mirrors/Cloudlog
1
0
Fork 0
mirror of https://github.com/magicbug/Cloudlog synced 2024-11-23 10:08:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #2203 from AndreasK79/check_api_key_station_id_user

Browse Source 
Check that station_id belongs to API key owner
This commit is contained in:
Andreas Kristiansen 2023-06-15 09:42:42 +02:00 committed by GitHub
commit 028825f107
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
application/controllers/Api.php
View File

@ -423,6 +423,8 @@ class API extends CI_Controller {
$this->load->model('api_model');
$this->load->model('stations');
// Decode JSON and store
$obj = json_decode(file_get_contents("php://input"), true);
if ($obj === NULL) {
@ -436,6 +438,14 @@ class API extends CI_Controller {
die();
}
$userid = $this->api_model->key_userid($obj['key']);
if(!isset($obj['station_profile_id']) || $this->stations->check_station_against_user($obj['station_profile_id'], $userid) == false) {
http_response_code(401);
echo json_encode(['status' => 'failed', 'reason' => "station id does not belong to the API key owner."]);
die();
}
$this->api_model->update_last_used($obj['key']);
if($obj['type'] == "adif" && $obj['string'] != "") {

11
application/models/Stations.php
View File

@ -423,6 +423,17 @@ class Stations extends CI_Model {
return null;
}
}
public function check_station_against_user($stationid, $userid) {
$this->db->select('station_id');
$this->db->where('user_id', $userid);
$this->db->where('station_id', $stationid);
$query = $this->db->get('station_profile');
if ($query->num_rows() == 1) {
return true;
}
return false;
}
}
?>