fixed messing with invalid api key

Signed-off-by: tracer <tracer@24unix.net>
This commit is contained in:
tracer 2022-01-27 15:16:20 +01:00
parent d1182c6243
commit 2e779ed606
1 changed files with 16 additions and 8 deletions

View File

@ -99,15 +99,20 @@ class RequestController
} else { } else {
[$prefix,] = explode(separator: '.', string: $apiKey); [$prefix,] = explode(separator: '.', string: $apiKey);
$apiUsers = new ApiKeys(databaseConnection: $this->databaseConnection); $apiUsers = new ApiKeys(databaseConnection: $this->databaseConnection);
$apiResult = $apiUsers->findByPrefix(prefix: $prefix); if ($apiResult = $apiUsers->findByPrefix(prefix: $prefix)) {
$storedHash = $apiResult['api_token']; $storedHash = $apiResult['api_token'];
if (!password_verify(password: $apiKey, hash: $storedHash)) { if (!password_verify(password: $apiKey, hash: $storedHash)) {
$this->header = "401 Unauthorized"; $this->header = "401 Unauthorized";
$this->status = "401 Unauthorized"; $this->status = "401 Unauthorized";
$this->message = "API key mismatch."; $this->message = "API key mismatch.";
return false; return false;
} }
} else {
$this->header = "401 Unauthorized";
$this->status = "401 Unauthorized";
$this->message = "API key not found.";
return false;
}
} }
return true; return true;
} }
@ -137,18 +142,21 @@ class RequestController
public function handleDomainPostRequest(): void public function handleDomainPostRequest(): void
{ {
$name = $_POST['name'] ?? ''; $name = $_POST['name'] ?? '';
$panelID = $_POST['panel_id'] ?? ''; $panelID = intval(value: $_POST['panel_id'] ?? 0);
$a = $_POST['a'] ?? ''; $a = $_POST['a'] ?? '';
$aaaa = $_POST['aaaa'] ?? ''; $aaaa = $_POST['aaaa'] ?? '';
if (empty($name)) { if (empty($name)) {
$this->header = "400 Bad Request";
$this->status = "400 Bad Request"; $this->status = "400 Bad Request";
$this->message = "A name is required"; $this->message = "A name is required";
} else { } else {
if (empty($a) && empty($aaaa)) { if (empty($a) && empty($aaaa) && empty($panelID)) {
$this->header = "400 Bad Request";
$this->status = "400 Bad Request"; $this->status = "400 Bad Request";
$this->message = "At least one IP address is required."; $this->message = "At least one IP address or panel ID is required.";
} else { } else {
if ($this->domainController->findByName(name: $name)) { if ($this->domainController->findByName(name: $name)) {
$this->header = "400 Bad request";
$this->status = "400 Bad request"; $this->status = "400 Bad request";
$this->message = "Domain: $name already exists."; $this->message = "Domain: $name already exists.";
} else { } else {