Re-add api token auth
This commit is contained in:
parent
9a0d9cee15
commit
448b0a5607
|
@ -1,5 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
|
use Ahc\Jwt\JWT;
|
||||||
|
use Ahc\Jwt\JWTException;
|
||||||
use Appwrite\Auth\Auth;
|
use Appwrite\Auth\Auth;
|
||||||
use Appwrite\Auth\MFA\Type\TOTP;
|
use Appwrite\Auth\MFA\Type\TOTP;
|
||||||
use Appwrite\Event\Audit;
|
use Appwrite\Event\Audit;
|
||||||
|
@ -249,6 +251,40 @@ App::init()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// API Token authentication (like API Key but JWT short-term)
|
||||||
|
$apiToken = $request->getHeader('x-appwrite-token', '');
|
||||||
|
if (!empty($apiToken) && $user->isEmpty() && empty($authKey)) {
|
||||||
|
$jwtObj = new JWT(App::getEnv('_APP_OPENSSL_KEY_V1'), 'HS256', 900, 10);
|
||||||
|
|
||||||
|
try {
|
||||||
|
$payload = $jwtObj->decode($apiToken);
|
||||||
|
} catch (JWTException $error) {
|
||||||
|
// Ignore if token is invalid
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!empty($payload)) {
|
||||||
|
$projectId = $payload['projectId'] ?? '';
|
||||||
|
$tokenScopes = $payload['scopes'] ?? [];
|
||||||
|
|
||||||
|
// JWT includes project ID for better security
|
||||||
|
if ($projectId === $project->getId()) {
|
||||||
|
$user = new Document([
|
||||||
|
'$id' => '',
|
||||||
|
'status' => true,
|
||||||
|
'email' => 'app.' . $project->getId() . '@service.' . $request->getHostname(),
|
||||||
|
'password' => '',
|
||||||
|
'name' => $project->getAttribute('name', 'Untitled'),
|
||||||
|
]);
|
||||||
|
|
||||||
|
$role = Auth::USER_ROLE_APPS;
|
||||||
|
$scopes = \array_merge($roles[$role]['scopes'], $tokenScopes);
|
||||||
|
|
||||||
|
Authorization::setRole(Auth::USER_ROLE_APPS);
|
||||||
|
Authorization::setDefaultStatus(false); // Cancel security segmentation for API keys.
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
Authorization::setRole($role);
|
Authorization::setRole($role);
|
||||||
|
|
||||||
foreach (Auth::getRoles($user) as $authRole) {
|
foreach (Auth::getRoles($user) as $authRole) {
|
||||||
|
|
Loading…
Reference in a new issue