github/myvesta
1
0
Fork 0
mirror of https://github.com/myvesta/vesta synced 2025-08-20 13:24:25 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge pull request #263 from EminezArtus/master

Browse source 
Web API fixes and add-ons
This commit is contained in:
Serghey Rodin 2014-12-11 17:24:45 +02:00
commit fdcc119623
2 changed files with 47 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

41
bin/v-generate-api-key Normal file
View file

@ -0,0 +1,41 @@
#!/bin/bash
# info: generate api key
# options: none
#
# The function creates a key file in /usr/local/vesta/data/keys/
#----------------------------------------------------------#
# Variable&Function #
#----------------------------------------------------------#
keygen()
{
cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w ${1:-32} | head -n 1
}
KEYS='/usr/local/vesta/data/keys/'
HASH=$(keygen)
#----------------------------------------------------------#
# Action #
#----------------------------------------------------------#
if [ ! -d ${KEYS} ]; then
mkdir ${KEYS}
fi
if [[ -e ${KEYS}${HASH} ]] ; then
while [[ -e ${KEYS}${HASH} ]] ; do
HASH=$(keygen)
done
fi
touch ${KEYS}${HASH}
echo ${HASH}
#----------------------------------------------------------#
# Vesta #
#----------------------------------------------------------#
exit

13
web/api/index.php
View file

@ -6,6 +6,12 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
// Authentication // Authentication
$auth_code = 1; $auth_code = 1;
if (empty($_POST['hash'])) { if (empty($_POST['hash'])) {
// Check user permission to use API
if ($_POST['user'] != 'admin') {
echo 'Error: only admin is allowed to use API';
exit;
}
$v_user = escapeshellarg($_POST['user']); $v_user = escapeshellarg($_POST['user']);
$v_password = escapeshellarg($_POST['password']); $v_password = escapeshellarg($_POST['password']);
exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$_SERVER["REMOTE_ADDR"]."'", $output, $auth_code); exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$_SERVER["REMOTE_ADDR"]."'", $output, $auth_code);
@ -20,13 +26,6 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
echo 'Error: authentication failed'; echo 'Error: authentication failed';
exit; exit;
} }
// Check user permission to use API
if ($_POST['user'] != 'admin') {
echo 'Error: only admin is allowed to use API';
exit;
}
// Prepare arguments // Prepare arguments
if (isset($_POST['cmd'])) $cmd = escapeshellarg($_POST['cmd']); if (isset($_POST['cmd'])) $cmd = escapeshellarg($_POST['cmd']);