PrivateCoffee/wishthis
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Remove api token

Browse source
This commit is contained in:
grandeljay 2022-11-23 17:58:16 +01:00
parent 065f7f904f
commit be99e947c0
10 changed files with 33 additions and 108 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/assets/js/default.js
View file

@ -18,11 +18,11 @@ $(function() {
*/
/** API */
$.fn.api.settings.api = {
'get wishlists' : '/?page=api&module=wishlists&api_token={apitoken}',
'get wishlists by priority' : '/?page=api&module=wishlists&api_token={apitoken}&style={style}&wishlist_id={wishlistid}&priority={priority}',
'delete wishlist' : '/?page=api&module=wishlists',
'update wish status' : '/?page=api&module=wishes',
'delete wish' : '/?page=api&module=wishes',
'get wishlists' : '/?page=api&module=wishlists',
'get wishlists by priority' : '/?page=api&module=wishlists&style={style}&wishlist_id={wishlistid}&priority={priority}',
'delete wishlist' : '/?page=api&module=wishlists',
'update wish status' : '/?page=api&module=wishes',
'delete wish' : '/?page=api&module=wishes',
};
/** Default callbacks */

12
src/assets/js/home.js
View file

@ -4,11 +4,10 @@ $(function() {
*/
const params_statistics = new URLSearchParams(
{
'api_token' : wishthis.api.token,
'module' : 'statistics',
'page' : 'api',
'module' : 'statistics',
'page' : 'api',
'table' : 'all',
'table' : 'all',
}
);
@ -68,9 +67,8 @@ $(function() {
*/
const params_news = new URLSearchParams(
{
'api_token' : wishthis.api.token,
'module' : 'blog',
'page' : 'api',
'module' : 'blog',
'page' : 'api',
}
);

1
src/assets/js/html2canvas.js
View file

@ -17,7 +17,6 @@ window.addEventListener("load", (event) => {
.then(canvas => {
var data = new URLSearchParams();
data.append('preview', canvas.toDataURL());
data.append('api_token', wishthis.api.token);
data.append('page', wishthis.$_GET.page);
/** Save page preview */

5
src/assets/js/inline.js.php
View file

@ -17,11 +17,6 @@ global $options;
wishthis.locale = '<?= str_replace('_', '-', $this->language) ?>';
wishthis.$_GET = JSON.parse('<?= isset($_GET) ? json_encode($_GET) : json_encode(array()) ?>');
/** API */
wishthis.api = {
'token' : "<?= $options->getOption('api_token'); ?>",
};
/** Wish */
wishthis.wish = {
'status' : {

3
src/assets/js/parts/wishlist-filter.js
View file

@ -10,9 +10,6 @@ $(function () {
})
.api({
'action' : 'get wishlists by priority',
'urlData' : {
'apitoken' : wishthis.api.token,
},
beforeSend : function (settings) {
settings.urlData.style = $('input[name="style"]').val();
settings.urlData.priority = $('.ui.dropdown.filter.priority').dropdown('get value');

47
src/assets/js/parts/wishlists.js
View file

@ -16,9 +16,6 @@ $(function () {
var wishlists = [];
var wishlists_api = {
'action' : 'get wishlists',
'urlData' : {
'apitoken' : wishthis.api.token,
},
onSuccess : function(response, dropdown_wishlists, xhr) {
/** Save response for later use */
wishlists = response.results;
@ -68,9 +65,8 @@ $(function () {
/** Get wishlist */
const get_wishlist = new URLSearchParams(
{
'api_token' : wishthis.api.token,
'module' : 'wishlists',
'page' : 'api',
'module' : 'wishlists',
'page' : 'api',
'wishlist_id' : wishlist_id,
}
@ -99,9 +95,8 @@ $(function () {
const params_url = new URLSearchParams(
{
'api_token' : wishthis.api.token,
'module' : 'url',
'page' : 'api',
'module' : 'url',
'page' : 'api',
'url' : window.btoa(urlParams.toString()),
}
@ -125,9 +120,8 @@ $(function () {
/*
const get_wishes = new URLSearchParams(
{
'api_token' : wishthis.api.token,
'module' : 'wishes',
'page' : 'api',
'module' : 'wishes',
'page' : 'api',
'wishlist_id' : wishlist.id,
'wishlist_style' : $('[name="style"]').val(),
@ -247,9 +241,8 @@ $(function () {
const params_cache = new URLSearchParams(
{
'api_token' : wishthis.api.token,
'module' : 'wishes',
'page' : 'api',
'module' : 'wishes',
'page' : 'api',
'wish_id' : card.attr('data-id'),
'wishlist_user' : wishlist_user,
@ -313,7 +306,6 @@ $(function () {
var formRename = modalRename.find('.form.wishlist-rename');
var formData = new URLSearchParams(new FormData(formRename[0]));
formData.append('api_token', wishthis.api.token);
formData.append('wishlist_id', wishthis.$_GET.id);
fetch('/?page=api&module=wishlists', {
@ -397,8 +389,6 @@ $(function () {
action: 'delete wishlist',
method: 'DELETE',
data: {
'api_token' : wishthis.api.token,
'wishlistID' : wishlist_id
},
on: 'now',
@ -442,8 +432,6 @@ $(function () {
action : 'update wish status',
method : 'PUT',
data : {
'api_token' : wishthis.api.token,
'wish_id' : card.attr('data-id'),
'wish_status' : wishthis.strings.wish.status.fulfilled,
},
@ -485,9 +473,8 @@ $(function () {
var wishFormData = new URLSearchParams(
{
'api_token' : wishthis.api.token,
'module' : 'wishes',
'page' : 'api',
'module' : 'wishes',
'page' : 'api',
'wish_id' : wishID
}
@ -574,9 +561,7 @@ $(function () {
action : 'delete wish',
method : 'DELETE',
data : {
'api_token' : wishthis.api.token,
'wish_id': card.attr('data-id'),
'wish_id' : card.attr('data-id'),
},
on : 'now',
onSuccess : function () {
@ -678,7 +663,6 @@ $(function () {
buttonCreate.addClass('loading');
var formData = new URLSearchParams(new FormData(formWishlistCreate[0]));
formData.append('api_token', wishthis.api.token);
fetch('/?page=api&module=wishlists', {
method : 'POST',
@ -735,9 +719,8 @@ $(function () {
if (wishURLCurrent) {
const params_url = new URLSearchParams(
{
'api_token' : wishthis.api.token,
'module' : 'wishes',
'page' : 'api',
'module' : 'wishes',
'page' : 'api',
'wish_url' : wishURLCurrent
}
@ -775,8 +758,6 @@ $(function () {
const formData = new URLSearchParams(
{
'api_token' : wishthis.api.token,
'wish_url_current' : modalValidate.find('input.current').val(),
'wish_url_proposed' : modalValidate.find('input.proposed').val(),
}
@ -805,7 +786,6 @@ $(function () {
/** Save form edit fields */
/** This code block is a duplicate, please refactor */
var formData = new URLSearchParams(new FormData(formAddOrEdit[0]));
formData.append('api_token', wishthis.api.token);
formData.append('wishlist_id', wishthis.$_GET.id);
fetch('/?page=api&module=wishes', {
@ -838,7 +818,6 @@ $(function () {
/** Save form edit fields */
/** This code block is a duplicate, please refactor */
var formData = new URLSearchParams(new FormData(formAddOrEdit[0]));
formData.append('api_token', wishthis.api.token);
formData.append('wishlist_id', wishthis.$_GET.id);
fetch('/?page=api&module=wishes', {

15
src/assets/js/wishlist.js
View file

@ -47,8 +47,6 @@ $(function() {
action : 'update wish status',
method : 'PUT',
data : {
'api_token' : wishthis.api.token,
'wish_id' : card.attr('data-id'),
'wish_status' : wishthis.wish.status.temporary,
},
@ -68,8 +66,6 @@ $(function() {
action : 'update wish status',
method : 'PUT',
data : {
'api_token' : wishthis.api.token,
'wish_id' : card.attr('data-id'),
'wish_status' : wishthis.wish.status.unavailable,
},
@ -90,9 +86,7 @@ $(function() {
var formData = new URLSearchParams(
{
'api_token' : wishthis.api.token,
'wishlist' : $('[data-wishlist]').attr('data-wishlist'),
'wishlist' : $('[data-wishlist]').attr('data-wishlist'),
}
);
@ -121,9 +115,8 @@ $(function() {
/** Determine if list is saved */
const params_ws_saved = new URLSearchParams(
{
'api_token' : wishthis.api.token,
'module' : 'wishlists-saved',
'page' : 'api',
'module' : 'wishlists-saved',
'page' : 'api',
}
);
@ -168,8 +161,6 @@ $(function() {
var formData = new URLSearchParams(
{
'api_token' : wishthis.api.token,
'locale' : wishlist_locale,
'wishlist-id' : wishlist_id,
}

36
src/classes/api.php
View file

@ -17,8 +17,6 @@ class API
private string $module_path;
private array $input;
public string $token;
public function __construct()
{
global $options;
@ -27,43 +25,21 @@ class API
$this->module = $this->input['module'] ?? '';
$this->module_path = ROOT . '/src/api/' . $this->module . '.php';
$this->token = $options->getOption('api_token');
/** For installer */
if (empty($this->token)) {
$this->token = sha1(ROOT);
}
}
public function do()
{
if (file_exists($this->module_path)) {
if (!empty(trim($this->input['api_token']))) {
if ($this->input['api_token'] === $this->token) {
ob_start();
ob_start();
$response = array();
$response = array();
require $this->module_path;
require $this->module_path;
$response['warning'] = ob_get_clean();
$response['warning'] = ob_get_clean();
header('Content-type: application/json; charset=utf-8');
echo json_encode($response);
} else {
http_response_code(403);
?>
<h1>Forbidden</h1>
<p>The specified API token "<?= $this->input['api_token'] ?>" is invalid.</p>
<?php
}
} else {
http_response_code(403);
?>
<h1>Forbidden</h1>
<p>Please specify an API token.</p>
<?php
}
header('Content-type: application/json; charset=utf-8');
echo json_encode($response);
} else {
http_response_code(404);
?>

4
src/pages/install.php
View file

@ -43,7 +43,6 @@ switch ($step) {
<form class="ui form" action="<?= Page::PAGE_INSTALL ?>" method="POST">
<input type="hidden" name="step" value="<?= $step + 1; ?>" />
<input type="hidden" name="api_token" value="<?= sha1(ROOT) ?>">
<div class="ui error message"></div>
@ -251,8 +250,7 @@ switch ($step) {
`options` (`key`, `value`)
VALUES
("isInstalled", true),
("version", "' . VERSION . '"),
("api_token", UUID())
("version", "' . VERSION . '")
;'
);

8
src/update/1-7-1.sql
View file

@ -1,11 +1,3 @@
/**
* Options
*/
INSERT INTO
`options` (`key`, `value`)
VALUES
('api_token', UUID());
/**
* Sessions
*/