nathan-fiscaletti / synful Goto Github PK

Currently API keys require an E-Mail address for the authentication handle. Instead, we should be using a simple string for the handle.

Implement the Eloquent ORM for database management and refactor DB access in the API.

composer require illuminate/database

It fails due to \Synful\Synful not being imported in \Synful\Util\Serializers\JSONSerializer

Remove the option to run the API as a standalone. It's unnecessary.

Instead of using API key whitelisting per-request handler, we should be assigning each request handler a security level. Each api key should also be assigned a security level, only API keys with security levels matching that of the request handler should be allowed access to it.

Instead of only parsing requests and responses as JSON, add support for XML based responses on a per RequestHandler basis.

Add a command that will allow you to generate a new key for an API Key Listing.

Add a middleware feature. Validation.php would be removed, and a Middleware interface would be created. Validation would be moved to a custom implementation of this Middleware, and API Key validation would be moved to a separate Middleware implementation. The regular request validation Middleware will be enforced, but API Key validation will be optional.

Instead of using the $is_public, $white_list_keys, and $security_level properties of the RequestHandler, this would be moved to custom Middleware implementations.

To add middleware to an Endpoint, you would override the $middleware property and set it to an array of the Middleware classes that would be used.

You can create custom middleware by running ./synful -cmw MiddleWareName from console. You would then override the action function of the Middleware object. This will give you access to the Request object.

interface MiddleWare
{
    public function performAction(Request $request);
}

APIKey::getKey currently makes two SQL queries for the same data, this should be changed.

Implement modrewrite to use true URL endpoints instead of passing a RequestHandler with the JSON request.

The sf_input function is missing a javadoc comment.

Remove the CLIParser code and instead implement nafisc/parameterparser.

Add the feature for a salt to be used with API keys.

We removed the Vagrantfile in v2.0.0, this should be added again.

If you use an endpoint like {type}/{ip} it won't work. It has to be something/{type}/{ip}. This should work.

Abstract access to the Sql Databases with a function.

Add a version to the library, output using ./synful -v or ./synful -version

There is no need for the test.php file anymore, as modrewrite doesn't allow access to it anyway. Remove this file.

Nix binary doesn't notice processor when being executed

In a lot of the functions being used to load parts of the framework, we are using scandir to load files. This should be replaced by a configuration entry with the class names.

the Synful\Util\Framework\Validator class is very messy and needs to be refactored.

Currently, Synful only works with POST, we should be allowing the option for GET, PUT and DELETE as well.

Instead of accessing the request through the Response->Request method that's currently being used, we should create a Request object that gets passed to the RequestHandlers and a Response should be returned from them.

API Keys get truncated by the password_hash function as it will truncate output hashes to only 72 characters.

Removing salts should fix this issue as password_hash handles salts internally anyway.

Move request handler interface out of the RequestHandlers folder and into the Util folder

Rename the object clas.

Instead of passing authentication with the request, move it to the headers

When an exception is encountered or a 500 is returned, add the option to display these as JSON based responses.

The master key feature is no longer necessary. It should be removed.

Implement a better endpoint management system for RequestHandlers.

Interally, Synful would register each RequestHandler's endpoint as follows.

    \Synfu\Synful::registerEndPoint($requestHandler);

If the endpoint is already being used, an error would be thrown.

The style checks have been failing, need to fix StyleCI and implement merge requirements for StyleCI

Add authentication using an RSA key, implement JWT.

Write unit tests for the entire API and implement travis.ci

Allow encryption to be enabled / disabled for certain request handlers

Currently, we only support POST, GET, PUT and DELETE. We should add support for PATCH, and OPTIONS.

Key permissions are not used. The code for storing them takes up extra unnecessary logic and it should be removed and instead be handled with whitelisting and request handlers.

Instead of always responding with a 200 and packaging the true HTTP response code in the response body, move it to the response headers where it should be.

When modifying an existing API key firewall listing, it doesn't get updated. This is do to there being no update query in the save function of APIKey.

APIKeyValidation is using action instead of before. This needs to be fixed.

Currently, API keys use email for authenticating. This should change to Auth.

Instead of using request post field, use a JSON request to handle API requests.

Some files were left out from #86. They need to be added.

The Wiki for this project is severely out of date. It will need to be updated.

There is an outdated encryption system that uses raw AES, there is no need for this. It's bloated and slows the API down.

The directories src/Synful/App/Commands and src/Synful/App/Data are missing.

Serializers will throw 'invalid input' error when you don't send input data, this should not happen.

Databases are only initialized once they are accessed. Once they have been accessed once, the connection persists.

In RequestHandlers we're using the constructor to initialize properties. Let's move this to overriding properties.

Currently, APIKey will return a boolean from the keyExists function. Instead, return the APIKey object.