patch

lbr38 · Nov 4, 2023 · 4bc6d98 · 4bc6d98
1 parent 57da29f
commit 4bc6d98
Show file tree

Hide file tree

Showing 12 changed files with 269 additions and 128 deletions.
diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -75,8 +75,8 @@ RUN usermod -a -G repomanager www-data
 RUN chown -R www-data:repomanager $WWW_DIR $DATA_DIR $REPOS_DIR
 
 # Copy entrypoint script
-RUN cp /tmp/repomanager/docker/entrypoint.sh /tmp/entrypoint.sh
-RUN chmod 700 /tmp/entrypoint.sh
+RUN cp /tmp/repomanager/docker/entrypoint.sh /entrypoint.sh
+RUN chmod 700 /entrypoint.sh
 
 # Clean
 RUN rm -rf /tmp/repomanager
@@ -87,4 +87,4 @@ EXPOSE 8080
 # Set working dir
 WORKDIR ${DATA_DIR}
 
-ENTRYPOINT ["/tmp/entrypoint.sh"]
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
@@ -16,7 +16,7 @@ if [ ! -z "$FQDN" ];then
     echo $FQDN > /etc/mailname
 
     # Repomanager configuration
-    echo $FQDN > /var/www/repomanager/.fqdn
+    echo $FQDN > "$WWW_DIR/.fqdn"
 fi
 if [ ! -z "$MAX_UPLOAD_SIZE" ];then
     # Nginx configuration

diff --git a/www/controllers/Api/Api.php b/www/controllers/Api/Api.php
@@ -9,14 +9,15 @@ class Api
     private $method;
     private $uri;
     private $route;
+    private $authHeader;
     private $data;
     private $authenticationController;
     private $apiKeyAuthentication = false;
     private $hostAuthentication = false;
 
     public function __construct()
     {
-        $this->authenticationController = new \Controllers\Api\Authentication\Authentication();
+        $this->authenticationController = new \Controllers\Api\Authentication();
 
         /**
          *  Exit if method is not allowed
@@ -28,30 +29,37 @@ public function __construct()
         }
 
         /**
-         *  Get method
+         *  Retrieve method
          */
         $this->method = $_SERVER['REQUEST_METHOD'];
 
         /**
-         *  Retrieve data
+         *  Retrieve JSON data if any
          */
         $this->data = json_decode(file_get_contents("php://input"));
 
         /**
-         *  Quit on error if no data was sent
+         *  Retrieve authentication header if any
          */
-        if (empty($this->data)) {
-            self::returnError(400, 'Missing data.');
+        if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
+            $this->authHeader = $_SERVER['HTTP_AUTHORIZATION'];
         }
 
+        /**
+         *  Quit on error if no data was sent
+         */
+        // if (empty($this->data)) {
+        //     self::returnError(400, 'Missing data.');
+        // }
+
         /**
          *  Retrieve URI
          */
         $this->uri = parse_url($_SERVER['REQUEST_URI'], PHP_URL_PATH);
         $this->uri = explode('/', $this->uri);
 
         /**
-         *  Get route from URI
+         *  Retrieve route from URI
          */
         $this->route = $this->uri[3];
 
@@ -76,7 +84,7 @@ public function __construct()
         /**
          *  Check if authentication is valid from data sent
          */
-        if (!$this->authenticationController->valid($this->data)) {
+        if (!$this->authenticationController->valid($this->authHeader, $this->data)) {
             self::returnError(401, 'Bad credentials.');
         }
 
@@ -124,9 +132,24 @@ public function run()
             /**
              *  Call API controller
              */
-            $myapiController = new $apiControllerPath($this->method, $this->uri, $this->data);
+            $myapiController = new $apiControllerPath($this->method, $this->uri);
+
+            /**
+             *  Set authentication method (true or false)
+             */
             $myapiController->setApiKeyAuthentication($this->apiKeyAuthentication);
             $myapiController->setHostAuthentication($this->hostAuthentication);
+
+            /**
+             *  Set JSON data if any
+             */
+            if (!empty($this->data)) {
+                $myapiController->setJsonData($this->data);
+            }
+
+            /**
+             *  Execute API controller and return results
+             */
             $resultArray = $myapiController->execute();
             self::returnSuccess($resultArray);
         } catch (Exception $e) {

diff --git a/...ers/Api/Authentication/Authentication.php → www/controllers/Api/Authentication.php b/...ers/Api/Authentication/Authentication.php → www/controllers/Api/Authentication.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace Controllers\Api\Authentication;
+namespace Controllers\Api;
 
 use Exception;
 
@@ -29,15 +29,20 @@ public function getHostAuthenticationStatus()
 
     /**
      *  Check if authentication is valid
-     *  It can be an API key authentication or a host authId and token authentication
+     *  It can be an API key authentication or a host authId+token authentication
      */
-    public function valid(object $data)
-    {
+    public function valid(string $authHeader = null, object $data = null)
+    {       
         /**
-         *  If API key is specified
+         *  If API key is specified through the Authorization header
+         *  e.g. "Authorization: Bearer <API_KEY>"
          */
-        if (!empty($data->apikey)) {
-            $apiKey = $data->apikey;
+        if (!empty($authHeader) && strpos($authHeader, 'Bearer ') === 0) {
+            /**
+             *  Extract the token
+             *  Remove "Bearer " from the header
+             */
+            $apiKey = substr($authHeader, 7);
         }
 
         /**
@@ -72,6 +77,15 @@ public function valid(object $data)
              *  Set apiKeyAuthentication to true if API key is valid
              */
             $this->apiKeyAuthentication = true;
+
+            /**
+             *  Check if API key is an Admin API key
+             */
+            if ($this->loginController->apiKeyIsAdmin($apiKey)) {
+                if (!defined('IS_API_ADMIN')) {
+                    define('IS_API_ADMIN', true);
+                }
+            }
         }
 
         /**

diff --git a/www/controllers/Api/Controller.php b/www/controllers/Api/Controller.php
@@ -0,0 +1,44 @@
+<?php
+
+namespace Controllers\Api;
+
+use Exception;
+
+class Controller
+{
+    protected $method;
+    protected $uri;
+    protected $data;
+    protected $apiKeyAuthentication = false;
+    protected $hostAuthentication = false;
+
+    public function __construct(string $method, array $uri)
+    {
+        $this->method = $method;
+        $this->uri = $uri;
+    }
+
+    /**
+     *  Set API key authentication status (true or false)
+     */
+    public function setApiKeyAuthentication(bool $apiKeyAuthentication)
+    {
+        $this->apiKeyAuthentication = $apiKeyAuthentication;
+    }
+
+    /**
+     *  Set host authentication status (true or false)
+     */
+    public function setHostAuthentication(bool $hostAuthentication)
+    {
+        $this->hostAuthentication = $hostAuthentication;
+    }
+
+    /**
+     *  Set retrieved JSON data from request
+     */
+    public function setJsonData(object $data)
+    {
+        $this->data = $data;
+    }
+}