Merge pull request #263 from EminezArtus/master

Web API fixes and add-ons
2025-08-20 13:24:25 -07:00 · 2014-12-11 17:24:45 +02:00 · 2014-12-11 17:24:45 +02:00 · fdcc119623
commit fdcc119623
parent 1ef0360638 00a393f4ac
2 changed files with 47 additions and 7 deletions
--- a/bin/v-generate-api-key
+++ b/bin/v-generate-api-key
@ -0,0 +1,41 @@
+#!/bin/bash
+# info: generate api key
+# options: none
+#
+# The function creates a key file in /usr/local/vesta/data/keys/
+
+
+#----------------------------------------------------------#
+#                    Variable&Function                     #
+#----------------------------------------------------------#
+
+keygen()
+{
+    cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w ${1:-32} | head -n 1
+}
+KEYS='/usr/local/vesta/data/keys/'
+HASH=$(keygen)
+
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+if [ ! -d ${KEYS} ]; then
+  mkdir ${KEYS}
+fi
+
+if [[ -e ${KEYS}${HASH} ]] ; then
+    while [[ -e ${KEYS}${HASH} ]] ; do
+        HASH=$(keygen)
+    done
+fi
+
+touch ${KEYS}${HASH}
+echo ${HASH}
+
+#----------------------------------------------------------#
+#                       Vesta                              #
+#----------------------------------------------------------#
+
+exit
--- a/web/api/index.php
+++ b/web/api/index.php
@ -6,6 +6,12 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
    // Authentication
    $auth_code = 1;
    if (empty($_POST['hash'])) {
+        // Check user permission to use API
+        if ($_POST['user'] != 'admin') {
+            echo 'Error: only admin is allowed to use API';
+            exit;
+        }
+        
        $v_user = escapeshellarg($_POST['user']);
        $v_password = escapeshellarg($_POST['password']);
        exec(VESTA_CMD ."v-check-user-password ".$v_user." ".$v_password." '".$_SERVER["REMOTE_ADDR"]."'",  $output, $auth_code);
@ -21,13 +27,6 @@ if (isset($_POST['user']) || isset($_POST['hash'])) {
        exit;
    }
    
-    // Check user permission to use API
-    if ($_POST['user'] != 'admin') {
-        echo 'Error: only admin is allowed to use API';
-        exit;
-    }
-    
-    
    // Prepare arguments
    if (isset($_POST['cmd'])) $cmd = escapeshellarg($_POST['cmd']);
    if (isset($_POST['arg1'])) $arg1 = escapeshellarg($_POST['arg1']);