Commit e0ec61b9 authored by Mark Tearle's avatar Mark Tearle

Implement register API call

parent c09a9acf
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ /quovadis/index.php [L,QSA]
......@@ -8,6 +8,7 @@ require_once('config.php');
use Ramsey\Uuid\Uuid;
use RestService\RestService;
use GuzzleHttp\Client;
use Leaf\Http\Response;
function check_username($username) {
// returns true if we get some info about the username
......@@ -29,13 +30,20 @@ function get_desec_txt($config, $name) {
$restService = new RestService();
$path = "/api/v1/domains/" . $config['QV_DOMAIN'] . "/rrsets/" . $name . "/TXT/";
$auth_string = "Token ". $config['QV_DESEC_API'];
$response = $restService
->setEndpoint('https://desec.io')
->setRequestHeaders([
'Authorization' => $auth_string
])
->get($path, [], [], false);
try {
$response = $restService
->setEndpoint('https://desec.io')
->setRequestHeaders([
'Authorization' => $auth_string
])
->get($path, [], [], false);
} catch (Exception $e) {
if( $e->getMessage() == "Not Found" ) {
return "";
}
throw new Exception($e->getMessage(), $e->getCode());
}
$result = json_decode($response->getBody(), true);
if (array_key_exists('records', $result)) {
......@@ -45,9 +53,14 @@ function get_desec_txt($config, $name) {
}
}
function check_api_key($api_key) {
function encrypt_api_key($api_key) {
return bin2hex(password_hash($api_key, PASSWORD_DEFAULT));
}
function check_api_key($config, $username, $api_key) {
// API keys need to be alpha numeric
return 1;
$hash = hex2bin(get_desec_txt($config, $username));
return password_verify($api_key, $hash);
}
function check_challenge($challenge) {
......@@ -71,7 +84,6 @@ function check_challenge($challenge) {
//
function update_desec_txt($config, $name, $txt) {
$path = "/api/v1/domains/" . $config['QV_DOMAIN'] . "/rrsets/" . $name . "/TXT/";
$auth_string = "Token ". $config['QV_DESEC_API'];
$headers = [
'Authorization' => $auth_string,
......@@ -79,7 +91,13 @@ function update_desec_txt($config, $name, $txt) {
];
if (get_desec_txt($config, $name) == "") {
$method = 'POST';
$path = "/api/v1/domains/" . $config['QV_DOMAIN'] . "/rrsets/";
} else {
$method = 'PUT';
$path = "/api/v1/domains/" . $config['QV_DOMAIN'] . "/rrsets/" . $name . "/TXT/";
}
$val = [
'subname' => $name,
......@@ -98,7 +116,7 @@ function update_desec_txt($config, $name, $txt) {
]);
try {
$response = $client->request('PUT', $path, [ 'headers'=>$headers, 'body'=>$body ]);
$response = $client->request($method, $path, [ 'headers'=>$headers, 'body'=>$body ]);
} catch (ClientException $e) {
throw new Exception($e->getResponse()->getReasonPhrase(), $e->getResponse()->getStatusCode());
} catch (BadResponseException $e) {
......@@ -115,16 +133,37 @@ function update_desec_txt($config, $name, $txt) {
}
}
// Send email to user with API key
function email_api_key($username, $api_key) {
$headers = array(
'From' => '[email protected]',
'Reply-To' => '[email protected]',
'X-Mailer' => 'PHP/' . phpversion()
);
// The message
$message = "Quovadis\r\n\r\nUCC DNS Helper\r\nYour API key is: $api_key";
// In case any of our lines are larger than 70 characters, we should use wordwrap()
$message = wordwrap($message, 70, "\r\n");
// Send
mail($username . '@ucc.asn.au', 'Quoavadis API Key', $message, $headers);
}
// Instantiate Leaf
$leaf = new Leaf\App;
$leaf = new Leaf\App();
#$response = new Leaf\Http\Response();
// Add routes
$leaf->get('/', function () use($leaf) {
$config=get_config();
$s = update_desec_txt($config, "mtearle-test", "test flight");
$r = get_desec_txt($config, "mtearle-test");
$r2 = get_desec_txt($config, "mtearle");
// since the response object is directly tied to the leaf instance
$html = '<h5>My first Leaf app</h5>' . $r . " --- ". $s;
$html = '<h5>My first Leaf app</h5>' . $r . " --- ". $s . "----" . $r2;
$leaf->response()->markup($html);
});
......@@ -138,11 +177,20 @@ $leaf->post('/register', function () use($leaf) {
// * UCC username
//
// Will email to your UCC email address an API key to use with the service
$config=get_config();
$username = $leaf->request->get('username');
// Check username is valid
if ( !check_username($username) ) {
$leaf->response->respond(["message" => $username." not valid"]);
$leaf->response->json(["message" => $username." not valid"],200);
return;
}
// Check there is no existing API key registered for the user
$a = get_desec_txt($config, $username);
if ( $a <> "" ) {
$leaf->response->json(["message" => $username." already registered"],200);
return;
}
......@@ -150,10 +198,12 @@ $leaf->post('/register', function () use($leaf) {
$api_key = Uuid::uuid4()->toString();
// Stick API key encrypted into the DNS
$u = update_desec_txt($config, $username, encrypt_api_key($api_key));
// Email API key
email_api_key($username, $api_key);
$leaf->response->respond(["message" => $username." has been added and email sent"]);
$leaf->response->json(["message" => $username." has been added and email sent"],200);
});
$leaf->post('/update-api-key', function () use($leaf) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment