From 8aa922af47ed4399efa2504cd134a6d26d4f464b Mon Sep 17 00:00:00 2001
From: Mark Tearle <mtearle@ucc.asn.au>
Date: Sun, 7 Feb 2021 14:51:36 +0800
Subject: [PATCH] Added update-api-key call

---
 quovadis/quovadis.php | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/quovadis/quovadis.php b/quovadis/quovadis.php
index 39141ac..e69b0f1 100644
--- a/quovadis/quovadis.php
+++ b/quovadis/quovadis.php
@@ -220,21 +220,35 @@ $leaf->post('/update-api-key', function () use($leaf) {
 // Will update API key
 // 
 // Will email to your UCC email address noting that the API key has been updated
+    $config=get_config();
+
     $username = $leaf->request->get('username');
     $api_key = $leaf->request->get('api_key');
     $new_api_key = $leaf->request->get('new_api_key');
     
     // Check username is valid
-    
+    if ( !check_username($username) ) {
+        $leaf->response->json(["message" => $username." not valid"],200);
+	return;
+    }
+
     // Check API key
+    if ( !check_api_key($config, $username, $api_key) ) {
+        $leaf->response->json(["message" => "API key for " .$username." not valid"],200);
+	return;
+    }
     
     
     // Encrypt API key
-    
     // Stick API key encrypted into the DNS
+    $u = update_desec_txt($config, $username, encrypt_api_key($new_api_key));
+    
+    
+    $leaf->response->json(["message" => $username." API key has been updated"],200);
     
     // Email user to let them know API key has updated
-
+    // Email API key
+    email_api_key($username, "(REDACTED, set by user)");
 });
 
 $leaf->post('/update-challenge', function () use($leaf) {
-- 
GitLab