Merge pull request #10 from tuxis-ie/3.4-api-auth

Implement auth-autodetection
2025-04-19 20:09:14 +03:00 · 2014-11-21 11:13:56 +01:00 · 2014-11-21 11:13:56 +01:00 · 2939dbfca8
commit 2939dbfca8
parent 3097b63e91 b7b62d1c9c
3 changed files with 33 additions and 3 deletions
--- a/includes/config.inc.php-dist
+++ b/includes/config.inc.php-dist
@ -7,6 +7,12 @@ $apiport = '8081';      # The port of the PowerDNS API
 $apisid  = 'localhost'; # PowerDNS's :server_id
 $allowzoneadd = FALSE;  # Allow normal users to add zones

+# The first versions of the PowerDNS API used the standard webserver password
+# for authentication, newer versions use an X-API-Key mechanism. NSEdit tries
+# to autodetect the method you should use, but that does affect performance.
+# For optimal performance, configure the right method.
+# (Should be 'auto', 'xapikey' or 'userpass')
+$authmethod = 'auto';

 # If you configure this, nsedit will try to authenticate via WeFact too.
 # Debtors will be added to the sqlitedatabase with their crypted password.
@ -46,7 +52,12 @@ $defaults['secondaryns'] = 'unconfigured.secondaryns';  # The value of the secon
 $defaults['ttl']         = 3600;                        # Default TTL for records
 $defaults['priority']    = 0;                           # Default for priority in records

+$blocklogin = FALSE;

+if (!preg_match('/^(xapikey|userpass|auto)$/', $authmethod)) {
+    $errormsg = "The value for $authmethod is incorrect in your config";
+    $blocklogin = TRUE;
+}


 /* No need to change stuf below */
--- a/index.php
+++ b/index.php
@ -4,6 +4,8 @@ include_once('includes/config.inc.php');
 include_once('includes/session.inc.php');
 include_once('includes/misc.inc.php');

+global $errormsg, $blocklogin;
+
 if (isset($_GET['logout']) or isset($_POST['logout'])) {
    logout();
    header("Location: index.php");
@ -71,7 +73,7 @@ if (!is_logged_in()) {
                ?>
                <tr>
                    <td></td>
-                    <td><input type="submit" name="submit" value="Log me in!"></td>
+                    <td><input type="submit" name="submit" value="Log me in!" <?php if ($blocklogin === TRUE)) { echo "disabled"; }; ?>></td>
                </tr>
            </table>
            <input type="hidden" name="formname" value="loginform">
--- a/zones.php
+++ b/zones.php
@ -11,12 +11,29 @@ if (!is_csrf_safe()) {
 }

 function api_request($path, $opts = null, $type = null) {
-    global $apisid, $apiuser, $apipass, $apiip, $apiport;
+    global $apisid, $apiuser, $apipass, $apiip, $apiport, $authmethod;

    $url = "http://$apiip:$apiport${path}";

+    if ($authmethod == "auto") {
+        $ad = curl_init();
+        curl_setopt($ad, CURLOPT_HTTPHEADER, array('X-API-Key: '.$apipass));
+        curl_setopt($ad, CURLOPT_URL, "http://$apiip:$apiport/servers/localhost/statistics");
+        curl_setopt($ad, CURLOPT_RETURNTRANSFER, 1);
+        curl_exec($ad);
+        if (curl_getinfo($ad, CURLINFO_HTTP_CODE) == 401) {
+            $authmethod = 'userpass';
+        } else {
+            $authmethod = 'xapikey';
+        }
+    }
+
    $ch = curl_init();
-    curl_setopt($ch, CURLOPT_USERPWD, "$apiuser:$apipass");
+    if ($authmethod == "xapikey") {
+        curl_setopt($ch, CURLOPT_HTTPHEADER, array('X-API-Key: '.$apipass));
+    } else {
+        curl_setopt($ch, CURLOPT_USERPWD, "$apiuser:$apipass");
+    }
    curl_setopt($ch, CURLOPT_URL, $url); 
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); 
    if ($opts) {