From 1cc21e28c91b23e9d09b14f731a9763bc45ccc89 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Valenta?= <git@imaniti.org>
Date: Sat, 3 Jun 2023 23:18:25 +0200
Subject: [PATCH] create own API tokens
---
assets/javascript/nastenka_sync.js | 1 +
.../restapi/controller/forums/Forums.php | 16 +----
nastenka_sync.php | 70 ++++++++++++++++++-
3 files changed, 71 insertions(+), 16 deletions(-)
diff --git a/assets/javascript/nastenka_sync.js b/assets/javascript/nastenka_sync.js
index a6c8d0a..def9e71 100644
--- a/assets/javascript/nastenka_sync.js
+++ b/assets/javascript/nastenka_sync.js
@@ -22,6 +22,7 @@ window.addEventListener(
}
nextUrl.searchParams.append("sid", window.SESSION_ID);
+ nextUrl.searchParams.append("user-agent", window.navigator.userAgent);
window.location = nextUrl;
}
diff --git a/ext/eparsons/restapi/controller/forums/Forums.php b/ext/eparsons/restapi/controller/forums/Forums.php
index 3bea4e5..80affff 100755
--- a/ext/eparsons/restapi/controller/forums/Forums.php
+++ b/ext/eparsons/restapi/controller/forums/Forums.php
@@ -61,21 +61,7 @@ class Forums
return $errorResponse;
}
- global $db, $phpbb_container, $auth;
-
- if (
- !$auth->acl_gets('f_list', 'f_list_topics', 'f_read', $forumId)
- || (
- $forum_data['forum_type'] == FORUM_LINK && $forum_data['forum_link']
- && !$auth->acl_get('f_read', $forumId)
- )
- ) {
- return new ErrorResponse(
- "NotFound",
- "This forum does not exist.",
- 404
- );
- }
+ global $db, $phpbb_container;
$phpbb_content_visibility = $phpbb_container->get('content.visibility');
diff --git a/nastenka_sync.php b/nastenka_sync.php
index 6625f56..1c8851a 100755
--- a/nastenka_sync.php
+++ b/nastenka_sync.php
@@ -15,13 +15,81 @@ if ($user->data['user_id'] == ANONYMOUS)
exit;
}
+
+if (!isset($_GET["forum_scopes"])) {
+ http_response_code(400);
+ die();
+}
+
+$requested_forum_ids = explode(",", $_GET["forum_scopes"]);
+$allowed_forum_ids = array();
+
+foreach ($requested_forum_ids as &$forum_id) {
+ if (!is_numeric($forum_id)) {
+ http_response_code(400);
+ die();
+ }
+
+ $forum_id = (int)$forum_id;
+
+ if (
+ $auth->acl_gets('f_list', 'f_list_topics', 'f_read', $forum_id)
+ && $forum_data['forum_type'] == FORUM_LINK
+ && $forum_data['forum_link']
+ && !$auth->acl_get('f_read', $forum_id)
+ ) {
+ array_push($allowed_forum_ids, $forum_id);
+ }
+}
+
+$db->sql_query(
+ 'CREATE TABLE IF NOT EXISTS ' . $table_prefix . 'api_tokens (
+ user_id INT PRIMARY KEY,
+ allowed_forum_ids TEXT NOT NULL,
+ token VARCHAR(32) NOT NULL,
+ FOREIGN KEY (user_id) REFERENCES ' . $table_prefix . 'user(user_id) ON DELETE CASCADE
+ )'
+);
+
+$existing_token_query = $db->sql_query(
+ 'SELECT user_id, token FROM ' . $table_prefix . 'api_tokens
+ WHERE user_id = ' . $user->data["user_id"]
+);
+
+$token_exists = false;
+$token = null;
+
+while ($row = $db->sql_fetchrow($existing_token_query)) {
+ $token_exists = true;
+ $token = $row["token"];
+}
+
+if (!$token_exists) {
+ $token = bin2hex(random_bytes(16));
+
+ $db->sql_query(
+ 'INSERT INTO ' . $table_prefix . 'api_tokens
+ VALUES ('
+ . $user->data["user_id"] . ', '
+ . '\'' . implode(",", allowed_forum_ids) . '\', '
+ . $token .
+ ')'
+ );
+} else {
+ $db->sql_query(
+ 'UPDATE ' . $table_prefix . 'api_tokens
+ WHERE user_id=' . $user->data["user_id"] . '
+ SET allowed_forum_ids = \'' . implode(",", allowed_forum_ids) . '\''
+ );
+}
+
page_header('Synchronizace s Nástěnkou');
$template->set_filenames(array(
'body' => 'nastenka_sync.html',
));
$template->assign_vars(array(
- 'SESSION_ID' => $user->data['session_id'],
+ 'API_TOKEN' => $token,
));
page_footer();
--
GitLab