✨ feat(ApiSubscriber): Ajoute la vérification de l'en-tête EsyWebApiKey.

✨ feat(StatusController): Ajoute la vérification de l'API Key pour l'accès.
2025-11-11 14:44:05 +01:00
parent c6a2510db8
commit b8b4dc62b8
2 changed files with 25 additions and 1 deletions
--- a/src/Controller/Api/Private/EsyWeb/StatusController.php
+++ b/src/Controller/Api/Private/EsyWeb/StatusController.php
@@ -3,8 +3,10 @@
 namespace App\Controller\Api\Private\EsyWeb;

 use App\Entity\EsyWeb\WebsiteDns;
+use App\Entity\EsyWeb\WebsiteKey;
 use App\Repository\ComputeRepository;
 use App\Repository\EsyWeb\WebsiteDnsRepository;
+use App\Repository\EsyWeb\WebsiteKeyRepository;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
@@ -13,9 +15,10 @@ use Symfony\Component\Routing\Attribute\Route;
 class StatusController extends AbstractController
 {
    #[Route('/api/private/esyweb/status', name: 'api_private_esyweb_status', methods: ['GET'])]
-    public function status(Request $request,WebsiteDnsRepository $websiteDnsRepository)
+    public function status(Request $request,WebsiteDnsRepository $websiteDnsRepository,WebsiteKeyRepository $websiteKeyRepository)
    {
        $dns = $request->headers->get('EsyWebDns','');
+        $apiKey = $request->headers->get('EsyWebApiKey','');
        if($dns == "")
            return $this->json([
                'status' => 'unkown'
@@ -27,7 +30,19 @@ class StatusController extends AbstractController
                'status' => 'unkown'
            ],Response::HTTP_BAD_REQUEST);
        }
+        $websiteApiKey = $websiteKeyRepository->findOneBy(['apiKey' => $apiKey,'type'=>'api_key']);
+        if(!$websiteApiKey instanceof WebsiteKey) {
+            return $this->json([
+                'status' => 'unkown'
+            ],Response::HTTP_BAD_REQUEST);
+        }
        $website = $websiteDns->getWebsite();
+        $websiteKey = $websiteApiKey->getWebsitre();
+        if($website->getId() != $websiteKey->getId()) {
+            return $this->json([
+                'status' => 'unkown'
+            ],Response::HTTP_BAD_REQUEST);
+        }
        return $this->json([
            'status' => $website->getState(),
        ]);
--- a/src/EventListener/ApiSubscriber.php
+++ b/src/EventListener/ApiSubscriber.php
@@ -57,6 +57,15 @@ class ApiSubscriber
                        ]));
                        $event->stopPropagation();
                        return;
+                    } else {
+                        if(!$request->headers->has('EsyWebApiKey')) {
+                            $event->setResponse(new JsonResponse([
+                                'state' => 'error',
+                                'message' => 'Missing Header `EsyWebApiKey`'
+                            ]));
+                            $event->stopPropagation();
+                            return;
+                        }
                    }
                }
            }