kenmirrors/grocy
1
0
Fork 0
mirror of https://github.com/grocy/grocy.git synced 2025-08-17 19:16:37 +00:00
Code Issues Projects Releases Wiki Activity

Allow providing the API key also via a query parameter (closes #329)

Browse Source
This commit is contained in:
Bernd Bestel
2019-08-10 13:30:50 +02:00
parent 19935276e9
commit d6e9dc1b59
3 changed files with 17 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
middleware/ApiKeyAuthMiddleware.php
View File

@@ -31,6 +31,7 @@ class ApiKeyAuthMiddleware extends BaseMiddleware
{
$validSession = true;
$validApiKey = true;
$usedApiKey = null;
$sessionService = new SessionService();
if (!isset($_COOKIE[$this->SessionCookieName]) || !$sessionService->IsValidSession($_COOKIE[$this->SessionCookieName]))
@@ -39,10 +40,23 @@ class ApiKeyAuthMiddleware extends BaseMiddleware
}
$apiKeyService = new ApiKeyService();
// First check of the API key in the configured header
if (!$request->hasHeader($this->ApiKeyHeaderName) || !$apiKeyService->IsValidApiKey($request->getHeaderLine($this->ApiKeyHeaderName)))
{
$validApiKey = false;
}
else
{
$usedApiKey = $request->getHeaderLine($this->ApiKeyHeaderName);
}
// Not recommended, but it's also possible to provide the API key via a query parameter (same name as the configured header)
if (!$validApiKey && !empty($request->getQueryParam($this->ApiKeyHeaderName)) && $apiKeyService->IsValidApiKey($request->getQueryParam($this->ApiKeyHeaderName)))
{
$validApiKey = true;
$usedApiKey = $request->getQueryParam($this->ApiKeyHeaderName);
}
// Handling of special purpose API keys
if (!$validApiKey)
@@ -63,7 +77,7 @@ class ApiKeyAuthMiddleware extends BaseMiddleware
}
elseif ($validApiKey)
{
$user = $apiKeyService->GetUserByApiKey($request->getHeaderLine($this->ApiKeyHeaderName));
$user = $apiKeyService->GetUserByApiKey($usedApiKey);
define('GROCY_AUTHENTICATED', true);
define('GROCY_USER_ID', $user->id);