ShinobiSystems
/
Shinobi
mirror of https://gitlab.com/Shinobi-Systems/Shinobi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add API methods to manage API keys 

- Add, Delete, List are the methods added
+ light cleanup
merge-requests/35/head
Moe 2018-10-15 19:39:50 -07:00
parent a0e295caaf
commit d6e7f628f0
5 changed files with 168 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
libs/basic.js
View File

@ -38,6 +38,16 @@ module.exports = function(s,config){
} }
return string return string
} }
s.stringJSON = function(json){
try{
if(json instanceof Object){
json = JSON.stringify(json)
}
}catch(err){
}
return json
}
s.addUserPassToUrl = function(url,user,pass){ s.addUserPassToUrl = function(url,user,pass){
var splitted = url.split('://') var splitted = url.split('://')
splitted[1] = user + ':' + pass + '@' + splitted[1] splitted[1] = user + ':' + pass + '@' + splitted[1]

6
libs/socketio.js
View File

@ -534,14 +534,14 @@ module.exports = function(s,config,lang,io){
case'delete': case'delete':
d.set=[],d.ar=[]; d.set=[],d.ar=[];
d.form.ke=cn.ke;d.form.uid=cn.uid;delete(d.form.ip); d.form.ke=cn.ke;d.form.uid=cn.uid;delete(d.form.ip);
if(!d.form.code){tx({f:'form_incomplete',form:'APIs'});return} if(!d.form.code){tx({f:'form_incomplete',form:'APIs',uid:cn.uid});return}
d.for=Object.keys(d.form); d.for=Object.keys(d.form);
d.for.forEach(function(v){ d.for.forEach(function(v){
d.set.push(v+'=?'),d.ar.push(d.form[v]); d.set.push(v+'=?'),d.ar.push(d.form[v]);
}); });
s.sqlQuery('DELETE FROM API WHERE '+d.set.join(' AND '),d.ar,function(err,r){ s.sqlQuery('DELETE FROM API WHERE '+d.set.join(' AND '),d.ar,function(err,r){
if(!err){ if(!err){
tx({f:'api_key_deleted',form:d.form}); tx({f:'api_key_deleted',form:d.form,uid:cn.uid});
delete(s.api[d.form.code]); delete(s.api[d.form.code]);
}else{ }else{
s.systemLog('API Delete Error : '+e.ke+' : '+' : '+e.mid,err) s.systemLog('API Delete Error : '+e.ke+' : '+' : '+e.mid,err)
@ -557,7 +557,7 @@ module.exports = function(s,config,lang,io){
}); });
s.sqlQuery('INSERT INTO API ('+d.set.join(',')+') VALUES ('+d.qu.join(',')+')',d.ar,function(err,r){ s.sqlQuery('INSERT INTO API ('+d.set.join(',')+') VALUES ('+d.qu.join(',')+')',d.ar,function(err,r){
d.form.time=s.formattedTime(new Date,'YYYY-DD-MM HH:mm:ss'); d.form.time=s.formattedTime(new Date,'YYYY-DD-MM HH:mm:ss');
if(!err){tx({f:'api_key_added',form:d.form});}else{s.systemLog(err)} if(!err){tx({f:'api_key_added',form:d.form,uid:cn.uid});}else{s.systemLog(err)}
}); });
break; break;
} }

134
libs/webServerAdminPaths.js
View File

@ -299,6 +299,140 @@ module.exports = function(s,config,lang,app){
res.end(s.prettyPrint(req.ret)) res.end(s.prettyPrint(req.ret))
} }
} }
},res,req)
}) })
/**
* API : Add API Key, binded to the user who created it
*/
app.all([
config.webPaths.adminApiPrefix+':auth/api/:ke/add',
config.webPaths.apiPrefix+':auth/api/:ke/add',
],function (req,res){
var endData = {ok:false}
res.setHeader('Content-Type', 'application/json');
res.header("Access-Control-Allow-Origin",req.headers.origin);
s.auth(req.params,function(user){
var endData = {
ok : false
}
var form = s.getPostData(req)
if(form){
var insert = {
ke : req.params.ke,
uid : user.uid,
code : s.gid(30),
ip : form.ip,
details : s.stringJSON(form.details)
}
var escapes = []
Object.keys(insert).forEach(function(column){
escapes.push('?')
});
s.sqlQuery('INSERT INTO API ('+Object.keys(insert).join(',')+') VALUES ('+escapes.join(',')+')',Object.values(insert),function(err,r){
insert.time = s.formattedTime(new Date,'YYYY-DD-MM HH:mm:ss');
if(!err){
s.tx({
f: 'api_key_added',
uid: user.uid,
form: insert
},'GRP_' + req.params.ke)
endData.ok = true
}
closeResponse(res,endData)
})
}else{
endData.msg = lang.postDataBroken
closeResponse(res,endData)
}
},res,req)
})
/**
* API : Delete API Key
*/
app.all([
config.webPaths.adminApiPrefix+':auth/api/:ke/delete',
config.webPaths.apiPrefix+':auth/api/:ke/delete',
],function (req,res){
var endData = {ok:false}
res.setHeader('Content-Type', 'application/json');
res.header("Access-Control-Allow-Origin",req.headers.origin);
s.auth(req.params,function(user){
var endData = {
ok : false
}
var form = s.getPostData(req)
if(form){
if(!form.code){
s.tx({
f:'form_incomplete',
uid: user.uid,
form:'APIs'
},'GRP_' + req.params.ke)
endData.msg = lang.postDataBroken
closeResponse(res,endData)
return
}
var row = {
ke : req.params.ke,
uid : user.uid,
code : form.code
}
var where = []
Object.keys(row).forEach(function(column){
where.push(column+'=?')
})
s.sqlQuery('DELETE FROM API WHERE '+where.join(' AND '),Object.values(row),function(err,r){
if(!err){
s.tx({
f: 'api_key_deleted',
uid: user.uid,
form: row
},'GRP_' + req.params.ke)
endData.ok = true
delete(s.api[row.code])
}
closeResponse(res,endData)
})
}else{
endData.msg = lang.postDataBroken
closeResponse(res,endData)
}
},res,req)
})
/**
* API : List API Keys for Authenticated user
*/
app.get([
config.webPaths.adminApiPrefix+':auth/api/:ke/list',
config.webPaths.apiPrefix+':auth/api/:ke/list',
],function (req,res){
var endData = {ok:false}
res.setHeader('Content-Type', 'application/json');
res.header("Access-Control-Allow-Origin",req.headers.origin);
s.auth(req.params,function(user){
var endData = {
ok : false
}
var row = {
ke : req.params.ke,
uid : user.uid
}
var where = []
Object.keys(row).forEach(function(column){
where.push(column+'=?')
})
s.sqlQuery('SELECT * FROM API WHERE '+where.join(' AND '),Object.values(row),function(err,rows){
if(rows && rows[0]){
rows.forEach(function(row){
row.details = JSON.parse(row.details)
})
endData.ok = true
endData.uid = user.uid
endData.ke = user.ke
endData.keys = rows
}
closeResponse(res,endData)
})
},res,req)
}) })
} }

6
libs/webServerPaths.js
View File

@ -75,13 +75,17 @@ module.exports = function(s,config,lang,app){
//get post data //get post data
s.getPostData = function(req){ s.getPostData = function(req){
var postData = false var postData = false
var selected = false
try{ try{
if(req.query.data){ if(req.query && req.query.data){
selected = req.query.data
postData = JSON.parse(req.query.data) postData = JSON.parse(req.query.data)
}else{ }else{
selected = req.body.data
postData = JSON.parse(req.body.data) postData = JSON.parse(req.body.data)
} }
}catch(er){ }catch(er){
postData = selected
} }
return postData return postData
} }

14
web/libs/js/main.dash2.js
View File

@ -2674,12 +2674,16 @@ $user.ws.on('f',function (d){
$.ccio.globalWebsocket(d) $.ccio.globalWebsocket(d)
switch(d.f){ switch(d.f){
case'api_key_deleted': case'api_key_deleted':
if($user.uid === d.uid){
$.ccio.init('note',{title:lang['API Key Deleted'],text:lang.APIKeyDeletedText,type:'notice'}); $.ccio.init('note',{title:lang['API Key Deleted'],text:lang.APIKeyDeletedText,type:'notice'});
$('[api_key="'+d.form.code+'"]').remove(); $('[api_key="'+d.form.code+'"]').remove()
}
break; break;
case'api_key_added': case'api_key_added':
if($user.uid === d.uid){
$.ccio.init('note',{title:lang['API Key Added'],text:lang.FiltersUpdatedText,type:'success'}); $.ccio.init('note',{title:lang['API Key Added'],text:lang.FiltersUpdatedText,type:'success'});
$.ccio.tm(3,d.form,'#api_list') $.ccio.tm(3,d.form,'#api_list')
}
break; break;
case'filters_change': case'filters_change':
$.ccio.init('note',{title:lang['Filters Updated'],text:lang.FiltersUpdatedText,type:'success'}); $.ccio.init('note',{title:lang['Filters Updated'],text:lang.FiltersUpdatedText,type:'success'});
@ -4192,7 +4196,9 @@ $.apM.f.submit(function(e){
if(!e.s.ip||e.s.ip.length<7){e.er.push('Enter atleast one IP')} if(!e.s.ip||e.s.ip.length<7){e.er.push('Enter atleast one IP')}
if(e.er.length>0){$.apM.e.find('.msg').html(e.er.join('<br>'));return;} if(e.er.length>0){$.apM.e.find('.msg').html(e.er.join('<br>'));return;}
$.each(e.s,function(n,v){e.s[n]=v.trim()}) $.each(e.s,function(n,v){e.s[n]=v.trim()})
$.ccio.cx({f:'api',ff:'add',form:e.s}) $.post($.ccio.init('location',$user)+$user.auth_token+'/api/'+$user.ke+'/add',{data:JSON.stringify(e.s)},function(d){
$.ccio.log(d)
})
}); });
$.apM.e.on('click','.delete',function(e){ $.apM.e.on('click','.delete',function(e){
e.e=$(this);e.p=e.e.parents('[api_key]'),e.code=e.p.attr('api_key'); e.e=$(this);e.p=e.e.parents('[api_key]'),e.code=e.p.attr('api_key');
@ -4201,7 +4207,9 @@ $.apM.e.on('click','.delete',function(e){
e.html='Do you want to delete this API key? You cannot recover it.'; e.html='Do you want to delete this API key? You cannot recover it.';
$.confirm.body.html(e.html); $.confirm.body.html(e.html);
$.confirm.click({title:'Delete',class:'btn-danger'},function(){ $.confirm.click({title:'Delete',class:'btn-danger'},function(){
$.ccio.cx({f:'api',ff:'delete',form:{code:e.code}}) $.post($.ccio.init('location',$user)+$user.auth_token+'/api/'+$user.ke+'/delete',{data:JSON.stringify({code:e.code})},function(d){
$.ccio.log(d)
})
}); });
}) })
//filters window //filters window