cyberpresidentvanellope/Aurora.3
1
0
Fork 0
mirror of https://github.com/Aurorastation/Aurora.3.git synced 2025-12-26 10:02:28 +00:00
Code Issues Packages Projects Releases Wiki Activity

API Update (#876)

Browse Source 
This adds some useful functions to the API and redefines the way the params are checked.

API Versioning
Very important to be able to check from the client if the serverside API is still compatible with the client implementation
Refactored Params
Mark params as required / optional
Different types of params (string / integer / list / select / senderkey)
Name and description for params
API Function to get all the functions a specific ip/token combo is allowed to use
API Function to get details about a specific API function
This commit is contained in:
Werner
2016-09-11 14:53:20 +02:00
committed by skull132
parent 18ec817b67
commit 0a2df816c6
3 changed files with 227 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
code/world.dm
View File

@@ -113,6 +113,7 @@ var/list/world_api_rate_limit = list()
/world/Topic(T, addr, master, key)
var/list/response[] = list()
var/list/queryparams[] = json_decode(T)
queryparams["addr"] = addr //Add the IP to the queryparams that are passed to the api functions
var/query = queryparams["query"]
var/auth = queryparams["auth"]
log_debug("API: Request Received - from:[addr], master:[master], key:[key]")
@@ -418,23 +419,28 @@ var/list/world_api_rate_limit = list()
if (!establish_db_connection(dbcon))
return 3 //DB Unavailable
var/DBQuery/authquery = dbcon.NewQuery({"SELECT *
var/DBQuery/authquery = dbcon.NewQuery({"SELECT api_f.function
FROM ss13_api_token_function as api_t_f, ss13_api_tokens as api_t, ss13_api_functions as api_f
WHERE api_t.id = api_t_f.token_id AND api_f.id = api_t_f.function_id
AND api_t.deleted_at IS NULL
AND (
(token = :token AND ip = :ip AND function = :function)
OR
(token = :token AND ip IS NULL AND function = :function)
OR
(token = :token AND ip = :ip AND function IS NULL)
(token = :token AND ip = :ip AND function = \"ANY\")
OR
(token IS NULL AND ip = :ip AND function IS NULL)
(token = :token AND ip IS NULL AND function = \"ANY\")
OR
(token IS NULL AND ip IS NULL AND function = :function)
)"})
//Get the tokens and the associated functions
//Check if the token, the ip and the function matches OR
// the token + function matches and the ip is NULL (Functions that can be used by any ip, but require a token)
// the token + ip matches and the function is NULL (Allow a specific ip with a specific token to use all functions)
// the token + ip is NULL and the function matches (Allow a specific function to be used without auth)
//Check if the token is not deleted
//Check if one of the following is true:
// Full Match - Token IP and Function Matches
// Any IP - Token and Function Matches, IP is set to NULL (not required)
// Any Function - Token and IP Matches, Function is set to ANY
// Any Function, Any IP - Token Matches, IP is set to NULL (not required), Function is set to ANY
// Public - Token is set to NULL, IP is set to NULL and function matches
authquery.Execute(list(":token" = auth, ":ip" = addr, ":function" = function))
log_debug("API: Auth Check - Query Executed - Returned Rows: [authquery.RowCount()]")