Add PHP_SESSID support to api to allow JavaScript on the main website to do crazy auto-save shit

2024-03-17 18:01:45 +00:00 · 2024-03-17 18:01:45 +00:00 · 259970d8d5
parent 74d351e9cd
commit 259970d8d5
1 changed files with 20 additions and 7 deletions
--- a/api_handler.php
+++ b/api_handler.php
@ -7,6 +7,8 @@ if (array_key_exists('HTTP_AUTHORIZATION', $_SERVER)) {
    $access_token = str_replace("Bearer ", "", $_SERVER['HTTP_AUTHORIZATION']);
 }

+
+
 if (!empty($access_token)) {
    // Check who the access token belongs to
    $token = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$access_token]);
@ -30,10 +32,21 @@ function check_authorisation($token): int
    $token_row = db_execute("SELECT * FROM tokens WHERE access_token = ?", [$token]);

    if (null == $token_row) {
+        if (array_key_exists('auth', $_SESSION)) {
+            if ($_SESSION['auth']) {
+                $token_row = [
+                    "type" => "dangerous"
+                ];
+            } else {
                return 0;
            }
+        } else {
+            return 0;
+        }
+    }

    return match ($token_row['type']) {
+        "dangerous" => 22,
        "basic"     => 1,
        default     => 0,
    };
@ -64,11 +77,13 @@ function get_avatar(): array
        ];
    }
    $user_id = $query['id'];
+    return [];
 }

 // User (REQUIRES AUTHORISATION)

-function api_user_info() {
+function api_user_info(): array
+{
    global $access_token, $token_owner;
    // Authorisation levels:
    // `display_name`   = 1 (basic)
@ -86,9 +101,7 @@ function api_user_info() {
    if (null != $data) {
        return [
            "response_code" => 200,
-            "id" => $data['id'],
-            "email" => $data['email'],
-            "display_name" => $data['display_name']
+            "data" => $data
        ];
    }