DAProgs/portspoof_concentrator
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added connections link to main page

Browse Source
This commit is contained in:
DAProgs
2026-03-11 11:03:30 -04:00
parent 3634f502a1
commit 0aabf321ef
3 changed files with 32 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
api/connections.php
View File

@@ -4,37 +4,47 @@
*
* Returns connections from the last 10 minutes (or ?minutes=N) as JSON.
*
* Authentication: same TRIGGER_TOKEN as trigger.php
* Authorization: Bearer <token>
* or ?token=<token>
* Authentication (any one of):
* - Active web session (logged-in browser)
* - Authorization: Bearer <TRIGGER_TOKEN>
* - ?token=<TRIGGER_TOKEN>
*
* Optional query parameters:
* minutes int Lookback window in minutes (default 10, max 1440)
* node_id int Filter to a specific node
*/
require_once __DIR__ . '/../includes/auth.php';
require_once __DIR__ . '/../includes/functions.php';
header('Content-Type: application/json');
// ── Auth ──────────────────────────────────────────────────────────────────────
if (TRIGGER_TOKEN === '') {
http_response_code(503);
echo json_encode(['error' => 'API is disabled. Set TRIGGER_TOKEN in config.php.']);
exit;
// Accept a valid session from a logged-in browser
$session_ok = false;
if (auth_enabled()) {
if (session_status() === PHP_SESSION_NONE) {
session_start();
}
$session_ok = !empty($_SESSION['authenticated']);
}
$provided = '';
$auth_header = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
if (str_starts_with($auth_header, 'Bearer ')) {
$provided = substr($auth_header, 7);
}
if ($provided === '' && isset($_REQUEST['token'])) {
$provided = $_REQUEST['token'];
// Accept a Bearer token or ?token= for programmatic access
$token_ok = false;
if (TRIGGER_TOKEN !== '') {
$provided = '';
$auth_header = $_SERVER['HTTP_AUTHORIZATION'] ?? '';
if (str_starts_with($auth_header, 'Bearer ')) {
$provided = substr($auth_header, 7);
}
if ($provided === '' && isset($_REQUEST['token'])) {
$provided = $_REQUEST['token'];
}
$token_ok = $provided !== '' && hash_equals(TRIGGER_TOKEN, $provided);
}
if (!hash_equals(TRIGGER_TOKEN, $provided)) {
if (!$session_ok && !$token_ok) {
http_response_code(401);
echo json_encode(['error' => 'Unauthorized']);
exit;