Make sure the wildcard lookup uses the right starr app

austinwbest · austinwbest · commit 83d86e77040c · 2024-11-16T20:15:21.000-05:00
Fix the log endpoint list being able to add empty endpoints
diff --git a/root/app/www/public/api/index.php b/root/app/www/public/api/index.php
@@ -153,6 +153,7 @@
     apiResponse($code, $response);
 } else {
     $proxiedApp = $starr->getAppFromProxiedKey($apikey);
+    $app        = $starr->getStarrInterfaceNameFromId($proxiedApp['starrAppDetails']['starr']);
 
     if (!$proxiedApp) {
         logger($logfile, $apikey, $endpoint, 401);
@@ -169,7 +170,7 @@
             readfile($proxyBackup);
         }
     } else {
-        $isAllowedEndpoint  = $starr->isAllowedEndpoint($proxiedApp['access'], $endpoint);
+        $isAllowedEndpoint  = $starr->isAllowedEndpoint($app, $proxiedApp['access'], $endpoint);
         $starrEndpoint      = $isAllowedEndpoint['starrEndpoint'];
         $isAllowed          = $isAllowedEndpoint['allowed'];
 
diff --git a/root/app/www/public/classes/Starr.php b/root/app/www/public/classes/Starr.php
@@ -228,9 +228,13 @@ public function getAppFromStarrKey($apikey, $starrsTable)
         return [];
     }
 
-    public function findWildcardEndpoint($endpoint)
+    public function findWildcardEndpoint($starrApp, $endpoint)
     {
-        foreach (StarrApps::LIST as $starrApp) {
+        foreach (StarrApps::LIST as $listStarr) {
+            if (strtolower($listStarr) != strtolower($starrApp)) {
+                continue;
+            }
+
             $endpoints = $this->getEndpoints(strtolower($starrApp));
 
             $endpointRegexes    = ['/(.*)\/(.*)\/(.*)/', '/(.*)\/(.*)/'];
@@ -265,9 +269,9 @@ public function findWildcardEndpoint($endpoint)
         return;
     }
 
-    public function isAllowedEndpoint($endpoints, $endpoint)
+    public function isAllowedEndpoint($starrApp, $endpoints, $endpoint)
     {
-        if (!$endpoint) {
+        if (!$starrApp || !$endpoint) {
             return ['allowed' => false];
         }
 
@@ -279,7 +283,7 @@ public function isAllowedEndpoint($endpoints, $endpoint)
 
         // CHECK IF THE ENDPOINT HAS WILDCARDS: /{...}/{...} OR /{...}
         if (!$endpoints[$endpoint]) {
-            $wildcard = $this->findWildcardEndpoint($endpoint);
+            $wildcard = $this->findWildcardEndpoint($starrApp, $endpoint);
             return ['allowed' => $endpoints[$wildcard], 'starrEndpoint' => $wildcard];
         }
 
diff --git a/root/app/www/public/functions/logger.php b/root/app/www/public/functions/logger.php
@@ -189,22 +189,24 @@ function getLog($logfile, $page = 1, $app = false)
         <?php 
         if ($app) {
             $proxiedApp = $starr->getAppFromProxiedKey($_POST['key'], true);
+            $starrApp   = $starr->getStarrInterfaceNameFromId($proxiedApp['starrAppDetails']['starr']);
+
             ?>
             <div class="tab-pane fade" id="endpoints" role="tabpanel">
                 <h4>Endpoint usage <span class="text-small">(<?= count($endpointUsage) ?> endpoint<?= count($endpointUsage) == 1 ? '' : 's' ?>)</span></h4>
                 <?php
                 foreach ($endpointUsage as $endpoint => $methods) {
-                    $isAllowedEndpoint  = $starr->isAllowedEndpoint($proxiedApp['access'], $endpoint);
+                    $isAllowedEndpoint  = $starr->isAllowedEndpoint($starrApp, $proxiedApp['access'], $endpoint);
                     $starrEndpoint      = $isAllowedEndpoint['starrEndpoint'];
                     $isAllowed          = $isAllowedEndpoint['allowed'];
 
                     foreach ($methods as $method => $usage) {
                         $isAllowedEndpointMethod = $isAllowed ? $starr->isAllowedEndpointMethod($proxiedApp['access'], $starrEndpoint, $method) : false;
 
                         ?>
-                        <i id="disallowed-endpoint-<?= md5($starrEndpoint.$method) ?>" class="far fa-times-circle text-danger" title="Disallowed endpoint, click to allow it" style="display: <?= !$isAllowedEndpointMethod ? 'inline-block' : 'none' ?>; cursor: pointer;" onclick="addEndpointAccess('<?= $app ?>', <?= $proxiedApp['proxiedAppDetails']['id'] ?>, '<?= $starrEndpoint ?>', '<?= $method ?>', '<?= md5($starrEndpoint.$method) ?>')"></i> 
-                        <i id="allowed-endpoint-<?= md5($starrEndpoint.$method) ?>" class="far fa-check-circle text-success" title="Allowed endpoint, click to block it" style="display: <?= $isAllowedEndpointMethod ? 'inline-block' : 'none' ?>; cursor: pointer;" onclick="removeEndpointAccess('<?= $app ?>', <?= $proxiedApp['proxiedAppDetails']['id'] ?>, '<?= $starrEndpoint ?>', '<?= $method ?>', '<?= md5($starrEndpoint.$method) ?>')"></i> 
-                        [<?= strtoupper($method) ?>] <?= ($starrEndpoint != $endpoint ? $starrEndpoint . ' → ' : '') . $endpoint . ': ' . number_format($usage) ?> hit<?= $usage == 1 ? '' : 's' ?><br>
+                        <i id="disallowed-endpoint-<?= md5($starrEndpoint.$method) ?>" class="far fa-times-circle text-danger" title="Disallowed endpoint, click to allow it" style="display: <?= !$isAllowedEndpointMethod ? 'inline-block' : 'none' ?>; cursor: pointer;" onclick="addEndpointAccess('<?= $app ?>', <?= $proxiedApp['proxiedAppDetails']['id'] ?>, '<?= $starrEndpoint ?: $endpoint ?>', '<?= $method ?>', '<?= md5($starrEndpoint.$method) ?>')"></i> 
+                        <i id="allowed-endpoint-<?= md5($starrEndpoint.$method) ?>" class="far fa-check-circle text-success" title="Allowed endpoint, click to block it" style="display: <?= $isAllowedEndpointMethod ? 'inline-block' : 'none' ?>; cursor: pointer;" onclick="removeEndpointAccess('<?= $app ?>', <?= $proxiedApp['proxiedAppDetails']['id'] ?>, '<?= $starrEndpoint ?: $endpoint ?>', '<?= $method ?>', '<?= md5($starrEndpoint.$method) ?>')"></i> 
+                        [<?= strtoupper($method) ?>] <?= ($starrEndpoint && $starrEndpoint != $endpoint ? $starrEndpoint . ' → ' : '') . $endpoint . ': ' . number_format($usage) ?> hit<?= $usage == 1 ? '' : 's' ?><br>
                         <?php
                     }
                 }

Original file line number	Diff line number	Diff line change
`@@ -228,9 +228,13 @@ public function getAppFromStarrKey($apikey, $starrsTable)`
`228`	`228`	`return [];`
`229`	`229`	`}`
`230`	`230`
`231`		`- public function findWildcardEndpoint($endpoint)`
	`231`	`+ public function findWildcardEndpoint($starrApp, $endpoint)`
`232`	`232`	`{`
`233`		`- foreach (StarrApps::LIST as $starrApp) {`
	`233`	`+ foreach (StarrApps::LIST as $listStarr) {`
	`234`	`+ if (strtolower($listStarr) != strtolower($starrApp)) {`
	`235`	`+ continue;`
	`236`	`+ }`
	`237`	`+`
`234`	`238`	`$endpoints = $this->getEndpoints(strtolower($starrApp));`
`235`	`239`
`236`	`240`	`$endpointRegexes = ['/(.)\/(.)\/(.)/', '/(.)\/(.*)/'];`
`@@ -265,9 +269,9 @@ public function findWildcardEndpoint($endpoint)`
`265`	`269`	`return;`
`266`	`270`	`}`
`267`	`271`
`268`		`- public function isAllowedEndpoint($endpoints, $endpoint)`
	`272`	`+ public function isAllowedEndpoint($starrApp, $endpoints, $endpoint)`
`269`	`273`	`{`
`270`		`- if (!$endpoint) {`
	`274`	`+ if (!$starrApp \|\| !$endpoint) {`
`271`	`275`	`return ['allowed' => false];`
`272`	`276`	`}`
`273`	`277`
`@@ -279,7 +283,7 @@ public function isAllowedEndpoint($endpoints, $endpoint)`
`279`	`283`
`280`	`284`	`// CHECK IF THE ENDPOINT HAS WILDCARDS: /{...}/{...} OR /{...}`
`281`	`285`	`if (!$endpoints[$endpoint]) {`
`282`		`- $wildcard = $this->findWildcardEndpoint($endpoint);`
	`286`	`+ $wildcard = $this->findWildcardEndpoint($starrApp, $endpoint);`
`283`	`287`	`return ['allowed' => $endpoints[$wildcard], 'starrEndpoint' => $wildcard];`
`284`	`288`	`}`
`285`	`289`