Merge pull request #29 from daycry/development

Fixes

Author: daycry

composer.json

@@ -17,7 +17,7 @@
         "daycry/settings": "^1.0",
         "daycry/relations": "^2.0",
         "daycry/jwt": "^1.0",
-        "daycry/class-finder": "^2.0",
+        "daycry/class-finder": "^2.2",
         "daycry/cronjob": "^2.0"
     },
     "require-dev":

src/RestServer.php

@@ -114,6 +114,13 @@ class RestServer extends ResourceController
      */
     protected ?object $apiUser = null;
 
+    /**
+     * Information about the current API user.
+     *
+     * @var string
+     */
+    protected ?string $key = null;
+
     /**
      * Information about the current AUTH user.
      *
@@ -275,7 +282,7 @@ protected function _logRequest($authorized = false)
             'uri'        => $this->request->uri,
             'method'     => $this->request->getMethod(),
             'params'     => $params,
-            'api_key'    => isset($this->apiUser->key) ? $this->apiUser->key : '',
+            'api_key'    => isset($this->key) ? $this->key : '',
             'ip_address' => $this->request->getIPAddress(),
             'duration'   => $this->_benchmark->getElapsedTime('petition'),
             'response_code' => $this->response->getStatusCode(),
@@ -340,7 +347,7 @@ public function _remap($method, ...$params)
                 }
             }
 
-            $this->apiUser = \Daycry\RestServer\Validators\ApiKey::check($this->request, $this->_petition, $this->args);
+            $this->apiUser = \Daycry\RestServer\Validators\ApiKey::check($this->request, $this->args, $this->_petition, $this->key);
 
             if ($this->_restConfig->strictApiAndAuth && $this->apiUser instanceof \Exception) {
                 throw $this->apiUser;

src/Validators/ApiKey.php

@@ -7,7 +7,7 @@
 
 class ApiKey
 {
-    public static function check(RequestInterface $request, object $petition = null, array $args): ?object
+    public static function check(RequestInterface $request, array $args, object $petition = null, string &$key = null): ?object
     {
         $row = null;
         $usekey = config('RestServer')->restEnableKeys;
@@ -45,16 +45,18 @@ public static function check(RequestInterface $request, object $petition = null,
                             if ($list_ip) {
                                 if (strpos($list_ip, '/') !== false) {
                                     //check IP is in the range
-                                    $found_address = \Daycry\RestServer\Libraries\CheckIp::ipv4_in_range(trim($list_ip), $row->ip_addresses);
+                                    $found_address = \Daycry\RestServer\Libraries\CheckIp::ipv4_in_range(trim($ip_address), trim($list_ip));
                                 } elseif ($ip_address === trim($list_ip)) {
                                     // there is a match, set the the value to TRUE and break out of the loop
                                     $found_address = true;
+                                }
+                                if ($found_address) {
                                     break;
                                 }
                             }
                         }
 
-                        if (!$found_address) {
+                        if ($found_address !== true) {
                             return UnauthorizedException::forIpDenied();
                         }
                     } else {