adding docu, some cleanup
This commit is contained in:
marko
@@ -17,10 +17,11 @@ dbConnector::connect(
|
||||
|
||||
$userId = 1;
|
||||
$apiKey = ApiKey::create();
|
||||
$rightString = 'event:' . PHP_EOL . ' id: 1';
|
||||
$rightArray = Spyc::YAMLLoadString($rightString);
|
||||
// $rightString = 'event:' . PHP_EOL . ' id: 1';
|
||||
// $rightArray = Spyc::YAMLLoadString($rightString);
|
||||
$right = 'login';
|
||||
$date = new DateTime();
|
||||
$newKey = new ApiKey(null, $userId, $apiKey, $rightString, $date->format('Y-m-d'));
|
||||
$newKey = new ApiKey(null, $userId, $apiKey, $right, $date->format('Y-m-d'));
|
||||
$newKey->addToDb();
|
||||
$loadedKey = ApiKey::loadFromDb($apiKey);
|
||||
|
||||
@@ -29,7 +30,7 @@ $loadedKey = ApiKey::loadFromDb($apiKey);
|
||||
<html>
|
||||
<body>
|
||||
<ul>
|
||||
<li>rightsRoundabout: <?echo( $loadedKey->isValidFor($rightArray) ? 'TRUE' : 'FALSE' );?></li>
|
||||
<li>rightsRoundabout: <?echo( $loadedKey->isValidFor($right) ? 'TRUE' : 'FALSE' );?></li>
|
||||
</ul>
|
||||
</body>
|
||||
<html>
|
||||
@@ -1,44 +1,82 @@
|
||||
<?php
|
||||
|
||||
// require_once('Base62x/base62x.php');
|
||||
require_once 'participoLib/dbConnector.php';
|
||||
require_once 'participoLib/participo.php';
|
||||
|
||||
/**
|
||||
* Framework for apiKeys
|
||||
/** Framework for apiKeys
|
||||
*/
|
||||
class ApiKey
|
||||
{
|
||||
/** unique identifier in the database
|
||||
*
|
||||
* @var int >0
|
||||
*/
|
||||
private $id = null;
|
||||
/** Id of the user
|
||||
*
|
||||
* @var int > 0
|
||||
*/
|
||||
private $userId = null;
|
||||
/** base62 coded key
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
private $key = null;
|
||||
/** what you can do with this key
|
||||
*
|
||||
* @var array(string)
|
||||
*/
|
||||
private $rights = null;
|
||||
/** until when the key is valid
|
||||
*
|
||||
* @var DateTime
|
||||
*/
|
||||
private $endDate = null;
|
||||
|
||||
/** Constructor
|
||||
*
|
||||
* sets all the members:
|
||||
* - converts the params to the internal type
|
||||
* - provides input sanitation
|
||||
*
|
||||
* @param mixed $id unique identifier of the apiKey
|
||||
* @param mixed $userId $id of the user the apiKey belongs to
|
||||
* @param mixed $key key identifier/representation
|
||||
* @param mixed $rights set of rights describing what the key is valid for
|
||||
* @param mixed $endDate the last day the key will be valid
|
||||
*/
|
||||
public function __construct($id, $userId, $key, $rights, $endDate)
|
||||
{
|
||||
//! @todo input validation and sanitation
|
||||
$this->id = filter_var($id, FILTER_VALIDATE_INT, ['options' => ['default' => null, 'min_range' => 1]]);
|
||||
$this->userId = filter_var($userId, FILTER_VALIDATE_INT, ['options' => ['default' => null, 'min_range' => 1]]);
|
||||
$this->id = filterId($id);
|
||||
$this->userId = filterId($userId);
|
||||
$this->key = self::isWellFormatted($key) ? $key : null;
|
||||
$this->rights = explode(',', $rights);
|
||||
$this->endDate = DateTime::createFromFormat('Y-m-d', $endDate);
|
||||
|
||||
// @todo It would be safer to set an endDate in the past as "default" value
|
||||
if ($this->endDate == false) {
|
||||
$this->endDate = null;
|
||||
}
|
||||
}
|
||||
|
||||
/** Getter for the userId
|
||||
*
|
||||
* @return int >0 representing the id of the user the apiKey is for
|
||||
*/
|
||||
public function getUserId()
|
||||
{
|
||||
return $this->userId;
|
||||
}
|
||||
|
||||
/** Getter for the apiKey
|
||||
*
|
||||
* @return string base62 coded string representing the apiKey
|
||||
*/
|
||||
public function getKey(){
|
||||
return $this->key;
|
||||
}
|
||||
|
||||
/**
|
||||
* testing if the apiKey is valid for a certain action
|
||||
/** Checking if the apiKey is valid for a certain action
|
||||
*
|
||||
* @param string $action the action to test the apiKey against
|
||||
* @return boolean true if apiKey is valid for the action, false otherwise
|
||||
@@ -54,8 +92,7 @@ class ApiKey
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* request a specific apiKey from the db
|
||||
/** request a specific apiKey from the db
|
||||
*
|
||||
* @param string $key the key to request
|
||||
* @return ApiKey found in the db, null otherwise
|
||||
@@ -77,6 +114,10 @@ class ApiKey
|
||||
return ApiKey::fromDbArray($response[0]);
|
||||
}
|
||||
|
||||
/** Add a key to the DB
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function addToDb()
|
||||
{
|
||||
$query = 'INSERT INTO `cwsvjudo`.`participo_apiKeys` (userId, apiKey, rights, endDate) VALUES (:userId, :apiKey, :rights, :endDate);';
|
||||
@@ -88,6 +129,7 @@ class ApiKey
|
||||
];
|
||||
$response = dbConnector::query($query, $params);
|
||||
// @todo use the response in an error handling/messaging
|
||||
// @todo differentiate between inserting and updating if the id is set it should only be updated (e.g. prolonging)
|
||||
}
|
||||
|
||||
/** create an Api key from the return of an sql select * */
|
||||
@@ -102,10 +144,15 @@ class ApiKey
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* List of symbols that can be used for the encoding
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
private static $BASE = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
|
||||
|
||||
/**
|
||||
* quick and dirty implementation of a convert_to_base62
|
||||
/** quick and dirty implementation of a convert_to_base62
|
||||
*
|
||||
* stolen from https://stackoverflow.com/a/4964352
|
||||
*
|
||||
* @param [int] $num
|
||||
@@ -114,6 +161,7 @@ class ApiKey
|
||||
*/
|
||||
private static function toBase($num, $b = 62) :string
|
||||
{
|
||||
$b = filter_var($id, FILTER_VALIDATE_INT, ['options' => ['default' => strlen(self::$BASE), 'min_range' => 1]]);
|
||||
// @todo What is with negative numbers? How are they supposed to be converted?
|
||||
$r = $num % $b ;
|
||||
$res = ApiKey::$BASE[$r];
|
||||
@@ -126,8 +174,7 @@ class ApiKey
|
||||
return $res;
|
||||
}
|
||||
|
||||
/**
|
||||
* simple check if a string a well formatted apiKey
|
||||
/** simple check if a string is a well formatted apiKey
|
||||
*
|
||||
* Basically checks, if it consists only of 0-9, a-z or A-Z
|
||||
*
|
||||
@@ -139,8 +186,7 @@ class ApiKey
|
||||
return (bool) preg_match('/^[0-9a-zA-Z]+$/', $string);
|
||||
}
|
||||
|
||||
/**
|
||||
* provides a random api key value
|
||||
/** provides a random api key value
|
||||
*
|
||||
* @return string a random api key value
|
||||
*/
|
||||
@@ -150,6 +196,7 @@ class ApiKey
|
||||
return ApiKey::toBase(random_int(0, PHP_INT_MAX));
|
||||
}
|
||||
|
||||
/** more of a backup */
|
||||
private static function createTable()
|
||||
{
|
||||
dbConnector::query("CREATE TABLE `cwsvjudo`.`participo_apiKeys` (`id` INT NOT NULL AUTO_INCREMENT COMMENT 'unique identifier' , `userId` INT NOT NULL COMMENT 'id of the user the key belongs to' , `apiKey` VARCHAR(16) NOT NULL COMMENT 'the apiKey itself' , `rights` INT NOT NULL COMMENT 'a comma separated list of rights for the key' , `endDate` DATE NOT NULL COMMENT 'endDate for the apiKey' , PRIMARY KEY (`id`), UNIQUE (`key`)); ");
|
||||
|
||||
@@ -95,6 +95,7 @@ class participo
|
||||
'userConfig' => $user->getConfig(),
|
||||
]
|
||||
];
|
||||
logLoginsToJsonFile($user->getLoginName());
|
||||
// we're not logged in, but authorized for the stuff we want to do. So don't redirect
|
||||
return;
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user