protected static function applyRecordDelta(\ActiveRecord $Ban, $data)
{
if (isset($data['IP']) && !is_numeric($data['IP'])) {
$data['IP'] = ip2long($data['IP']);
}
if (isset($data['KeyID']) && !is_numeric($data['KeyID'])) {
$Key = Key::getByHandle($data['KeyID']);
$data['KeyID'] = $Key ? $Key->ID : null;
}
return parent::applyRecordDelta($Ban, $data);
}
public static function handleBrowseRequest($options = [], $conditions = [], $responseID = null, $responseData = [])
{
// apply endpoint filter
if (!empty($_REQUEST['endpoint'])) {
if (!($Endpoint = Endpoint::getByHandle($_REQUEST['endpoint']))) {
return static::throwNotFoundError('Endpoint not found');
}
$conditions['EndpointID'] = $Endpoint->ID;
$responseData['Endpoint'] = $Endpoint;
}
// apply method filter
if (!empty($_REQUEST['method'])) {
$conditions['Method'] = $_REQUEST['method'];
}
// apply path filter
if (!empty($_REQUEST['path-substring'])) {
$conditions[] = 'Path LIKE "%' . DB::escape($_REQUEST['path-substring']) . '%"';
}
// apply path filter
if (!empty($_REQUEST['query-substring'])) {
$conditions[] = 'Query LIKE "%' . DB::escape($_REQUEST['query-substring']) . '%"';
}
// apply IP filter
if (!empty($_REQUEST['ip'])) {
if (!filter_var($_REQUEST['ip'], FILTER_VALIDATE_IP)) {
return static::throwError('IP is invalid');
}
$conditions['ClientIP'] = ip2long($_REQUEST['ip']);
}
// apply key filter
if (!empty($_REQUEST['key'])) {
if (!($Key = Key::getByKey($_REQUEST['key']))) {
return static::throwError('key is invalid');
}
$conditions['KeyID'] = $Key->ID;
}
// apply time filter
if (!empty($_REQUEST['time-max']) && ($timeMax = strtotime($_REQUEST['time-max']))) {
$conditions[] = 'Created <= "' . date('Y-m-d H:i:s', $timeMax) . '"';
}
if (!empty($_REQUEST['time-min']) && ($timeMin = strtotime($_REQUEST['time-min']))) {
$conditions[] = 'Created >= "' . date('Y-m-d H:i:s', $timeMin) . '"';
}
// apply type filter
if (!empty($_REQUEST['type'])) {
if ($_REQUEST['type'] == 'ping') {
$conditions['Class'] = PingTransaction::class;
} elseif ($_REQUEST['type'] == 'consumer') {
$conditions['Class'] = Transaction::class;
}
}
return parent::handleBrowseRequest($options, $conditions, $responseID, $responseData);
}
<?php
namespace Gatekeeper;
use Gatekeeper\Keys\Key;
use Gatekeeper\Keys\InvalidKeyException;
// load key if present
try {
if ($Key = Key::getFromRequest()) {
$_EVENT['request']->setKey($Key);
}
} catch (InvalidKeyException $e) {
\JSON::error('provided gatekeeper key is invalid', 401);
}
public static function handleRevokeRequest(Key $Key)
{
$GLOBALS['Session']->requireAuthentication();
if (!$GLOBALS['Session']->hasAccountLevel('Staff') && !KeyUser::getByWhere(['PersonID' => $GLOBALS['Session']->PersonID, 'KeyID' => $Key->ID, 'Role' => 'owner'])) {
return static::throwUnauthorizedError('Only staff or the key owner may revoke this key');
}
$Key->Status = 'revoked';
$Key->save();
return static::respond('revoked', ['success' => true, 'data' => $Key]);
}
public static function getFromRequest()
{
if (!empty($_SERVER['HTTP_AUTHORIZATION']) && preg_match('/^Gatekeeper-Key\\s+(\\w+)$/i', $_SERVER['HTTP_AUTHORIZATION'], $keyMatches)) {
$keyString = $keyMatches[1];
} elseif (!empty($_REQUEST['gatekeeperKey'])) {
$keyString = $_REQUEST['gatekeeperKey'];
}
if (empty($keyString)) {
return null;
}
if (!($Key = Key::getByKey($keyString))) {
throw new InvalidKeyException();
}
return $Key;
}
