From 259970d8d518572b3737e65e0eec1beb91c7f81c Mon Sep 17 00:00:00 2001 From: Bye Date: Sun, 17 Mar 2024 18:01:45 +0000 Subject: [PATCH] Add PHP_SESSID support to api to allow JavaScript on the main website to do crazy auto-save shit --- api_handler.php | 27 ++++++++++++++++++++------- 1 file changed, 20 insertions(+), 7 deletions(-) diff --git a/api_handler.php b/api_handler.php index 34c5c5a..d3fdc14 100644 --- a/api_handler.php +++ b/api_handler.php @@ -7,6 +7,8 @@ if (array_key_exists('HTTP_AUTHORIZATION', $_SERVER)) { $access_token = str_replace("Bearer ", "", $_SERVER['HTTP_AUTHORIZATION']); } + + if (!empty($access_token)) { // Check who the access token belongs to $token = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$access_token]); @@ -30,12 +32,23 @@ function check_authorisation($token): int $token_row = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$token]); if (null == $token_row) { - return 0; + if (array_key_exists('auth', $_SESSION)) { + if ($_SESSION['auth']) { + $token_row = [ + "type" => "dangerous" + ]; + } else { + return 0; + } + } else { + return 0; + } } return match ($token_row['type']) { - "basic" => 1, - default => 0, + "dangerous" => 22, + "basic" => 1, + default => 0, }; } @@ -64,11 +77,13 @@ function get_avatar(): array ]; } $user_id = $query['id']; + return []; } // User (REQUIRES AUTHORISATION) -function api_user_info() { +function api_user_info(): array +{ global $access_token, $token_owner; // Authorisation levels: // `display_name` = 1 (basic) @@ -86,9 +101,7 @@ function api_user_info() { if (null != $data) { return [ "response_code" => 200, - "id" => $data['id'], - "email" => $data['email'], - "display_name" => $data['display_name'] + "data" => $data ]; }