Add purge_api_keys helper

And reserve the api name, + add a new route for api access
master
Daniel Berteaud 10 years ago
parent 40b97cb7b9
commit 95d970b128
  1. 30
      vroom.pl

@ -95,7 +95,7 @@ helper valid_room_name => sub {
my ($name) = @_; my ($name) = @_;
my $ret = {}; my $ret = {};
# A few names are reserved # A few names are reserved
my @reserved = qw(about help feedback feedback_thanks goodbye admin create localize jsapi my @reserved = qw(about help feedback feedback_thanks goodbye admin create localize jsapi api
missing dies password kicked invitation js css img fonts snd); missing dies password kicked invitation js css img fonts snd);
if ($name !~ m/^[\w\-]{1,49}$/ || grep { $name eq $_ } @reserved){ if ($name !~ m/^[\w\-]{1,49}$/ || grep { $name eq $_ } @reserved){
return 0; return 0;
@ -449,6 +449,18 @@ helper purge_participants => sub {
return 1; return 1;
}; };
# Purge api keys
helper purge_api_keys => sub {
my $self = shift;
$self->app->log->debug('Removing expired API keys');
my $sth = eval {
$self->db->prepare('DELETE FROM `api_keys`
WHERE `not_after` > CONVERT_TZ(NOW(), @@session.time_zone, \'+00:00\')');
};
$sth->execute;
return 1;
};
# Purge unused rooms # Purge unused rooms
helper purge_rooms => sub { helper purge_rooms => sub {
my $self = shift; my $self = shift;
@ -1112,6 +1124,22 @@ any [qw(GET POST)] => '/password/(:room)' => sub {
} }
}; };
# API request handler
any '/api' => sub {
my $self = shift;
$self->purge_api_keys;
my $key = $self->req->headers->header('X-API-Key');
if (!$key){
return $self->render(
json => {
status => 'error',
msg => 'NOT_ALLOWED'
},
status => '403'
);
}
};
# Catch all route: if nothing else match, it's the name of a room # Catch all route: if nothing else match, it's the name of a room
get '/:room' => sub { get '/:room' => sub {
my $self = shift; my $self = shift;

Loading…
Cancel
Save