Merge pull request #150 from vinayak-patil/j4x

Issue fixes - #63,#122,#80 - Joomla 4 & PHP 8.0 compatibility

Author: ankush-maherwal

changelog.md

@@ -0,0 +1,17 @@
+# Changelog
+
+#### Legend
+
+- Bug Fix (-)
+- Feature Addition (+) 
+
+### com_api v4.0.0
+
+##### - Bug fixes:
+- #194540 - API Rate Limit Exceeded,403 - Issue #122
+- Drop support to accept token as 'Key' parameter from GET/POST request - Tokens should not be accepted via request variables 
+
+
+##### + Features Added:
+- #175851 - Joomla 4 & PHP 8.0 compatible
+- #194541 - Added IP based restrictions to access the APIs, Issue #63

code/admin/config.xml

@@ -3,13 +3,20 @@
 	<fieldset label="COM_API" name="api">
 		<field name="force_output" type="text" label="COM_API_FORM_LBL_FORCE_OUTPUT"
 			description="COM_API_FORM_DESC_FORCE_OUTPUT" />
+		<field name="request_limit_time" type="radio" default="hour"
+			label="COM_API_CONFIG_REQ_LT_LBL" description="COM_API_CONFIG_REQ_LT_DESC"
+			class="btn-group">
+			<option value="hour">COM_API_CONFIG_RLT_HOUR</option>
+			<option value="minute">COM_API_CONFIG_RLT_MINUTE</option>
+			<option value="day">COM_API_CONFIG_RLT_DAY</option>
+		</field>
 		<field name="request_limit" type="text" label="COM_API_FORM_LBL_RATE_LIMIT"
 			description="COM_API_FORM_LBL_RATE_LIMIT_DESC" />
 		<field name="log_requests" type="radio" default="0"
 			label="COM_API_CONFIG_LOG_LBL" description="COM_API_CONFIG_LOG_DESC"
 			class="btn-group">
-			<option value="0">No</option>
-			<option value="1">Yes</option>
+			<option value="0">JNO</option>
+			<option value="1">JYES</option>
 		</field>
 		<field name="exclude_log" type="text" default="password,pass,passwd,pwd,key"
 			label="COM_API_EXCLD_WORDS" description="COM_API_EXCLD_WORDS_DESC" />
@@ -19,10 +26,12 @@
 		<field name="allow_cors" type="radio" default="0"
 			label="COM_API_CONFIG_ALLOW_CORS_LBL" description="COM_API_CONFIG_ALLOW_CORS_DESC"
 			class="btn-group">
-			<option value="0">No</option>
-			<option value="get">GET</option>
-			<option value="*">ALL</option>
+			<option value="0">JNO</option>
+			<option value="get">COM_API_CONFIG_GET_CORS</option>
+			<option value="*">JALL</option>
 		</field>
+        <field name="ip_address" type="textarea" columns="5"
+            label="COM_API_CONFIG_IPS_LBL" description="COM_API_CONFIG_IPS_DESC" />
         <field name="cors" type="textarea" default="*" columns="5"
             label="COM_API_CONFIG_CORS_LBL" description="COM_API_CONFIG_CORS_DESC" />
         <field name="allow_headers" type="textarea" default="Authorization, Access-Control-Allow-Origin, Access-Control-Allow-Methods, X-Authorization, X-Compatibility-Mode, Content-Type, Accept" columns="5"

code/admin/controllers/keys.php

@@ -12,6 +12,7 @@
 use Joomla\CMS\MVC\Controller\AdminController;
 use Joomla\CMS\MVC\Model\BaseDatabaseModel;
 use Joomla\CMS\Factory;
+use Joomla\Utilities\ArrayHelper;
 
 /**
  * Keys list controller class.
@@ -52,8 +53,8 @@ public function saveOrderAjax()
 		$order = $input->post->get('order', array(), 'array');
 
 		// Sanitize the input
-		JArrayHelper::toInteger($pks);
-		JArrayHelper::toInteger($order);
+		ArrayHelper::toInteger($pks);
+		ArrayHelper::toInteger($order);
 
 		// Get the model
 		$model = $this->getModel();

code/admin/helpers/api.php

@@ -8,9 +8,9 @@
 
 // No direct access.
 defined('_JEXEC') or die();
+use Joomla\CMS\HTML\HTMLHelper;
 
 use Joomla\CMS\Language\Text;
-use Joomla\CMS\HTML\HTMLHelper;
 use Joomla\CMS\Object\CMSObject;
 use Joomla\CMS\Factory;
 

code/admin/language/en-GB/en-GB.com_api.ini

@@ -86,7 +86,7 @@ COM_API_CONFIG_ALLOW_CORS_LBL="Allow Cross Origin Requests"
 COM_API_CONFIG_ALLOW_CORS_DESC="This configuration enables CORS support. Choose if you wish to enable CORS for only GET method or for all methods."
 COM_API_CONFIG_CORS_LBL="CORS URLs / Domains"
 COM_API_CONFIG_CORS_DESC="List of URLs for which to allow CORS requests. Put an asterisk (*) to allow CORS requests from all domains. Alternately put a comma separated list of URL's. Ex. https://techjoomla.com, http://example.com"
-COM_API_FORM_LBL_RATE_LIMIT="Hourly Rate Limit for Requests"
+COM_API_FORM_LBL_RATE_LIMIT="Rate Limit for Requests"
 COM_API_FORM_LBL_RATE_LIMIT_DESC="Put a number if you want to limit the number of requests made by a token in an hour to the configured value. An empty or 0 value allows unlimited requests"
 COM_API_EXCLD_WORDS="Exclude request variables from log"
 COM_API_EXCLD_WORDS_DESC="A comma separated list of request variables that will be redacted before being added to the API Request log"
@@ -97,6 +97,15 @@ COM_API_CONFIG_ALLOW_HEADER_DESC="Add comma separated values for Access-Control-
 COM_API_FILTER_DESC="Searches in User name, hash, Request URL, POST Data. <br />uid:number searches logs for a particular user"
 UNASSIGNED_HASH="No user for this API Key"
 
+COM_API_CONFIG_IPS_DESC="List of IPs for which to allow API access. Put an asterisk (*) to allow API access from all IPs. Alternately put a comma separated list of IPs Ex. 192.168.1.1, 192.168.1.10 or IP Range Ex. 192.168.1.1-192.168.1.10 or CIDR Block Ex. 192.168.1.1/24"
+COM_API_CONFIG_IPS_LBL="IP Address/IP Range/CIDR Block"
+COM_API_CONFIG_REQ_LT_LBL="Rate Frequency"
+COM_API_CONFIG_REQ_LT_DESC="Request limit frequency"
+COM_API_CONFIG_RLT_HOUR="Hour"
+COM_API_CONFIG_RLT_MINUTE="Minute"
+COM_API_CONFIG_RLT_DAY="Day"
+COM_API_CONFIG_GET_CORS="Get"
+
 ; Permissions
 JACTION_MANAGELOGS="Manage Logs"
 JACTION_MANAGELOGS_DESC="Allows users in this group to manage API logs."

code/admin/language/en-GB/en-GB.com_api.sys.ini

@@ -9,6 +9,7 @@ COM_API_XML_DESCRIPTION="Multi"
 COM_API_TEST_LABEL="Test label"
 
 COM_API_TITLE_KEYS="API Keys"
+COM_API_TITLE_LOGS="Request Logs"
 
 COM_API_SHOW_TABLES_SQL_STATEMENT="SHOW FULL TABLES WHERE tables_in_%s LIKE %s"
 

code/admin/models/fields/createdby.php

@@ -7,7 +7,6 @@
  */
 
 defined('JPATH_BASE') or die();
-
 use Joomla\CMS\Form\FormField;
 use Joomla\CMS\Factory;
 

code/admin/tables/log.php

@@ -14,6 +14,7 @@
 use Joomla\CMS\Factory;
 use Joomla\Registry\Registry;
 use Joomla\CMS\Access\Access;
+use Joomla\Utilities\ArrayHelper;
 
 /**
  * Log Table class
@@ -138,7 +139,7 @@ public function store($updateNulls = false)
 	{
 		if (is_array($this->post_data))
 		{
-			$this->post_data = JArrayHelper::toString($this->post_data, '=', '&');
+			$this->post_data = ArrayHelper::toString($this->post_data, '=', '&');
 		}
 
 		return parent::store($updateNulls = false);

code/admin/views/cpanel/view.html.php

@@ -7,9 +7,9 @@
  */
 
 defined('_JEXEC') or die();
-
-use Joomla\CMS\MVC\View\HtmlView;
+ 
 use Joomla\CMS\Language\Text;
+use Joomla\CMS\Toolbar\ToolbarHelper;
 
 /**
  * Cpanel class
@@ -54,7 +54,7 @@ public function display($tpl = null)
 	 */
 	private function generateToolbar()
 	{
-		JToolBarHelper::title(Text::_('COM_API') . ': ' . Text::_('COM_API_CONTROL_PANEL'));
-		JToolBarHelper::preferences('com_api', 500, 500);
+		ToolbarHelper::title(Text::_('COM_API') . ': ' . Text::_('COM_API_CONTROL_PANEL'));
+		ToolbarHelper::preferences('com_api', 500, 500);
 	}
 }

code/admin/views/key/tmpl/edit.php

@@ -28,36 +28,36 @@
 HTMLHelper::_('behavior.keepalive');
 
 // Import CSS
-$document = Factory::getDocument();
-$document->addStyleSheet('components/com_api/assets/css/api.css');
-?>
+HTMLHelper::_('stylesheet','components/com_api/assets/css/api.css');
 
-<script type="text/javascript">
-	js = jQuery.noConflict();
-	js(document).ready(function()
-	{
-
-	});
-
-	Joomla.submitbutton = function(task)
-	{
-		if (task == 'key.cancel')
+Factory::getDocument()->addScriptDeclaration(
+	"
+		js = jQuery.noConflict();
+		js(document).ready(function()
 		{
-			Joomla.submitform(task, document.getElementById('key-form'));
-		}
-		else
+	
+		});
+	
+		Joomla.submitbutton = function(task)
 		{
-			if (task != 'key.cancel' && document.formvalidator.isValid(document.getElementById('key-form')))
+			if (task == 'key.cancel')
 			{
 				Joomla.submitform(task, document.getElementById('key-form'));
 			}
 			else
 			{
-				alert('<?php echo $this->escape(Text::_('JGLOBAL_VALIDATION_FORM_FAILED')); ?>');
+				if (task != 'key.cancel' && document.formvalidator.isValid(document.getElementById('key-form')))
+				{
+					Joomla.submitform(task, document.getElementById('key-form'));
+				}
+				else
+				{
+					alert('".$this->escape(Text::_('JGLOBAL_VALIDATION_FORM_FAILED'))."');
+				}
 			}
 		}
-	}
-</script>
+		");
+	?>
 
 <div class="<?php echo COM_APIS_WRAPPER_CLASS; ?> api-key">
 	<form action="<?php echo Route::_('index.php?option=com_api&layout=edit&id=' . (int) $this->item->id); ?>" method="post" enctype="multipart/form-data" name="adminForm" id="key-form" class="form-validate">