@@ -241,6 +241,30 @@ switch ($VARS['action']) { | |||
require_once __DIR__ . "/lib/reports.php"; | |||
generateReport($VARS['type'], $VARS['format']); | |||
break; | |||
case "revokeapikey": | |||
if (empty($VARS['key'])) { | |||
returnToSender("invalid_parameters"); | |||
} | |||
if ($VARS['key'] == $SETTINGS['accounthub']['key']) { | |||
returnToSender("cannot_revoke_key_in_use"); | |||
} | |||
$database->delete("apikeys", ['key' => $VARS['key'], "LIMIT" => 1]); | |||
returnToSender("api_key_revoked"); | |||
break; | |||
case "addapikey": | |||
if (empty($VARS['key']) || empty($VARS['type'])) { | |||
returnToSender("invalid_parameters"); | |||
} | |||
$keytypes = ["NONE", "AUTH", "READ", "FULL"]; | |||
if (!in_array($VARS['type'], $keytypes)) { | |||
returnToSender("invalid_parameters"); | |||
} | |||
if ($database->has("apikeys", ["key" => $VARS['key']])) { | |||
returnToSender("key_already_exists"); | |||
} | |||
$database->insert("apikeys", ["key" => $VARS['key'], "notes" => $VARS['notes'], "type" => $VARS['type']]); | |||
returnToSender("api_key_added"); | |||
break; | |||
case "signout": | |||
session_destroy(); | |||
header('Location: index.php?logout=1'); |
@@ -115,7 +115,7 @@ END; | |||
<?php | |||
// Adjust as needed | |||
$navbar_breakpoint = "lg"; | |||
$navbar_breakpoint = "xl"; | |||
// For mobile app | |||
echo "<script nonce=\"$SECURE_NONCE\">var navbar_breakpoint = \"$navbar_breakpoint\";</script>" |
@@ -1,5 +1,6 @@ | |||
{ | |||
"Edit": "Edit", | |||
"cancel": "Cancel", | |||
"Choose a user": "Choose a user" | |||
"Choose a user": "Choose a user", | |||
"Add Key": "Add Key" | |||
} |
@@ -0,0 +1,10 @@ | |||
{ | |||
"Key": "Key", | |||
"Type": "Type", | |||
"Notes": "Notes", | |||
"Revoke": "Revoke", | |||
"Cannot revoke that API key, you would lose access to ManagePanel.": "Cannot revoke that API key, you would lose access to ManagePanel.", | |||
"API key revoked.": "API key revoked.", | |||
"That API key already exists.": "That API key already exists.", | |||
"API key added.": "API key added." | |||
} |
@@ -5,5 +5,6 @@ | |||
"Security": "Security", | |||
"Security Log": "Security Log", | |||
"Managers": "Managers", | |||
"Permissions": "Permissions" | |||
"Permissions": "Permissions", | |||
"API Keys": "API Keys" | |||
} |
@@ -93,4 +93,20 @@ define("MESSAGES", [ | |||
"string" => "group already exists", | |||
"type" => "danger" | |||
], | |||
"cannot_revoke_key_in_use" => [ | |||
"string" => "Cannot revoke that API key, you would lose access to ManagePanel.", | |||
"type" => "danger" | |||
], | |||
"api_key_revoked" => [ | |||
"string" => "API key revoked.", | |||
"type" => "success" | |||
], | |||
"key_already_exists" => [ | |||
"string" => "That API key already exists.", | |||
"type" => "warning" | |||
], | |||
"api_key_added" => [ | |||
"string" => "API key added.", | |||
"type" => "success" | |||
], | |||
]); |
@@ -96,6 +96,23 @@ define("PAGES", [ | |||
"static/js/export.js" | |||
] | |||
], | |||
"apikeys" => [ | |||
"title" => "API Keys", | |||
"navbar" => true, | |||
"icon" => "fas fa-server", | |||
"styles" => [ | |||
"static/css/datatables.min.css", | |||
"static/css/tables.css" | |||
], | |||
"scripts" => [ | |||
"static/js/datatables.min.js", | |||
"static/js/apikeys.js" | |||
], | |||
], | |||
"addapikey" => [ | |||
"title" => "Add Key", | |||
"navbar" => false | |||
], | |||
"404" => [ | |||
"title" => "404 error" | |||
] |
@@ -0,0 +1,24 @@ | |||
<?php | |||
/* | |||
* This Source Code Form is subject to the terms of the Mozilla Public | |||
* License, v. 2.0. If a copy of the MPL was not distributed with this | |||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. | |||
*/ | |||
$key = hash("SHA1", random_bytes(100)); | |||
$form = new FormBuilder($Strings->get("Add Key", false), "fas fa-plus"); | |||
$form->addInput("key", $key, "text", true, "key", null, $Strings->get("Key", false), "fas fa-key", 12, 20); | |||
$form->addInput("type", "", "select", true, "type", ["NONE" => "NONE", "AUTH" => "AUTH", "READ" => "READ", "FULL" => "FULL"], $Strings->get("Type", false), "fas fa-list", 6); | |||
$form->addInput("notes", "", "textarea", false, "notes", null, $Strings->get("Notes", false), "fas fa-sticky-note", 6); | |||
$form->addButton($Strings->get("Add Key", false), "fas fa-save", null, "submit", null, null, "", "btn btn-success"); | |||
$form->addHiddenInput("action", "addapikey"); | |||
$form->addHiddenInput("source", "apikeys"); | |||
$form->generate(); |
@@ -0,0 +1,55 @@ | |||
<?php | |||
/* This Source Code Form is subject to the terms of the Mozilla Public | |||
* License, v. 2.0. If a copy of the MPL was not distributed with this | |||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |||
require_once __DIR__ . '/../required.php'; | |||
redirectifnotloggedin(); | |||
?> | |||
<div class="btn-group mgn-btm-10px"> | |||
<a href="app.php?page=addapikey" class="btn btn-primary"><i class="fas fa-plus"></i> <?php $Strings->get("Add Key"); ?></a> | |||
</div> | |||
<table id="apikeytable" class="table table-bordered table-hover table-sm"> | |||
<thead> | |||
<tr> | |||
<th data-priority="0"></th> | |||
<th data-priority="1"><?php $Strings->get('actions'); ?></th> | |||
<th data-priority="1"><i class="fas fa-fw fa-key d-none d-md-inline"></i> <?php $Strings->get('Key'); ?></th> | |||
<th data-priority="1"><i class="fas fa-fw fa-list d-none d-md-inline"></i> <?php $Strings->get('Type'); ?></th> | |||
<th data-priority="2"><i class="fas fa-fw fa-sticky-note d-none d-md-inline"></i> <?php $Strings->get('Notes'); ?></th> | |||
</tr> | |||
</thead> | |||
<tbody> | |||
<?php | |||
$keys = $database->select("apikeys", ["key", "notes", "type"]); | |||
foreach ($keys as $key) { | |||
if ($SETTINGS['hide_api_key_in_use'] && $key['key'] == $SETTINGS['accounthub']['key']) { | |||
continue; | |||
} | |||
?> | |||
<tr> | |||
<td></td> | |||
<td><form action="action.php" method="POST"> | |||
<input type="hidden" name="action" value="revokeapikey" /> | |||
<input type="hidden" name="source" value="apikeys" /> | |||
<input type="hidden" name="key" value="<?php echo $key['key']; ?>" /> | |||
<button type="submit" class="btn btn-danger btn-sm"><i class="fas fa-times"></i> <?php $Strings->get("Revoke"); ?></button> | |||
</form></td> | |||
<td><?php echo $key['key']; ?></td> | |||
<td><?php echo $key['type']; ?></td> | |||
<td><?php echo htmlentities($key['notes']); ?></td> | |||
</tr> | |||
<?php | |||
} | |||
?> | |||
</tbody> | |||
<tfoot> | |||
<tr> | |||
<th data-priority="0"></th> | |||
<th data-priority="1"><?php $Strings->get('actions'); ?></th> | |||
<th data-priority="1"><i class="fas fa-fw fa-key d-none d-md-inline"></i> <?php $Strings->get('Key'); ?></th> | |||
<th data-priority="1"><i class="fas fa-fw fa-list d-none d-md-inline"></i> <?php $Strings->get('Type'); ?></th> | |||
<th data-priority="2"><i class="fas fa-fw fa-sticky-note d-none d-md-inline"></i> <?php $Strings->get('Notes'); ?></th> | |||
</tfoot> | |||
</table> |
@@ -50,6 +50,8 @@ $SETTINGS = [ | |||
"permissions" => [ | |||
"ADMIN" | |||
], | |||
// Set to true to hide the API key in use by ManagePanel from the editor. | |||
"hide_api_key_in_use" => false, | |||
// For supported values, see http://php.net/manual/en/timezones.php | |||
"timezone" => "America/Denver", | |||
// Language to use for localization. See langs folder to add a language. |
@@ -0,0 +1,30 @@ | |||
/* This Source Code Form is subject to the terms of the Mozilla Public | |||
* License, v. 2.0. If a copy of the MPL was not distributed with this | |||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | |||
$('#apikeytable').DataTable({ | |||
responsive: { | |||
details: { | |||
display: $.fn.dataTable.Responsive.display.modal({ | |||
header: function (row) { | |||
var data = row.data(); | |||
return "<i class=\"fas fa-list fa-fw\"></i> " + data[1]; | |||
} | |||
}), | |||
renderer: $.fn.dataTable.Responsive.renderer.tableAll({ | |||
tableClass: 'table' | |||
}), | |||
type: "column" | |||
} | |||
}, | |||
columnDefs: [ | |||
{ | |||
targets: 0, | |||
className: 'control', | |||
orderable: false | |||
} | |||
], | |||
order: [ | |||
[1, 'desc'] | |||
], | |||
}); |