don't send header() on CLI environment
Signed-off-by: Michael Kaufmann <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann
@@ -19,13 +19,13 @@ if (! defined('AREA')) {
|
||||
*
|
||||
*/
|
||||
|
||||
use Froxlor\Api\Commands\DomainZones as DomainZones;
|
||||
use Froxlor\Api\Commands\DomainZones;
|
||||
use Froxlor\UI\Request;
|
||||
|
||||
// This file is being included in admin_domains and customer_domains
|
||||
// and therefore does not need to require lib/init.php
|
||||
|
||||
$domain_id = (int) Request::get(['domain_id']);
|
||||
$domain_id = (int) Request::get('domain_id');
|
||||
|
||||
$record = isset($_POST['record']['record']) ? trim($_POST['record']['record']) : null;
|
||||
$type = isset($_POST['record']['type']) ? $_POST['record']['type'] : 'A';
|
||||
|
||||
@@ -3,7 +3,6 @@
|
||||
namespace Froxlor\Api;
|
||||
|
||||
use Exception;
|
||||
use voku\helper\AntiXSS;
|
||||
|
||||
/**
|
||||
* This file is part of the Froxlor project.
|
||||
@@ -23,110 +22,111 @@ use voku\helper\AntiXSS;
|
||||
*/
|
||||
class FroxlorRPC
|
||||
{
|
||||
/**
|
||||
* validate a given request
|
||||
*
|
||||
* @param $request
|
||||
* @return array
|
||||
* @throws Exception
|
||||
*/
|
||||
public static function validateRequest($request): array
|
||||
{
|
||||
// make basic authentication
|
||||
if (!isset($_SERVER['PHP_AUTH_USER']) || !self::validateAuth($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
|
||||
header('WWW-Authenticate: Basic realm="API"');
|
||||
throw new Exception('Unauthenticated. Please provide api user credentials.', 401);
|
||||
}
|
||||
/**
|
||||
* validate a given request
|
||||
*
|
||||
* @param $request
|
||||
* @return array
|
||||
* @throws Exception
|
||||
*/
|
||||
public static function validateRequest($request): array
|
||||
{
|
||||
// make basic authentication
|
||||
if (!isset($_SERVER['PHP_AUTH_USER']) || !self::validateAuth($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'])) {
|
||||
if (@php_sapi_name() !== 'cli') {
|
||||
header('WWW-Authenticate: Basic realm="API"');
|
||||
}
|
||||
throw new Exception('Unauthenticated. Please provide api user credentials.', 401);
|
||||
}
|
||||
|
||||
// check if present
|
||||
if (empty($request)) {
|
||||
throw new Exception('Empty request body.', 400);
|
||||
}
|
||||
// check if present
|
||||
if (empty($request)) {
|
||||
throw new Exception('Empty request body.', 400);
|
||||
}
|
||||
|
||||
// decode json request
|
||||
$decoded_request = json_decode($request, true);
|
||||
// decode json request
|
||||
$decoded_request = json_decode($request, true);
|
||||
|
||||
// is it valid?
|
||||
if (is_null($decoded_request)) {
|
||||
throw new Exception('Invalid JSON Format.', 400);
|
||||
}
|
||||
// is it valid?
|
||||
if (is_null($decoded_request)) {
|
||||
throw new Exception('Invalid JSON Format.', 400);
|
||||
}
|
||||
|
||||
return self::validateBody($decoded_request);
|
||||
}
|
||||
return self::validateBody($decoded_request);
|
||||
}
|
||||
|
||||
/**
|
||||
* validates the given api credentials
|
||||
*
|
||||
* @param string $key
|
||||
* @param string $secret
|
||||
* @return boolean
|
||||
*/
|
||||
private static function validateAuth(string $key, string $secret): bool
|
||||
{
|
||||
$sel_stmt = \Froxlor\Database\Database::prepare(
|
||||
"
|
||||
/**
|
||||
* validates the given api credentials
|
||||
*
|
||||
* @param string $key
|
||||
* @param string $secret
|
||||
* @return boolean
|
||||
*/
|
||||
private static function validateAuth(string $key, string $secret): bool
|
||||
{
|
||||
$sel_stmt = \Froxlor\Database\Database::prepare(
|
||||
"
|
||||
SELECT ak.*, a.api_allowed as admin_api_allowed, c.api_allowed as cust_api_allowed, c.deactivated
|
||||
FROM `api_keys` ak
|
||||
LEFT JOIN `panel_admins` a ON a.adminid = ak.adminid
|
||||
LEFT JOIN `panel_customers` c ON c.customerid = ak.customerid
|
||||
WHERE `apikey` = :ak AND `secret` = :as
|
||||
"
|
||||
);
|
||||
$result = \Froxlor\Database\Database::pexecute_first($sel_stmt, array(
|
||||
'ak' => $key,
|
||||
'as' => $secret
|
||||
), true, true);
|
||||
if ($result) {
|
||||
if ($result['apikey'] == $key && $result['secret'] == $secret && ($result['valid_until'] == -1 || $result['valid_until'] >= time(
|
||||
)) && (($result['customerid'] == 0 && $result['admin_api_allowed'] == 1) || ($result['customerid'] > 0 && $result['cust_api_allowed'] == 1 && $result['deactivated'] == 0))) {
|
||||
// get user to check whether api call is allowed
|
||||
if (!empty($result['allowed_from'])) {
|
||||
// @todo allow specification and validating of whole subnets later
|
||||
$ip_list = explode(",", $result['allowed_from']);
|
||||
$access_ip = inet_ntop(inet_pton($_SERVER['REMOTE_ADDR']));
|
||||
if (in_array($access_ip, $ip_list)) {
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
);
|
||||
$result = \Froxlor\Database\Database::pexecute_first($sel_stmt, array(
|
||||
'ak' => $key,
|
||||
'as' => $secret
|
||||
), true, true);
|
||||
if ($result) {
|
||||
if ($result['apikey'] == $key && $result['secret'] == $secret && ($result['valid_until'] == -1 || $result['valid_until'] >= time()) && (($result['customerid'] == 0 && $result['admin_api_allowed'] == 1) || ($result['customerid'] > 0 && $result['cust_api_allowed'] == 1 && $result['deactivated'] == 0))) {
|
||||
// get user to check whether api call is allowed
|
||||
if (!empty($result['allowed_from'])) {
|
||||
// @todo allow specification and validating of whole subnets later
|
||||
$ip_list = explode(",", $result['allowed_from']);
|
||||
$access_ip = inet_ntop(inet_pton($_SERVER['REMOTE_ADDR']));
|
||||
if (in_array($access_ip, $ip_list)) {
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* validates the given command
|
||||
*
|
||||
* @param array $request
|
||||
*
|
||||
* @return array
|
||||
* @throws Exception
|
||||
*/
|
||||
private static function validateBody($request)
|
||||
{
|
||||
// check command exists
|
||||
if (empty($request['command'])) {
|
||||
throw new Exception("Please provide a command.", 400);
|
||||
}
|
||||
/**
|
||||
* validates the given command
|
||||
*
|
||||
* @param array $request
|
||||
*
|
||||
* @return array
|
||||
* @throws Exception
|
||||
*/
|
||||
private static function validateBody($request)
|
||||
{
|
||||
// check command exists
|
||||
if (empty($request['command'])) {
|
||||
throw new Exception("Please provide a command.", 400);
|
||||
}
|
||||
|
||||
$command = explode(".", $request['command']);
|
||||
$command = explode(".", $request['command']);
|
||||
|
||||
if (count($command) != 2) {
|
||||
throw new Exception("The given command is invalid.", 400);
|
||||
}
|
||||
// simply check for file-existance, as we do not want to use our autoloader because this way
|
||||
// it will recognize non-api classes+methods as valid commands
|
||||
$apiclass = '\\Froxlor\\Api\\Commands\\' . $command[0];
|
||||
if (!class_exists($apiclass) || !@method_exists($apiclass, $command[1])) {
|
||||
throw new Exception("Unknown command", 400);
|
||||
}
|
||||
return array(
|
||||
'command' => array(
|
||||
'class' => $command[0],
|
||||
'method' => $command[1]
|
||||
),
|
||||
'params' => $request['params'] ?? null
|
||||
);
|
||||
}
|
||||
if (count($command) != 2) {
|
||||
throw new Exception("The given command is invalid.", 400);
|
||||
}
|
||||
// simply check for file-existance, as we do not want to use our autoloader because this way
|
||||
// it will recognize non-api classes+methods as valid commands
|
||||
$apiclass = '\\Froxlor\\Api\\Commands\\' . $command[0];
|
||||
if (!class_exists($apiclass) || !@method_exists($apiclass, $command[1])) {
|
||||
throw new Exception("Unknown command", 400);
|
||||
}
|
||||
return array(
|
||||
'command' => array(
|
||||
'class' => $command[0],
|
||||
'method' => $command[1]
|
||||
),
|
||||
'params' => $request['params'] ?? null
|
||||
);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -19,15 +19,13 @@ if (! defined('AREA')) {
|
||||
*
|
||||
*/
|
||||
|
||||
use Froxlor\Api\Commands\SubDomains as SubDomains;
|
||||
use Froxlor\Api\Commands\SubDomains;
|
||||
use Froxlor\Settings;
|
||||
use Froxlor\UI\Request;
|
||||
|
||||
// This file is being included in admin_domains and customer_domains
|
||||
// and therefore does not need to require lib/init.php
|
||||
|
||||
// TODO get domain related settings for logfile (speciallogfile)
|
||||
|
||||
$domain_id = (int) Request::get('domain_id');
|
||||
$last_n = (int) Request::get('number_of_lines', 100);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user