

public/js/shorten_result.js

@@ -8,6 +8,7 @@ $('.result-box').click(select_text);
 $('.result-box').change(function () {
     $(this).val(original_link);
 });
+
 $(function () {
     original_link = $('.result-box').val();
     select_text();

resources/views/admin.blade.php

@@ -14,6 +14,10 @@
         @if ($role == 'admin')
         <li role='presentation' class='admin-nav-item'><a href='#admin'>Admin</a></li>
         @endif
+
+        @if ($api_active == 1)
+        <li role='presentation' class='admin-nav-item'><a href='#developer'>Developer</a></li>
+        @endif
     </ul>
 </div>
 <div class='col-md-9'>
@@ -61,8 +65,28 @@
 
         </div>
         @endif
+
+        @if ($api_active == 1)
+        <div role="tabpanel" class="tab-pane" id="developer">
+            <h3>Developer</h3>
+
+            <p>API keys and documentation for developers.</p>
+            <p>
+                Documentation:
+                <a href='http://docs.polr.me/en/latest/developer-guide/api/'>http://docs.polr.me/en/latest/developer-guide/api/</a>
+            </p>
+
+            <h4>API Key: </h4>
+            <input class='form-control' disabled type='text' value='{{$api_key}}'>
+
+            <h4>API Quota: </h4>
+            <h2 class='api-quota'><code>{{$api_quota}}</code></h2>
+            <span> requests per minute</span>
+        </div>
+        @endif
     </div>
 </div>
+</div>
 
 
 @endsection

resources/views/env.blade.php

@@ -51,6 +51,9 @@
 SETTING_INDEX_REDIRECT={{$ST_INDEX_REDIRECT}}
 SETTING_PASSWORD_RECOV={{$ST_PASSWORD_RECOV}}
 
+SETTING_AUTO_API={{$ST_AUTO_API}}
+SETTING_ANON_API={{$ST_ANON_API}}
+
 @if($MAIL_ENABLED)
 MAIL_DRIVER=smtp
 # e.g mailtrap.io
@@ -71,6 +74,8 @@
 SESSION_DRIVER=file
 QUEUE_DRIVER=database
 
+_API_KEY_LENGTH=15
+
 # FILESYSTEM_DRIVER=local
 # FILESYSTEM_CLOUD=s3
 

resources/views/layouts/base.blade.php

@@ -38,11 +38,6 @@
     <link href="/css/font-awesome.min.css" rel="stylesheet">
 
     <link rel="shortcut icon" href="favicon.ico">
-
-    {{-- Load header JavaScript --}}
-    <script src='/js/constants.js'></script>
-    <script src="/js/jquery-1.11.3.min.js"></script>
-    <script src="/js/bootstrap.min.js"></script>
     @yield('css')
 </head>
 <body>
@@ -53,6 +48,11 @@
         </div>
     </div>
 
+    {{-- Load header JavaScript --}}
+    <script src='/js/constants.js'></script>
+    <script src="/js/jquery-1.11.3.min.js"></script>
+    <script src="/js/bootstrap.min.js"></script>
+
     <script src='/js/toastr.min.js'></script>
     <script src='/js/base.js'></script>
     <script>

resources/views/setup.blade.php

@@ -106,6 +106,20 @@
             <p>SMTP From Name:</p>
             <input type='text' class='form-control' name='app:smtp_from_name' placeholder='noreply'>
 
+            <h4>API Settings</h4>
+
+            <p>Anonymous API:</p>
+            <select name='setting:anon_api' class='form-control'>
+                <option selected value='off'>Off -- only registered users can use API</option>
+                <option value='on'>On -- empty key API requests are allowed</option>
+            </select>
+
+            <p>Automatic API Assignment:</p>
+            <select name='setting:auto_api_key' class='form-control'>
+                <option selected value='off'>Off -- admins must manually enable API for each user</option>
+                <option value='on'>On -- each user receives an API key</option>
+            </select>
+
             <h4>Other Settings</h4>
 
             <p>Registration:</p>
@@ -124,8 +138,8 @@
                 Please ensure SMTP is properly set up before enabling password recovery.
             </p>
 
-            <p>Path relative to root (leave blank if /, if http://site.com/polr, then write /polr/):</p>
-            <input type='text' class='form-control' name='path' placeholder='/polr/' value=''>
+            {{-- <p>Path relative to root (leave blank if /, if http://site.com/polr, then write /polr/):</p>
+            <input type='text' class='form-control' name='path' placeholder='/polr/' value=''> --}}
 
             <p>Theme (click <a href='https://github.com/cydrobolt/polr/wiki/Themes-Screenshots'>here</a> for screenshots:</p>
             <select name='app:stylesheet' class='form-control'>
@@ -160,13 +174,13 @@
 
     <div>
         Polr Version {{env('VERSION')}} released {{env('VERSION_RELMONTH')}} {{env('VERSION_RELDAY')}}, {{env('VERSION_RELYEAR')}} -
-        <a href='//github.com/cydrobolt/polr'>Github</a></div></div><br />
+        <a href='//github.com/cydrobolt/polr'>Github</a>
 
-        <span style='font-weight:bold;'>
+        <div class='footer-well'>
             &copy; Copyright {{env('VERSION_RELYEAR')}}
             <a class='footer-link' href='//cydrobolt.com'>Chaoyi Zha</a> &
             <a class='footer-link' href='//github.com/Cydrobolt/polr/graphs/contributors'>Other Polr Contributors</a>
-        </span>
+        </div>
     </div>
 </div>
 

resources/views/snippets/link_table.blade.php

@@ -6,6 +6,7 @@
         <th>Date</th>
         <th>Secret</th>
         @if ($role == 'admin')
+        <th>Creator</th>
         <th>Disable</th>
         @endif
 
@@ -18,8 +19,9 @@
         <td>{{$link->clicks}}</td>
         <td>{{$link->created_at}}</td>
         <td>{{isset($link->secret_key)}}</td>
-        @if ($role == 'admin')
 
+        @if ($role == 'admin')
+        <td>{{$link->creator}}</td>
         <td>
             <a data-link-ending='{{$link->short_url}}' class='btn btn-sm @if($link->is_disabled) btn-success @else btn-danger @endif toggle-link'>
                 @if ($link->is_disabled)