mirror/php-flextype
1
0
Fork 0
mirror of https://github.com/flextype/flextype.git synced 2025-08-07 05:36:54 +02:00
Code Issues Releases Wiki Activity

feat(endpoints): update validateApiRequest logic #565

Browse Source
This commit is contained in:
Awilum
2021-08-14 12:11:14 +03:00
parent 84566cf5b0
commit 9ad066c6ec
1 changed files with 33 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/flextype/core/Endpoints/Api.php
View File

@@ -68,13 +68,35 @@ class Api
return $this->getStatusCodeMessage(400);
}
$data = array_merge($options['request']->getQueryParams() ?? [], $options['request']->getParsedBody() ?? []);
if (! isset($options['params'])) {
return $this->getStatusCodeMessage(400);
}
$queryData = $options['request']->getQueryParams() ?? [];
$bodyData = $options['request']->getParsedBody() ?? [];
$data = array_merge($queryData, $bodyData);
$dataTest = true;
foreach ($options['params'] as $key => $value) {
if (! in_array($value, array_flip($data))) {
$dataTest = false;
}
}
if (! $dataTest) {
return $this->getStatusCodeMessage(400);
}
// Check is api enabled
if (! registry()->get('flextype.settings.api.' . $options['api'] . '.enabled')) {
return $this->getStatusCodeMessage(400);
}
if (! tokens()->has($data['token'])) {
return $this->getStatusCodeMessage(401);
}
// Fetch token
$tokenData = tokens()->fetch($data['token']);
@@ -91,6 +113,16 @@ class Api
return $this->getStatusCodeMessage(400);
}
if (isset($data['access_token'])) {
if (! isset($tokenData['hashed_access_token'])) {
return $this->getStatusCodeMessage(401);
}
if (! password_verify($data['access_token'], $tokenData['hashed_access_token'])) {
return $this->getStatusCodeMessage(401);
}
}
// Update token calls
tokens()->update($data['token'], ['calls' => $tokenData['calls'] + 1]);