Merge pull request #150 from vinayak-patil/j4x

Issue fixes - #63,#122,#80 - Joomla 4 & PHP 8.0 compatibility

changelog.md

@@ -0,0 +1,17 @@
+# Changelog
+
+#### Legend
+
+- Bug Fix (-)
+- Feature Addition (+) 
+
+### com_api v4.0.0
+
+##### - Bug fixes:
+- #194540 - API Rate Limit Exceeded,403 - Issue #122
+- Drop support to accept token as 'Key' parameter from GET/POST request - Tokens should not be accepted via request variables 
+
+
+##### + Features Added:
+- #175851 - Joomla 4 & PHP 8.0 compatible
+- #194541 - Added IP based restrictions to access the APIs, Issue #63

code/admin/config.xml

@@ -3,13 +3,20 @@
 	<fieldset label="COM_API" name="api">
 		<field name="force_output" type="text" label="COM_API_FORM_LBL_FORCE_OUTPUT"
 			description="COM_API_FORM_DESC_FORCE_OUTPUT" />
+		<field name="request_limit_time" type="radio" default="hour"
+			label="COM_API_CONFIG_REQ_LT_LBL" description="COM_API_CONFIG_REQ_LT_DESC"
+			class="btn-group">
+			<option value="hour">COM_API_CONFIG_RLT_HOUR</option>
+			<option value="minute">COM_API_CONFIG_RLT_MINUTE</option>
+			<option value="day">COM_API_CONFIG_RLT_DAY</option>
+		</field>
 		<field name="request_limit" type="text" label="COM_API_FORM_LBL_RATE_LIMIT"
 			description="COM_API_FORM_LBL_RATE_LIMIT_DESC" />
 		<field name="log_requests" type="radio" default="0"
 			label="COM_API_CONFIG_LOG_LBL" description="COM_API_CONFIG_LOG_DESC"
 			class="btn-group">
-			<option value="0">No</option>
-			<option value="1">Yes</option>
+			<option value="0">JNO</option>
+			<option value="1">JYES</option>
 		</field>
 		<field name="exclude_log" type="text" default="password,pass,passwd,pwd,key"
 			label="COM_API_EXCLD_WORDS" description="COM_API_EXCLD_WORDS_DESC" />
@@ -19,10 +26,12 @@
 		<field name="allow_cors" type="radio" default="0"
 			label="COM_API_CONFIG_ALLOW_CORS_LBL" description="COM_API_CONFIG_ALLOW_CORS_DESC"
 			class="btn-group">
-			<option value="0">No</option>
-			<option value="get">GET</option>
-			<option value="*">ALL</option>
+			<option value="0">JNO</option>
+			<option value="get">COM_API_CONFIG_GET_CORS</option>
+			<option value="*">JALL</option>
 		</field>
+        <field name="ip_address" type="textarea" columns="5"
+            label="COM_API_CONFIG_IPS_LBL" description="COM_API_CONFIG_IPS_DESC" />
         <field name="cors" type="textarea" default="*" columns="5"
             label="COM_API_CONFIG_CORS_LBL" description="COM_API_CONFIG_CORS_DESC" />
         <field name="allow_headers" type="textarea" default="Authorization, Access-Control-Allow-Origin, Access-Control-Allow-Methods, X-Authorization, X-Compatibility-Mode, Content-Type, Accept" columns="5"

code/admin/controllers/keys.php

@@ -12,6 +12,7 @@
 use Joomla\CMS\MVC\Controller\AdminController;
 use Joomla\CMS\MVC\Model\BaseDatabaseModel;
 use Joomla\CMS\Factory;
+use Joomla\Utilities\ArrayHelper;
 
 /**
  * Keys list controller class.
@@ -52,8 +53,8 @@ public function saveOrderAjax()
 		$order = $input->post->get('order', array(), 'array');
 
 		// Sanitize the input
-		JArrayHelper::toInteger($pks);
-		JArrayHelper::toInteger($order);
+		ArrayHelper::toInteger($pks);
+		ArrayHelper::toInteger($order);
 
 		// Get the model
 		$model = $this->getModel();

code/admin/helpers/api.php

@@ -8,9 +8,9 @@
 
 // No direct access.
 defined('_JEXEC') or die();
+use Joomla\CMS\HTML\HTMLHelper;
 
 use Joomla\CMS\Language\Text;
-use Joomla\CMS\HTML\HTMLHelper;
 use Joomla\CMS\Object\CMSObject;
 use Joomla\CMS\Factory;
 

code/admin/language/en-GB/en-GB.com_api.ini

@@ -86,7 +86,7 @@ COM_API_CONFIG_ALLOW_CORS_LBL="Allow Cross Origin Requests"
 COM_API_CONFIG_ALLOW_CORS_DESC="This configuration enables CORS support. Choose if you wish to enable CORS for only GET method or for all methods."
 COM_API_CONFIG_CORS_LBL="CORS URLs / Domains"
 COM_API_CONFIG_CORS_DESC="List of URLs for which to allow CORS requests. Put an asterisk (*) to allow CORS requests from all domains. Alternately put a comma separated list of URL's. Ex. https://techjoomla.com, http://example.com"
-COM_API_FORM_LBL_RATE_LIMIT="Hourly Rate Limit for Requests"
+COM_API_FORM_LBL_RATE_LIMIT="Rate Limit for Requests"
 COM_API_FORM_LBL_RATE_LIMIT_DESC="Put a number if you want to limit the number of requests made by a token in an hour to the configured value. An empty or 0 value allows unlimited requests"
 COM_API_EXCLD_WORDS="Exclude request variables from log"
 COM_API_EXCLD_WORDS_DESC="A comma separated list of request variables that will be redacted before being added to the API Request log"
@@ -97,6 +97,15 @@ COM_API_CONFIG_ALLOW_HEADER_DESC="Add comma separated values for Access-Control-
 COM_API_FILTER_DESC="Searches in User name, hash, Request URL, POST Data. <br />uid:number searches logs for a particular user"
 UNASSIGNED_HASH="No user for this API Key"
 
+COM_API_CONFIG_IPS_DESC="List of IPs for which to allow API access. Put an asterisk (*) to allow API access from all IPs. Alternately put a comma separated list of IPs Ex. 192.168.1.1, 192.168.1.10 or IP Range Ex. 192.168.1.1-192.168.1.10 or CIDR Block Ex. 192.168.1.1/24"
+COM_API_CONFIG_IPS_LBL="IP Address/IP Range/CIDR Block"
+COM_API_CONFIG_REQ_LT_LBL="Rate Frequency"
+COM_API_CONFIG_REQ_LT_DESC="Request limit frequency"
+COM_API_CONFIG_RLT_HOUR="Hour"
+COM_API_CONFIG_RLT_MINUTE="Minute"
+COM_API_CONFIG_RLT_DAY="Day"
+COM_API_CONFIG_GET_CORS="Get"
+
 ; Permissions
 JACTION_MANAGELOGS="Manage Logs"
 JACTION_MANAGELOGS_DESC="Allows users in this group to manage API logs."

code/admin/language/en-GB/en-GB.com_api.sys.ini

@@ -9,6 +9,7 @@ COM_API_XML_DESCRIPTION="Multi"
 COM_API_TEST_LABEL="Test label"
 
 COM_API_TITLE_KEYS="API Keys"
+COM_API_TITLE_LOGS="Request Logs"
 
 COM_API_SHOW_TABLES_SQL_STATEMENT="SHOW FULL TABLES WHERE tables_in_%s LIKE %s"
 

code/admin/models/fields/createdby.php

@@ -7,7 +7,6 @@
  */
 
 defined('JPATH_BASE') or die();
-
 use Joomla\CMS\Form\FormField;
 use Joomla\CMS\Factory;
 

code/admin/tables/log.php

@@ -14,6 +14,7 @@
 use Joomla\CMS\Factory;
 use Joomla\Registry\Registry;
 use Joomla\CMS\Access\Access;
+use Joomla\Utilities\ArrayHelper;
 
 /**
  * Log Table class
@@ -138,7 +139,7 @@ public function store($updateNulls = false)
 	{
 		if (is_array($this->post_data))
 		{
-			$this->post_data = JArrayHelper::toString($this->post_data, '=', '&');
+			$this->post_data = ArrayHelper::toString($this->post_data, '=', '&');
 		}
 
 		return parent::store($updateNulls = false);

code/admin/views/cpanel/view.html.php

@@ -7,9 +7,9 @@
  */
 
 defined('_JEXEC') or die();
-
-use Joomla\CMS\MVC\View\HtmlView;
+
 use Joomla\CMS\Language\Text;
+use Joomla\CMS\Toolbar\ToolbarHelper;
 
 /**
  * Cpanel class
@@ -54,7 +54,7 @@ public function display($tpl = null)
 	 */
 	private function generateToolbar()
 	{
-		JToolBarHelper::title(Text::_('COM_API') . ': ' . Text::_('COM_API_CONTROL_PANEL'));
-		JToolBarHelper::preferences('com_api', 500, 500);
+		ToolbarHelper::title(Text::_('COM_API') . ': ' . Text::_('COM_API_CONTROL_PANEL'));
+		ToolbarHelper::preferences('com_api', 500, 500);
 	}
 }

code/admin/views/key/tmpl/edit.php

@@ -28,36 +28,36 @@
 HTMLHelper::_('behavior.keepalive');
 
 // Import CSS
-$document = Factory::getDocument();
-$document->addStyleSheet('components/com_api/assets/css/api.css');
-?>
+HTMLHelper::_('stylesheet','components/com_api/assets/css/api.css');
 
-<script type="text/javascript">
-	js = jQuery.noConflict();
-	js(document).ready(function()
-	{
-
-	});
-
-	Joomla.submitbutton = function(task)
-	{
-		if (task == 'key.cancel')
+Factory::getDocument()->addScriptDeclaration(
+	"
+		js = jQuery.noConflict();
+		js(document).ready(function()
 		{
-			Joomla.submitform(task, document.getElementById('key-form'));
-		}
-		else
+	
+		});
+	
+		Joomla.submitbutton = function(task)
 		{
-			if (task != 'key.cancel' && document.formvalidator.isValid(document.getElementById('key-form')))
+			if (task == 'key.cancel')
 			{
 				Joomla.submitform(task, document.getElementById('key-form'));
 			}
 			else
 			{
-				alert('<?php echo $this->escape(Text::_('JGLOBAL_VALIDATION_FORM_FAILED')); ?>');
+				if (task != 'key.cancel' && document.formvalidator.isValid(document.getElementById('key-form')))
+				{
+					Joomla.submitform(task, document.getElementById('key-form'));
+				}
+				else
+				{
+					alert('".$this->escape(Text::_('JGLOBAL_VALIDATION_FORM_FAILED'))."');
+				}
 			}
 		}
-	}
-</script>
+		");
+	?>
 
 <div class="<?php echo COM_APIS_WRAPPER_CLASS; ?> api-key">
 	<form action="<?php echo Route::_('index.php?option=com_api&layout=edit&id=' . (int) $this->item->id); ?>" method="post" enctype="multipart/form-data" name="adminForm" id="key-form" class="form-validate">

code/admin/views/key/view.html.php

@@ -14,6 +14,8 @@
 use Joomla\CMS\Form\Form;
 use Joomla\CMS\Factory;
 use Joomla\CMS\Language\Text;
+use Joomla\CMS\Toolbar\ToolbarHelper;
+
 
 /**
  * View class key form.
@@ -95,11 +97,11 @@ protected function addToolbar()
 
 		if (JVERSION >= '3.0')
 		{
-			JToolBarHelper::title($viewTitle, 'pencil-2');
+			ToolBarHelper::title($viewTitle, 'pencil-2');
 		}
 		else
 		{
-			JToolBarHelper::title($viewTitle, 'key.png');
+			ToolBarHelper::title($viewTitle, 'key.png');
 		}
 
 		if (isset($this->item->checked_out))
@@ -116,28 +118,28 @@ protected function addToolbar()
 		// If not checked out, can save the item.
 		if (! $checkedOut && ($canDo->get('core.edit') || ($canDo->get('core.create'))))
 		{
-			JToolBarHelper::apply('key.apply', 'JTOOLBAR_APPLY');
-			JToolBarHelper::save('key.save', 'JTOOLBAR_SAVE');
+			ToolBarHelper::apply('key.apply', 'JTOOLBAR_APPLY');
+			ToolBarHelper::save('key.save', 'JTOOLBAR_SAVE');
 		}
 
 		if (! $checkedOut && ($canDo->get('core.create')))
 		{
-			JToolBarHelper::custom('key.save2new', 'save-new.png', 'save-new_f2.png', 'JTOOLBAR_SAVE_AND_NEW', false);
+			ToolBarHelper::custom('key.save2new', 'save-new.png', 'save-new_f2.png', 'JTOOLBAR_SAVE_AND_NEW', false);
 		}
 
 		// If an existing item, can save to a copy.
 		if (! $isNew && $canDo->get('core.create'))
 		{
-			JToolBarHelper::custom('key.save2copy', 'save-copy.png', 'save-copy_f2.png', 'JTOOLBAR_SAVE_AS_COPY', false);
+			ToolBarHelper::custom('key.save2copy', 'save-copy.png', 'save-copy_f2.png', 'JTOOLBAR_SAVE_AS_COPY', false);
 		}
 
 		if (empty($this->item->id))
 		{
-			JToolBarHelper::cancel('key.cancel', 'JTOOLBAR_CANCEL');
+			ToolBarHelper::cancel('key.cancel', 'JTOOLBAR_CANCEL');
 		}
 		else
 		{
-			JToolBarHelper::cancel('key.cancel', 'JTOOLBAR_CLOSE');
+			ToolBarHelper::cancel('key.cancel', 'JTOOLBAR_CLOSE');
 		}
 	}
 }

code/admin/views/keys/tmpl/default.php

@@ -21,8 +21,7 @@
 HTMLHelper::addIncludePath(JPATH_COMPONENT . '/helpers/html');
 
 // Import CSS
-$document = Factory::getDocument();
-$document->addStyleSheet('components/com_api/assets/css/api.css');
+HTMLHelper::_('stylesheet','components/com_api/assets/css/api.css');
 
 $user      = Factory::getUser();
 $userId    = $user->get('id');
@@ -38,29 +37,26 @@
 }
 
 $sortFields = $this->getSortFields();
-?>
 
-<script type="text/javascript">
+Factory::getDocument()->addScriptDeclaration('
 	Joomla.orderTable = function()
 	{
 		table = document.getElementById("sortTable");
 		direction = document.getElementById("directionTable");
 		order = table.options[table.selectedIndex].value;
-
-		if (order !== '<?php echo $listOrder; ?>')
+		if (order !== "' . $listOrder . '")
 		{
-			dirn = 'asc';
+			dirn = "asc";
 		}
 		else
 		{
 			dirn = direction.options[direction.selectedIndex].value;
 		}
 
-		Joomla.tableOrdering(order, dirn, '');
+		Joomla.tableOrdering(order, dirn, "");
 	}
-</script>
+');
 
-<?php
 if (! empty($this->extra_sidebar))
 {
 	$this->sidebar .= $this->extra_sidebar;