Added ability to use generic API_KEY from .env so need for custom aut…

…h helper is mitigated Added logic to Auth for API_KEY Added logic to Swagger so @example annotation can be generic JSON text All end points that are not GET are automatically secure by swagger docs
tina4stack · Jun 23, 2024 · 45cea99 · 45cea99
1 parent eafe096
commit 45cea99
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 3 deletions.
diff --git a/Tina4/Api/Swagger.php b/Tina4/Api/Swagger.php
@@ -95,9 +95,13 @@ public function __construct($root = null, $title = "Open API", $apiDescription =
                     } elseif ($matches[1] === "@queryParams" || $matches[1] === "@params") {
                         $queryParams = explode(",", $matches[2]);
                     } elseif ($matches[1] === "@example") {
+
+
                         $this->ormObjects[] = trim(str_replace("\n", "", "\\" . $matches[2]));
                         $example = [];
                         $className = trim(str_replace("\n", "", "\\" . $matches[2]));
+
+
                         if (class_exists($className)) {
                             $exampleObject = (new $className);
 
@@ -115,9 +119,15 @@ public function __construct($root = null, $title = "Open API", $apiDescription =
                                 $example["data"] = (object)json_decode(json_encode($exampleObject));
                                 $example["properties"] = (object)[];
                             }
+                        } else {
+                            $className = substr($className, 1);
+                            $example["data"] = json_decode($className);
+                            $example["properties"] = (object)[];
                         }
 
-                    } elseif ($matches[1] === "@secure") {
+                    }
+
+                    if ($matches[1] === "@secure" || $method != "GET") {
                         $security[] = (object)["bearerAuth" => []];
                     }
                 }

diff --git a/Tina4/Security/Auth.php b/Tina4/Security/Auth.php
@@ -256,7 +256,12 @@ public function tokenExists(): bool
      */
     public function validToken(string $token, string $publicKey = "", string $encryption = JWT::ALGORITHM_RS256): bool
     {
-        Debug::message("Validating token");
+        Debug::message("Validating token", TINA4_LOG_DEBUG);
+
+        if (isset($_ENV["API_KEY"]) && trim(str_ireplace("bearer", "", $token)) === $_ENV["API_KEY"]) {
+            Debug::message("Using generic .env API_KEY token", TINA4_LOG_WARNING);
+            return true;
+        }
 
         if (!empty($publicKey)) {
             $this->publicKey = $publicKey;

diff --git a/Tina4/Twig/TwigUtility.php b/Tina4/Twig/TwigUtility.php
@@ -36,7 +36,7 @@ public static function initTwig(?Config $config = null): Environment
                 $twigPaths = ["cache", "src" . DIRECTORY_SEPARATOR . "templates", "src" . DIRECTORY_SEPARATOR . "public", "src" . DIRECTORY_SEPARATOR . "assets", "src" . DIRECTORY_SEPARATOR . "templates" . DIRECTORY_SEPARATOR . "snippets"];
             }
 
-            Debug::message("TINA: Twig Paths - " . str_replace("\n", "", print_r($twigPaths, 1)), TINA4_LOG_DEBUG);
+            Debug::message("TINA4: Twig Paths - " . str_replace("\n", "", print_r($twigPaths, 1)), TINA4_LOG_DEBUG);
 
             foreach ($twigPaths as $tid => $twigPath) {
                 if (!is_array($twigPath) && !file_exists($twigPath) && !file_exists(str_replace(DIRECTORY_SEPARATOR . DIRECTORY_SEPARATOR, DIRECTORY_SEPARATOR, TINA4_DOCUMENT_ROOT . $twigPath))) {