Skip to content
Snippets Groups Projects
Commit e0ec61b9 authored by Mark Tearle's avatar Mark Tearle
Browse files

Implement register API call

parent c09a9acf
No related merge requests found
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.*$ /quovadis/index.php [L,QSA]
...@@ -8,6 +8,7 @@ require_once('config.php'); ...@@ -8,6 +8,7 @@ require_once('config.php');
use Ramsey\Uuid\Uuid; use Ramsey\Uuid\Uuid;
use RestService\RestService; use RestService\RestService;
use GuzzleHttp\Client; use GuzzleHttp\Client;
use Leaf\Http\Response;
function check_username($username) { function check_username($username) {
// returns true if we get some info about the username // returns true if we get some info about the username
...@@ -29,13 +30,20 @@ function get_desec_txt($config, $name) { ...@@ -29,13 +30,20 @@ function get_desec_txt($config, $name) {
$restService = new RestService(); $restService = new RestService();
$path = "/api/v1/domains/" . $config['QV_DOMAIN'] . "/rrsets/" . $name . "/TXT/"; $path = "/api/v1/domains/" . $config['QV_DOMAIN'] . "/rrsets/" . $name . "/TXT/";
$auth_string = "Token ". $config['QV_DESEC_API']; $auth_string = "Token ". $config['QV_DESEC_API'];
$response = $restService try {
->setEndpoint('https://desec.io') $response = $restService
->setRequestHeaders([ ->setEndpoint('https://desec.io')
'Authorization' => $auth_string ->setRequestHeaders([
]) 'Authorization' => $auth_string
->get($path, [], [], false); ])
->get($path, [], [], false);
} catch (Exception $e) {
if( $e->getMessage() == "Not Found" ) {
return "";
}
throw new Exception($e->getMessage(), $e->getCode());
}
$result = json_decode($response->getBody(), true); $result = json_decode($response->getBody(), true);
if (array_key_exists('records', $result)) { if (array_key_exists('records', $result)) {
...@@ -45,9 +53,14 @@ function get_desec_txt($config, $name) { ...@@ -45,9 +53,14 @@ function get_desec_txt($config, $name) {
} }
} }
function check_api_key($api_key) { function encrypt_api_key($api_key) {
return bin2hex(password_hash($api_key, PASSWORD_DEFAULT));
}
function check_api_key($config, $username, $api_key) {
// API keys need to be alpha numeric // API keys need to be alpha numeric
return 1; $hash = hex2bin(get_desec_txt($config, $username));
return password_verify($api_key, $hash);
} }
function check_challenge($challenge) { function check_challenge($challenge) {
...@@ -71,7 +84,6 @@ function check_challenge($challenge) { ...@@ -71,7 +84,6 @@ function check_challenge($challenge) {
// //
function update_desec_txt($config, $name, $txt) { function update_desec_txt($config, $name, $txt) {
$path = "/api/v1/domains/" . $config['QV_DOMAIN'] . "/rrsets/" . $name . "/TXT/";
$auth_string = "Token ". $config['QV_DESEC_API']; $auth_string = "Token ". $config['QV_DESEC_API'];
$headers = [ $headers = [
'Authorization' => $auth_string, 'Authorization' => $auth_string,
...@@ -79,7 +91,13 @@ function update_desec_txt($config, $name, $txt) { ...@@ -79,7 +91,13 @@ function update_desec_txt($config, $name, $txt) {
]; ];
if (get_desec_txt($config, $name) == "") {
$method = 'POST';
$path = "/api/v1/domains/" . $config['QV_DOMAIN'] . "/rrsets/";
} else {
$method = 'PUT';
$path = "/api/v1/domains/" . $config['QV_DOMAIN'] . "/rrsets/" . $name . "/TXT/";
}
$val = [ $val = [
'subname' => $name, 'subname' => $name,
...@@ -98,7 +116,7 @@ function update_desec_txt($config, $name, $txt) { ...@@ -98,7 +116,7 @@ function update_desec_txt($config, $name, $txt) {
]); ]);
try { try {
$response = $client->request('PUT', $path, [ 'headers'=>$headers, 'body'=>$body ]); $response = $client->request($method, $path, [ 'headers'=>$headers, 'body'=>$body ]);
} catch (ClientException $e) { } catch (ClientException $e) {
throw new Exception($e->getResponse()->getReasonPhrase(), $e->getResponse()->getStatusCode()); throw new Exception($e->getResponse()->getReasonPhrase(), $e->getResponse()->getStatusCode());
} catch (BadResponseException $e) { } catch (BadResponseException $e) {
...@@ -115,16 +133,37 @@ function update_desec_txt($config, $name, $txt) { ...@@ -115,16 +133,37 @@ function update_desec_txt($config, $name, $txt) {
} }
} }
// Send email to user with API key
function email_api_key($username, $api_key) {
$headers = array(
'From' => 'quovadis@ucc.asn.au',
'Reply-To' => 'wheel@ucc.asn.au',
'X-Mailer' => 'PHP/' . phpversion()
);
// The message
$message = "Quovadis\r\n\r\nUCC DNS Helper\r\nYour API key is: $api_key";
// In case any of our lines are larger than 70 characters, we should use wordwrap()
$message = wordwrap($message, 70, "\r\n");
// Send
mail($username . '@ucc.asn.au', 'Quoavadis API Key', $message, $headers);
}
// Instantiate Leaf // Instantiate Leaf
$leaf = new Leaf\App; $leaf = new Leaf\App();
#$response = new Leaf\Http\Response();
// Add routes // Add routes
$leaf->get('/', function () use($leaf) { $leaf->get('/', function () use($leaf) {
$config=get_config(); $config=get_config();
$s = update_desec_txt($config, "mtearle-test", "test flight"); $s = update_desec_txt($config, "mtearle-test", "test flight");
$r = get_desec_txt($config, "mtearle-test"); $r = get_desec_txt($config, "mtearle-test");
$r2 = get_desec_txt($config, "mtearle");
// since the response object is directly tied to the leaf instance // since the response object is directly tied to the leaf instance
$html = '<h5>My first Leaf app</h5>' . $r . " --- ". $s; $html = '<h5>My first Leaf app</h5>' . $r . " --- ". $s . "----" . $r2;
$leaf->response()->markup($html); $leaf->response()->markup($html);
}); });
...@@ -138,11 +177,20 @@ $leaf->post('/register', function () use($leaf) { ...@@ -138,11 +177,20 @@ $leaf->post('/register', function () use($leaf) {
// * UCC username // * UCC username
// //
// Will email to your UCC email address an API key to use with the service // Will email to your UCC email address an API key to use with the service
$config=get_config();
$username = $leaf->request->get('username'); $username = $leaf->request->get('username');
// Check username is valid // Check username is valid
if ( !check_username($username) ) { if ( !check_username($username) ) {
$leaf->response->respond(["message" => $username." not valid"]); $leaf->response->json(["message" => $username." not valid"],200);
return;
}
// Check there is no existing API key registered for the user
$a = get_desec_txt($config, $username);
if ( $a <> "" ) {
$leaf->response->json(["message" => $username." already registered"],200);
return; return;
} }
...@@ -150,10 +198,12 @@ $leaf->post('/register', function () use($leaf) { ...@@ -150,10 +198,12 @@ $leaf->post('/register', function () use($leaf) {
$api_key = Uuid::uuid4()->toString(); $api_key = Uuid::uuid4()->toString();
// Stick API key encrypted into the DNS // Stick API key encrypted into the DNS
$u = update_desec_txt($config, $username, encrypt_api_key($api_key));
// Email API key // Email API key
email_api_key($username, $api_key);
$leaf->response->respond(["message" => $username." has been added and email sent"]); $leaf->response->json(["message" => $username." has been added and email sent"],200);
}); });
$leaf->post('/update-api-key', function () use($leaf) { $leaf->post('/update-api-key', function () use($leaf) {
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment