Check api key length for global and normal api keys

d8-contrib-modules · Jan 11, 2021 · 80cf42d · 80cf42d
1 parent 4bd00ba
commit 80cf42d
Showing 1 changed file with 14 additions and 6 deletions.
diff --git a/src/ApiEndpoints/CloudFlareAPI.php b/src/ApiEndpoints/CloudFlareAPI.php
@@ -47,11 +47,13 @@ abstract class CloudFlareAPI {
   const REQUEST_ALL_PAGES = -1;
   const API_ENDPOINT_BASE = 'https://api.cloudflare.com/client/v4/';
 
-  // The length of the Api key.
+  // The length of the Global Api key.
   // The Api will throw a non-descriptive http code: 400 exception if the key
   // length is greater than 37. If the key is invalid but the expected length
   // the Api will return a more informative http code of 403.
-  const API_KEY_LENGTH = 37;
+  const GLOBAL_API_KEY_LENGTH = 37;
+  // The length of the Api key.
+  const API_KEY_LENGTH = 40;
 
   // The CloudFlare API sets a maximum of 1,200 requests in a 5-minute period.
   const API_RATE_LIMIT = 1200;
@@ -93,10 +95,15 @@ public function __construct($apikey, $email, MockHandler $mock_handler = NULL) {
     $this->apikey = $apikey;
     $this->email = $email;
     $headers = [
-      'X-Auth-Key' => $apikey,
-      'X-Auth-Email' => $email,
       'Content-Type' => 'application/json',
     ];
+    if (strlen($apikey) === self::API_KEY_LENGTH) {
+      $headers['Authorization'] = 'Bearer ' . $apikey;
+    }
+    else {
+      $headers['X-Auth-Key'] = $apikey;
+      $headers['X-Auth-Email'] = $email;
+    }
 
     $client_params = [
       'base_uri' => self::API_ENDPOINT_BASE,
@@ -141,7 +148,8 @@ protected function makeRequest($request_type, $api_end_point, $request_params =
     }
     // This check seems superfluous.  However, the Api only returns a http 400
     // code. This proactive check gives us more information.
-    $is_api_key_valid = strlen($this->apikey) == CloudFlareAPI::API_KEY_LENGTH;
+    $api_key_length = strlen($this->apikey);
+    $is_api_key_valid = $api_key_length == self::API_KEY_LENGTH || $api_key_length == self::GLOBAL_API_KEY_LENGTH;
     $is_api_key_alpha_numeric = ctype_alnum($this->apikey);
     $is_api_key_lower_case = !(preg_match('/[A-Z]/', $this->apikey));
 
@@ -153,7 +161,7 @@ protected function makeRequest($request_type, $api_end_point, $request_params =
       throw new CloudFlareInvalidCredentialException('Invalid Api Key: Key can only contain alphanumeric characters.', 403);
     }
 
-    if (!$is_api_key_lower_case) {
+    if ($api_key_length == self::GLOBAL_API_KEY_LENGTH && !$is_api_key_lower_case) {
       throw new CloudFlareInvalidCredentialException('Invalid Api Key: Key can only contain lowercase or numerical characters.', 403);
     }