From b5007fceec9fa58e759dff046f47412a0d574fc9 Mon Sep 17 00:00:00 2001 From: Alexey Skobkin Date: Fri, 25 Mar 2016 17:34:18 +0300 Subject: [PATCH] Crawler API now checks token. --- app/config/parameters.yml.dist | 3 +++ .../Controller/Api/CrawlerController.php | 9 ++++++++- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/app/config/parameters.yml.dist b/app/config/parameters.yml.dist index 2b5feda..d3dee0f 100644 --- a/app/config/parameters.yml.dist +++ b/app/config/parameters.yml.dist @@ -22,3 +22,6 @@ parameters: # A secret key that's used to generate certain security-related tokens secret: ThisTokenIsNotSoSecretChangeIt + + # Token for Go crawler https://bitbucket.org/skobkin/point-tools-crawler + crawler_token: test_token \ No newline at end of file diff --git a/src/Skobkin/Bundle/PointToolsBundle/Controller/Api/CrawlerController.php b/src/Skobkin/Bundle/PointToolsBundle/Controller/Api/CrawlerController.php index b4eca16..49f5542 100644 --- a/src/Skobkin/Bundle/PointToolsBundle/Controller/Api/CrawlerController.php +++ b/src/Skobkin/Bundle/PointToolsBundle/Controller/Api/CrawlerController.php @@ -4,12 +4,19 @@ namespace Skobkin\Bundle\PointToolsBundle\Controller\Api; use Skobkin\Bundle\PointToolsBundle\Service\Factory\Blogs\PostFactory; use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\Response; class CrawlerController extends AbstractApiController { public function receiveAllPageAction(Request $request) { - $token = $request->request->get('token'); + $remoteToken = $request->request->get('token'); + $localToken = $this->getParameter('crawler_token'); + + if (!$localToken || ($localToken !== $remoteToken)) { + return $this->createErrorResponse('Token error. Please check it in crawler and API parameters.', Response::HTTP_FORBIDDEN); + } + $json = $request->request->get('json'); $serializer = $this->get('jms_serializer');