From b38d5b95a4dc3cad403bf5244b8844ef00538b6b Mon Sep 17 00:00:00 2001 From: Andreas Date: Mon, 14 Aug 2023 18:05:53 +0200 Subject: [PATCH 1/3] =?UTF-8?q?=E2=9C=85=20Added=20basic=20bot=20api?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/api.php | 67 +++++++++++++++++++++------ src/app/controllers/ApiController.php | 5 ++ src/app/core/Config.php | 3 ++ src/app/models/ApiModel.php | 27 ++++++++++- 4 files changed, 88 insertions(+), 14 deletions(-) diff --git a/src/api.php b/src/api.php index ddff4a80..c71ce42d 100644 --- a/src/api.php +++ b/src/api.php @@ -7,6 +7,9 @@ $API = new ApiController(); +// Get the server's IP address +$serverIP = $_SERVER['SERVER_ADDR']; + // Check data if (isset($_GET['stats'])) { @@ -15,23 +18,61 @@ return true; } -if (empty($_GET['user']) || empty($_GET['pass']) || empty($_GET['hwid']) || empty($_GET['key'])) { - $response = array('status' => 'failed', 'error' => 'Missing arguments'); -} else { - $username = Util::securevar($_GET['user']); - $passwordHash = Util::securevar($_GET['pass']); - $hwidHash = Util::securevar($_GET['hwid']); - $key = Util::securevar($_GET['key']); +if (isset($_GET['bot']) && $_GET['bot'] === 'true') { + $allowedIP = $serverIP; + + if ($_SERVER['REMOTE_ADDR'] !== $allowedIP) { + $response = array('status' => 'failed', 'error' => 'Unauthorized IP'); + } else { + if (empty($_GET['key'])) { + $response = array('status' => 'failed', 'error' => 'Missing key'); + } else { + $key = Util::securevar($_GET['key']); + + if (BOT_KEY === $key) { + if (isset($_GET['function'])) { + $botFunction = Util::securevar($_GET['function']); + + if ($botFunction === 'getbydcid') { + if (isset($_GET['dcid']) && !empty($_GET['dcid'])) { + $dcid = Util::securevar($_GET['dcid']); + $response = $API->getbydcid($dcid); + } else { + $response = array('status' => 'failed', 'error' => "Missing or empty 'discord id' parameter"); - if (API_KEY === $key) { + } + } elseif ($botFunction === 'test') { - // decode - $password = base64_decode($passwordHash); - $hwid = base64_decode($hwidHash); + } else { + $response = array('status' => 'failed', 'error' => 'Invalid bot function'); + } + } else { + $response = array('status' => 'failed', 'error' => 'Missing bot function'); + } - $response = $API->getUserAPI($username, $password, $hwid); + } else { + $response = array('status' => 'failed', 'error' => 'Invalid bot key'); + } + } + } +} else { + if (empty($_GET['user']) || empty($_GET['pass']) || empty($_GET['hwid']) || empty($_GET['key'])) { + $response = array('status' => 'failed', 'error' => 'Missing arguments'); } else { - $response = array('status' => 'failed', 'error' => 'Invalid API key'); + $username = Util::securevar($_GET['user']); + $passwordHash = Util::securevar($_GET['pass']); + $hwidHash = Util::securevar($_GET['hwid']); + $key = Util::securevar($_GET['key']); + + if (API_KEY === $key) { + // decode + $password = base64_decode($passwordHash); + $hwid = base64_decode($hwidHash); + + $response = $API->getUserAPI($username, $password, $hwid); + } else { + $response = array('status' => 'failed', 'error' => 'Invalid API key'); + } } } diff --git a/src/app/controllers/ApiController.php b/src/app/controllers/ApiController.php index e7b518fa..b716c6b5 100644 --- a/src/app/controllers/ApiController.php +++ b/src/app/controllers/ApiController.php @@ -16,4 +16,9 @@ public function getStatsAPI() { return $this->statsAPI(); } + + public function getbydcid($dcid) + { + return $this->getuserbydiscord($dcid); + } } diff --git a/src/app/core/Config.php b/src/app/core/Config.php index 9d12e524..b32e25da 100644 --- a/src/app/core/Config.php +++ b/src/app/core/Config.php @@ -28,3 +28,6 @@ // API key define('API_KEY', 'yes'); + +// Bot API key +define('BOT_KEY', 'yes'); diff --git a/src/app/models/ApiModel.php b/src/app/models/ApiModel.php index 3d4cfc06..0ff12508 100644 --- a/src/app/models/ApiModel.php +++ b/src/app/models/ApiModel.php @@ -97,7 +97,7 @@ protected function statsAPI() $sub = $this->statement->rowCount(); } catch (Exception $e) { $response = [ - "status" => "error", + "status" => "failed", "exception" => $e, ]; } @@ -110,4 +110,29 @@ protected function statsAPI() ]; return $response; } + + protected function getuserbydiscord($dcid) + { + try { + $this->prepare("SELECT `username`, `displayname`, `banned` FROM `users` WHERE `dcid` = ?"); + $this->statement->execute([$dcid]); + $result = $this->statement->fetch(PDO::FETCH_ASSOC); + + if (!$result) { + return false; + } + + return [ + "username" => $result['username'], + "display_name" => $result['displayname'], + "banned" => $result['banned'] + ]; + } catch (Exception $e) { + $response = [ + "status" => "failed", + "exception" => $e, + ]; + } + } } + \ No newline at end of file From 193648620ca75c41a53538568dd8f9309a81dfda Mon Sep 17 00:00:00 2001 From: Andreas Date: Mon, 14 Aug 2023 18:10:07 +0200 Subject: [PATCH 2/3] =?UTF-8?q?=E2=9C=85=20Added=20roles=20to=20bot=20api?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/app/models/ApiModel.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/app/models/ApiModel.php b/src/app/models/ApiModel.php index 0ff12508..e110d3e4 100644 --- a/src/app/models/ApiModel.php +++ b/src/app/models/ApiModel.php @@ -125,7 +125,9 @@ protected function getuserbydiscord($dcid) return [ "username" => $result['username'], "display_name" => $result['displayname'], - "banned" => $result['banned'] + "banned" => $result['banned'], + "admin" => $result['admin'], + "supp" => $result['supp'] ]; } catch (Exception $e) { $response = [ From 3f68893a629b015430f3e354c5473cbb466d3490 Mon Sep 17 00:00:00 2001 From: Andreas Date: Mon, 14 Aug 2023 18:17:28 +0200 Subject: [PATCH 3/3] =?UTF-8?q?=F0=9F=94=A7=20Improved=20bot=20api?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/app/models/ApiModel.php | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/src/app/models/ApiModel.php b/src/app/models/ApiModel.php index e110d3e4..b8b2c4fb 100644 --- a/src/app/models/ApiModel.php +++ b/src/app/models/ApiModel.php @@ -114,27 +114,37 @@ protected function statsAPI() protected function getuserbydiscord($dcid) { try { - $this->prepare("SELECT `username`, `displayname`, `banned` FROM `users` WHERE `dcid` = ?"); + $this->prepare("SELECT `username`, `displayname`, `banned`, `admin`, `supp` FROM `users` WHERE `dcid` = ?"); $this->statement->execute([$dcid]); $result = $this->statement->fetch(PDO::FETCH_ASSOC); if (!$result) { - return false; - } + $response = [ + "status" => "failed", + "error" => "No user with the provided discord id was found" + ]; + } else { + $username = $result['username'] ?? ''; + $displayname = $result['displayname'] ?? ''; + $banned = $result['banned'] ?? ''; + $admin = $result['admin'] ?? ''; + $supp = $result['supp'] ?? ''; - return [ - "username" => $result['username'], - "display_name" => $result['displayname'], - "banned" => $result['banned'], - "admin" => $result['admin'], - "supp" => $result['supp'] - ]; + $response = [ + "username" => $username, + "display_name" => $displayname, + "banned" => $banned, + "admin" => $admin, + "supp" => $supp + ]; + } } catch (Exception $e) { $response = [ "status" => "failed", - "exception" => $e, + "error" => $e->getMessage() ]; } + return $response; } } \ No newline at end of file