Implement register API call

e0ec61b9 · Mark Tearle · c09a9acf · e0ec61b9 · e0ec61b9
Commit e0ec61b9 authored 4 years ago by Mark Tearle
--- a/.htaccess
+++ b/.htaccess
+RewriteEngine on
+RewriteCond %{REQUEST_FILENAME} !-f
+RewriteCond %{REQUEST_FILENAME} !-d
+RewriteRule ^.*$ /quovadis/index.php [L,QSA]
--- a/quovadis/quovadis.php
+++ b/quovadis/quovadis.php
@@ -8,6 +8,7 @@ require_once('config.php');
 use Ramsey\Uuid\Uuid;
 use RestService\RestService;
 use GuzzleHttp\Client;
+use Leaf\Http\Response;

 function check_username($username) {
 	// returns true if we get some info about the username
@@ -29,13 +30,20 @@ function get_desec_txt($config, $name) {
 	$restService = new RestService();
 	$path = "/api/v1/domains/" . $config['QV_DOMAIN'] . "/rrsets/" . $name . "/TXT/";
 	$auth_string = "Token ". $config['QV_DESEC_API'];
-	
-	$response = $restService
-		->setEndpoint('https://desec.io')
-		->setRequestHeaders([
-			'Authorization' => $auth_string
-			])
-		->get($path, [], [], false);
+
+	try {	
+		$response = $restService
+			->setEndpoint('https://desec.io')
+			->setRequestHeaders([
+				'Authorization' => $auth_string
+				])
+			->get($path, [], [], false);
+	} catch (Exception $e) {
+		if( $e->getMessage() == "Not Found" ) {
+			return "";
+		}
+        	throw new Exception($e->getMessage(), $e->getCode());
+        }

 	$result = json_decode($response->getBody(), true);
 	if (array_key_exists('records', $result)) {
@@ -45,9 +53,14 @@ function get_desec_txt($config, $name) {
 	}
 }

-function check_api_key($api_key) {
+function encrypt_api_key($api_key) {
+	return bin2hex(password_hash($api_key, PASSWORD_DEFAULT));
+}
+
+function check_api_key($config, $username, $api_key) {
 	// API keys need to be alpha numeric
-	return 1;
+        $hash = hex2bin(get_desec_txt($config, $username));
+	return password_verify($api_key, $hash);
 }

 function check_challenge($challenge) {
@@ -71,7 +84,6 @@ function check_challenge($challenge) {
 //

 function update_desec_txt($config, $name, $txt) {
-	$path = "/api/v1/domains/" . $config['QV_DOMAIN'] . "/rrsets/" . $name . "/TXT/";
 	$auth_string = "Token ". $config['QV_DESEC_API'];
 	$headers = [
 		'Authorization' => $auth_string,
@@ -79,7 +91,13 @@ function update_desec_txt($config, $name, $txt) {

 	];

-
+	if (get_desec_txt($config, $name) == "") {
+		$method = 'POST';
+		$path = "/api/v1/domains/" . $config['QV_DOMAIN'] . "/rrsets/";
+	} else {
+		$method = 'PUT';
+		$path = "/api/v1/domains/" . $config['QV_DOMAIN'] . "/rrsets/" . $name . "/TXT/";
+	}

 	$val =	[
 			'subname' => $name,
@@ -98,7 +116,7 @@ function update_desec_txt($config, $name, $txt) {
 	]);

        try {
-	    $response = $client->request('PUT', $path, [ 'headers'=>$headers, 'body'=>$body ]);
+	    $response = $client->request($method, $path, [ 'headers'=>$headers, 'body'=>$body ]);
        } catch (ClientException $e) {
            throw new Exception($e->getResponse()->getReasonPhrase(), $e->getResponse()->getStatusCode());
        } catch (BadResponseException $e) {
@@ -115,16 +133,37 @@ function update_desec_txt($config, $name, $txt) {
 	}
 }

+// Send email to user with API key
+
+function email_api_key($username, $api_key) {
+    $headers = array(
+        'From' => 'quovadis@ucc.asn.au',
+        'Reply-To' => 'wheel@ucc.asn.au',
+        'X-Mailer' => 'PHP/' . phpversion()
+    );
+
+    // The message
+    $message = "Quovadis\r\n\r\nUCC DNS Helper\r\nYour API key is: $api_key";
+
+    // In case any of our lines are larger than 70 characters, we should use wordwrap()
+    $message = wordwrap($message, 70, "\r\n");
+
+    // Send
+    mail($username . '@ucc.asn.au', 'Quoavadis API Key', $message, $headers);
+}
+
 // Instantiate Leaf
-$leaf = new Leaf\App;
+$leaf = new Leaf\App();
+#$response = new Leaf\Http\Response();

 // Add routes
 $leaf->get('/', function () use($leaf) {
   $config=get_config();
   $s = update_desec_txt($config, "mtearle-test", "test flight");
   $r = get_desec_txt($config, "mtearle-test");
+   $r2 = get_desec_txt($config, "mtearle");
    // since the response object is directly tied to the leaf instance
-   $html = '<h5>My first Leaf app</h5>' . $r . " --- ". $s;
+   $html = '<h5>My first Leaf app</h5>' . $r . " --- ". $s . "----" . $r2;
   $leaf->response()->markup($html);
 });

@@ -138,11 +177,20 @@ $leaf->post('/register', function () use($leaf) {
 // * UCC username
 // 
 // Will email to your UCC email address an API key to use with the service
+    $config=get_config();
+
    $username = $leaf->request->get('username');

    // Check username is valid
    if ( !check_username($username) ) {
-        $leaf->response->respond(["message" => $username." not valid"]);
+        $leaf->response->json(["message" => $username." not valid"],200);
+	return;
+    }
+
+    // Check there is no existing API key registered for the user
+    $a = get_desec_txt($config, $username);
+    if ( $a <> "" ) {
+        $leaf->response->json(["message" => $username." already registered"],200);
 	return;
    }

@@ -150,10 +198,12 @@ $leaf->post('/register', function () use($leaf) {
    $api_key = Uuid::uuid4()->toString();
    
    // Stick API key encrypted into the DNS
+    $u = update_desec_txt($config, $username, encrypt_api_key($api_key));
    
    // Email API key
+    email_api_key($username, $api_key);
    
-    $leaf->response->respond(["message" => $username." has been added and email sent"]);
+    $leaf->response->json(["message" => $username." has been added and email sent"],200);
 });

 $leaf->post('/update-api-key', function () use($leaf) {