From 4ffca7d5ac157d83319415a0f4e766736e6e8967 Mon Sep 17 00:00:00 2001 From: Sebastian Grewe Date: Tue, 17 Sep 2013 11:55:54 +0200 Subject: [PATCH] API overhaul for easier handling of API calls * [FEATURE] Allow in-class checking for user permissions * [FEATURE] Allow in-class creation of the JSON data for coherence * [FEATURE} Added API version in JSON data for client side checks * [IMPROVEMENT] Adjusted all API calls to use the new JSON layout **NOTE**: This is breaking backwads compatibility with the old API! Please adjust your client application to support this new version. The data array should not change much more other than added features. --- public/include/autoloader.inc.php | 2 +- public/include/classes/api.class.php | 42 ++++++++++++++++ .../include/pages/api/getblockcount.inc.php | 9 ++-- .../include/pages/api/getblocksfound.inc.php | 10 ++-- .../pages/api/getcurrentworkers.inc.php | 4 +- .../pages/api/getdashboarddata.inc.php | 48 +++++++------------ .../include/pages/api/getdifficulty.inc.php | 10 ++-- .../pages/api/getestimatedtime.inc.php | 5 +- .../pages/api/gethourlyhashrates.inc.php | 20 ++------ .../include/pages/api/getpoolhashrate.inc.php | 16 +++---- .../pages/api/getpoolsharerate.inc.php | 5 +- .../include/pages/api/getpoolstatus.inc.php | 34 ++++++------- .../pages/api/gettimesincelastblock.inc.php | 10 ++-- .../include/pages/api/getuserbalance.inc.php | 17 +------ .../include/pages/api/getuserhashrate.inc.php | 39 ++------------- .../pages/api/getusersharerate.inc.php | 38 +++------------ .../include/pages/api/getuserstatus.inc.php | 36 +++----------- .../include/pages/api/getuserworkers.inc.php | 15 +----- public/include/pages/api/public.inc.php | 1 + public/index.php | 4 +- public/templates/test/dashboard/js.tpl | 26 +++++----- 21 files changed, 149 insertions(+), 242 deletions(-) diff --git a/public/include/autoloader.inc.php b/public/include/autoloader.inc.php index d86245fb..cd6b032c 100644 --- a/public/include/autoloader.inc.php +++ b/public/include/autoloader.inc.php @@ -29,7 +29,6 @@ define('THEME', $theme); require_once(INCLUDE_DIR . '/smarty.inc.php'); // Load everything else in proper order -require_once(CLASS_DIR . '/api.class.php'); require_once(CLASS_DIR . '/mail.class.php'); require_once(CLASS_DIR . '/tokentype.class.php'); require_once(CLASS_DIR . '/token.class.php'); @@ -45,6 +44,7 @@ require_once(CLASS_DIR . '/roundstats.class.php'); require_once(CLASS_DIR . '/transaction.class.php'); require_once(CLASS_DIR . '/notification.class.php'); require_once(CLASS_DIR . '/news.class.php'); +require_once(CLASS_DIR . '/api.class.php'); require_once(INCLUDE_DIR . '/lib/Michelf/Markdown.php'); require_once(INCLUDE_DIR . '/lib/scrypt.php'); diff --git a/public/include/classes/api.class.php b/public/include/classes/api.class.php index e1403ee5..26b2a95d 100644 --- a/public/include/classes/api.class.php +++ b/public/include/classes/api.class.php @@ -7,6 +7,11 @@ if (!defined('SECURITY')) die('Hacking attempt'); * Helper class for our API **/ class Api extends Base { + private $api_version = '1.0.0'; + + function setStartTime($dStartTime) { + $this->dStartTime = $dStartTime; + } function isActive($error=true) { if (!$this->setting->getValue('disable_api')) { return true; @@ -17,8 +22,45 @@ class Api extends Base { } } } + + /** + * Create API json object from input array + * @param data Array data to create JSON for + * @param force bool Enforce a JSON object + * @return string JSON object + **/ + function get_json($data, $force=false) { + return json_encode( + array( $_REQUEST['action'] => array( + 'version' => $this->api_version, + 'runtime' => (microtime(true) - $this->dStartTime) * 1000, + 'data' => $data + )), $force ? JSON_FORCE_OBJECT : 0 + ); + } + + /** + * Check user access level to the API call + **/ + function checkAccess($user_id, $get_id=NULL) { + if ( ! $this->user->isAdmin($user_id) && (!empty($get_id) && $get_id != $user_id)) { + // User is NOT admin and tries to access an ID that is not their own + header("HTTP/1.1 401 Unauthorized"); + die("Access denied"); + } else if ($this->user->isAdmin($user_id) && !empty($get_id)) { + // User is an admin and tries to fetch another users data + $id = $get_id; + // Is it a username or a user ID + ctype_digit($_REQUEST['id']) ? $id = $get_id : $id = $this->user->getUserId($get_id); + } else { + $id = $user_id; + } + return $id; + } } $api = new Api(); $api->setConfig($config); +$api->setUser($user); $api->setSetting($setting); +$api->setStartTime($dStartTime); diff --git a/public/include/pages/api/getblockcount.inc.php b/public/include/pages/api/getblockcount.inc.php index 6764f436..978a7142 100644 --- a/public/include/pages/api/getblockcount.inc.php +++ b/public/include/pages/api/getblockcount.inc.php @@ -7,19 +7,16 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); if ($bitcoin->can_connect() === true){ - if (!$iBlock = $memcache->get('iBlock')) { - $iBlock = $bitcoin->query('getblockcount'); - $memcache->set('iBlock', $iBlock); - } + $iBlock = $bitcoin->getblockcount(); } else { $iBlock = 0; } // Output JSON format -echo json_encode(array('getblockcount' => $iBlock)); +echo $api->get_json($iBlock); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getblocksfound.inc.php b/public/include/pages/api/getblocksfound.inc.php index b238bdc3..f4770278 100644 --- a/public/include/pages/api/getblocksfound.inc.php +++ b/public/include/pages/api/getblocksfound.inc.php @@ -7,15 +7,13 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); -// Set a sane limit, overwrite with URL parameter -$iLimit = 10; -if (@$_REQUEST['limit']) - $iLimit = $_REQUEST['limit']; +// Check how many blocks to fetch +$setting->getValue('statistics_block_count') ? $iLimit = $setting->getValue('statistics_block_count') : $iLimit = 20; // Output JSON format -echo json_encode(array('getblocksfound' => $statistics->getBlocksFound($iLimit))); +echo $api->get_json($statistics->getBlocksFound($iLimit)); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getcurrentworkers.inc.php b/public/include/pages/api/getcurrentworkers.inc.php index 48864316..837b75ef 100644 --- a/public/include/pages/api/getcurrentworkers.inc.php +++ b/public/include/pages/api/getcurrentworkers.inc.php @@ -7,10 +7,10 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Output JSON format -echo json_encode(array('getcurrentworkers' => $worker->getCountAllActiveWorkers())); +echo $api->get_json($worker->getCountAllActiveWorkers()); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getdashboarddata.inc.php b/public/include/pages/api/getdashboarddata.inc.php index 850edbcd..e4c8e48c 100644 --- a/public/include/pages/api/getdashboarddata.inc.php +++ b/public/include/pages/api/getdashboarddata.inc.php @@ -6,34 +6,20 @@ if (!defined('SECURITY')) die('Hacking attempt'); // Check if the API is activated $api->isActive(); -// Check user token -$user_id = $user->checkApiKey($_REQUEST['api_key']); +// Check user token and access level permissions +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); -/** - * This check will ensure the user can do the following: - * Admin: Check any user via request id - * Regular: Check your own status - * Other: Deny access via checkApiKey - **/ -if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) { - // User is admin and tries to access an ID that is not their own - header("HTTP/1.1 401 Unauthorized"); - die("Access denied"); -} else if ($user->isAdmin($user_id)) { - // Admin, so allow any ID passed in request - $id = $_REQUEST['id']; - // Is it a username or a user ID - ctype_digit($_REQUEST['id']) ? $username = $user->getUserName($_REQUEST['id']) : $username = $_REQUEST['id']; - ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']); +// Fetch RPC information +if ($bitcoin->can_connect() === true) { + $dNetworkHashrate = $bitcoin->getnetworkhashps(); + $dDifficulty = $bitcoin->getdifficulty(); + $iBlock = $bitcoin->getblockcount(); } else { - // Not admin, only allow own user ID - $id = $user_id; - $username = $user->getUserName($id); + $dNetworkHashrate = 0; + $dDifficulty = 1; + $iBlock = 0; } -// Fetch raw RPC data -$bitcoin->can_connect() === true ? $dNetworkHashrate = $bitcoin->query('getnetworkhashps') : $dNetworkHashrate = 0; - // Some settings if ( ! $interval = $setting->getValue('statistics_ajax_data_interval')) $interval = 300; if ( ! $dPoolHashrateModifier = $setting->getValue('statistics_pool_hashrate_modifier') ) $dPoolHashrateModifier = 1; @@ -44,12 +30,12 @@ if ( ! $dNetworkHashrateModifier = $setting->getValue('statistics_network_hashra $statistics->setGetCache(false); $dPoolHashrate = $statistics->getCurrentHashrate($interval); if ($dPoolHashrate > $dNetworkHashrate) $dNetworkHashrate = $dPoolHashrate; -$dPersonalHashrate = $statistics->getUserHashrate($id, $interval); -$dPersonalSharerate = $statistics->getUserSharerate($id, $interval); +$dPersonalHashrate = $statistics->getUserHashrate($user_id, $interval); +$dPersonalSharerate = $statistics->getUserSharerate($user_id, $interval); $statistics->setGetCache(true); // Use caches for this one -$aUserRoundShares = $statistics->getUserShares($id); +$aUserRoundShares = $statistics->getUserShares($user_id); $aRoundShares = $statistics->getRoundShares(); // Apply pool modifiers @@ -58,13 +44,13 @@ $dPoolHashrateAdjusted = $dPoolHashrate * $dPoolHashrateModifier; $dNetworkHashrateAdjusted = $dNetworkHashrate / 1000 * $dNetworkHashrateModifier; // Output JSON format -echo json_encode(array($_REQUEST['action'] => array( - 'runtime' => (microtime(true) - $dTimeStart) * 1000, +$data = array( 'raw' => array( 'personal' => array( 'hashrate' => $dPersonalHashrate ), 'pool' => array( 'hashrate' => $dPoolHashrate ), 'network' => array( 'hashrate' => $dNetworkHashrate / 1000 ) ), 'personal' => array ( 'hashrate' => $dPersonalHashrateAdjusted, 'sharerate' => $dPersonalSharerate, 'shares' => $aUserRoundShares), 'pool' => array( 'hashrate' => $dPoolHashrateAdjusted, 'shares' => $aRoundShares ), - 'network' => array( 'hashrate' => $dNetworkHashrateAdjusted ), -))); + 'network' => array( 'hashrate' => $dNetworkHashrateAdjusted, 'difficulty' => $dDifficulty, 'block' => $iBlock ), +); +echo $api->get_json($data); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getdifficulty.inc.php b/public/include/pages/api/getdifficulty.inc.php index 54cc7ac9..95805548 100644 --- a/public/include/pages/api/getdifficulty.inc.php +++ b/public/include/pages/api/getdifficulty.inc.php @@ -7,17 +7,13 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Fetch data from wallet -if ($bitcoin->can_connect() === true){ - $dDifficulty = $bitcoin->getdifficulty(); -} else { - $iDifficulty = 1; -} +$bitcoin->can_connect() === true ? $dDifficulty = $bitcoin->getdifficulty() : $iDifficulty = 1; // Output JSON format -echo json_encode(array('getdifficulty' => $dDifficulty)); +echo $api->get_json($dDifficulty); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getestimatedtime.inc.php b/public/include/pages/api/getestimatedtime.inc.php index f06e28f3..91ed811d 100644 --- a/public/include/pages/api/getestimatedtime.inc.php +++ b/public/include/pages/api/getestimatedtime.inc.php @@ -7,13 +7,14 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Estimated time to find the next block $iCurrentPoolHashrate = $statistics->getCurrentHashrate() * 1000; +$bitcoin->can_connect() === true ? $dEstimatedTime = $bitcoin->getestimatedtime($iCurrentPoolHashrate) : $dEstimatedTime = 0; // Output JSON format -echo json_encode(array('getestimatedtime' => $bitcoin->getestimatedtime($iCurrentPoolHashrate))); +echo $api->get_json($dEstimatedTime); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/gethourlyhashrates.inc.php b/public/include/pages/api/gethourlyhashrates.inc.php index 776df473..54112325 100644 --- a/public/include/pages/api/gethourlyhashrates.inc.php +++ b/public/include/pages/api/gethourlyhashrates.inc.php @@ -7,25 +7,15 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$user_id = $user->checkApiKey($_REQUEST['api_key']); - -if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) { - // User is admin and tries to access an ID that is not their own - header("HTTP/1.1 401 Unauthorized"); - die("Access denied"); -} else if ($user->isAdmin($user_id)) { - // Is it a username or a user ID - ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']); -} else { - // Not admin, only allow own user ID - $id = $user_id; -} +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Output JSON format -echo json_encode(array('gethourlyhashrates' => array( +$data = array( 'mine' => $statistics->getHourlyHashrateByAccount($id), 'pool' => $statistics->getHourlyHashrateByPool() -)), JSON_FORCE_OBJECT); +); + +echo $api->json($data); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getpoolhashrate.inc.php b/public/include/pages/api/getpoolhashrate.inc.php index 3c80f426..a5985d44 100644 --- a/public/include/pages/api/getpoolhashrate.inc.php +++ b/public/include/pages/api/getpoolhashrate.inc.php @@ -7,19 +7,17 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); + +// Fetch settings +if ( ! $interval = $setting->getValue('statistics_ajax_data_interval')) $interval = 300; // Output JSON format $statistics->setGetCache(false); -$start = microtime(true); -$dPoolHashrate = $statistics->getCurrentHashrate(300); -$end = microtime(true); -$runtime = ($end - $start) * 1000; +$dPoolHashrate = $statistics->getCurrentHashrate($interval); $statistics->setGetCache(true); -echo json_encode(array('getpoolhashrate' => array( - 'runtime' => $runtime, - 'hashrate' => $dPoolHashrate, -))); + +echo $api->get_json($dPoolHashrate); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getpoolsharerate.inc.php b/public/include/pages/api/getpoolsharerate.inc.php index a87859f6..a55654be 100644 --- a/public/include/pages/api/getpoolsharerate.inc.php +++ b/public/include/pages/api/getpoolsharerate.inc.php @@ -7,7 +7,10 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); + +// Fetch settings +if ( ! $interval = $setting->getValue('statistics_ajax_data_interval')) $interval = 300; // Output JSON format echo json_encode(array('getpoolsharerate' => $statistics->getCurrentShareRate())); diff --git a/public/include/pages/api/getpoolstatus.inc.php b/public/include/pages/api/getpoolstatus.inc.php index 55864e0b..00aab39c 100644 --- a/public/include/pages/api/getpoolstatus.inc.php +++ b/public/include/pages/api/getpoolstatus.inc.php @@ -7,7 +7,7 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$user_id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Fetch last block information $aLastBlock = $block->getLast(); @@ -20,7 +20,7 @@ $aShares['valid'] > 0 ? $dEfficiency = round((100 - (100 / $aShares['valid'] * $ if ($bitcoin->can_connect() === true){ $dDifficulty = $bitcoin->getdifficulty(); $iBlock = $bitcoin->getblockcount(); - $dNetworkHashrate = $bitcoin->query('getnetworkhashps'); + $dNetworkHashrate = $bitcoin->getnetworkhashps(); } else { $dDifficulty = 1; $iBlock = 0; @@ -46,21 +46,21 @@ if (!empty($aLastBlock)) { } // Output JSON format -echo json_encode( - array( - 'getpoolstatus' => array( - 'hashrate' => $iCurrentPoolHashrate, - 'efficiency' => $dEfficiency, - 'workers' => $worker->getCountAllActiveWorkers(), - 'currentnetworkblock' => $iBlock, - 'nextnetworkblock' => $iBlock + 1, - 'lastblock' => $aLastBlock['height'], - 'networkdiff' => $dDifficulty, - 'esttime' => $iEstTime, - 'estshares' => $iEstShares, - 'timesincelast' => $dTimeSinceLast, - 'nethashrate' => $dNetworkHashrate - ))); +$data = array( + 'hashrate' => $iCurrentPoolHashrate, + 'efficiency' => $dEfficiency, + 'workers' => $worker->getCountAllActiveWorkers(), + 'currentnetworkblock' => $iBlock, + 'nextnetworkblock' => $iBlock + 1, + 'lastblock' => $aLastBlock['height'], + 'networkdiff' => $dDifficulty, + 'esttime' => $iEstTime, + 'estshares' => $iEstShares, + 'timesincelast' => $dTimeSinceLast, + 'nethashrate' => $dNetworkHashrate +); + +echo $api->get_json($data); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/gettimesincelastblock.inc.php b/public/include/pages/api/gettimesincelastblock.inc.php index 14575364..c0de01f8 100644 --- a/public/include/pages/api/gettimesincelastblock.inc.php +++ b/public/include/pages/api/gettimesincelastblock.inc.php @@ -7,21 +7,17 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Fetch our last block found $aBlocksFoundData = $statistics->getBlocksFound(1); // Time since last block $now = new DateTime( "now" ); -if (!empty($aBlocksFoundData)) { - $dTimeSinceLast = ($now->getTimestamp() - $aBlocksFoundData[0]['time']); -} else { - $dTimeSinceLast = 0; -} +! empty($aBlocksFoundData) ? $dTimeSinceLast = ($now->getTimestamp() - $aBlocksFoundData[0]['time']) : $dTimeSinceLast = 0; // Output JSON format -echo json_encode(array('gettimesincelastblock' => $dTimeSinceLast)); +echo $api->get_json($dTimeSinceLast); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getuserbalance.inc.php b/public/include/pages/api/getuserbalance.inc.php index 76462c00..d91c6865 100644 --- a/public/include/pages/api/getuserbalance.inc.php +++ b/public/include/pages/api/getuserbalance.inc.php @@ -7,23 +7,10 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$user_id = $user->checkApiKey($_REQUEST['api_key']); - -echo $user_id; - -// We have to check if that user is admin too -if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) { - header("HTTP/1.1 401 Unauthorized"); - die("Access denied"); -} else if ($user->isAdmin($user_id) && !empty($_REQUEST['id'])) { - $id = $_REQUEST['id']; - ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']); -} else { - $id = $user_id; -} +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Output JSON format -echo json_encode(array('getuserbalance' => $transaction->getBalance($id))); +echo $api->get_json($transaction->getBalance($user_id)); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getuserhashrate.inc.php b/public/include/pages/api/getuserhashrate.inc.php index c9cf6b09..2edee628 100644 --- a/public/include/pages/api/getuserhashrate.inc.php +++ b/public/include/pages/api/getuserhashrate.inc.php @@ -7,48 +7,19 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$user_id = $user->checkApiKey($_REQUEST['api_key']); - -/** - * This check will ensure the user can do the following: - * Admin: Check any user via request id - * Regular: Check your own status - * Other: Deny access via checkApiKey - **/ -if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) { - // User is admin and tries to access an ID that is not their own - header("HTTP/1.1 401 Unauthorized"); - die("Access denied"); -} else if ($user->isAdmin($user_id)) { - // Admin, so allow any ID passed in request - $id = $_REQUEST['id']; - // Is it a username or a user ID - ctype_digit($_REQUEST['id']) ? $username = $user->getUserName($_REQUEST['id']) : $username = $_REQUEST['id']; - ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']); -} else { - // Not admin, only allow own user ID - $id = $user_id; - $username = $user->getUserName($id); -} +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Fetch some settings if ( ! $interval = $setting->getValue('statistics_ajax_data_interval')) $interval = 300; // Gather un-cached data $statistics->setGetCache(false); -$start = microtime(true); -$hashrate = $statistics->getUserHashrate($id, $interval); -$end = microtime(true); -$runtime = ($end - $start)* 1000; - -// Output JSON format -echo json_encode(array('getuserhashrate' => array( - 'username' => $username, - 'runtime' => $runtime, - 'hashrate' => $hashrate -))); +$hashrate = $statistics->getUserHashrate($user_id, $interval); $statistics->setGetCache(true); +// Output JSON +echo $api->get_json($hashrate); + // Supress master template $supress_master = 1; ?> diff --git a/public/include/pages/api/getusersharerate.inc.php b/public/include/pages/api/getusersharerate.inc.php index f64572bf..23a4562d 100644 --- a/public/include/pages/api/getusersharerate.inc.php +++ b/public/include/pages/api/getusersharerate.inc.php @@ -7,44 +7,18 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$user_id = $user->checkApiKey($_REQUEST['api_key']); +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); -/** - * This check will ensure the user can do the following: - * Admin: Check any user via request id - * Regular: Check your own status - * Other: Deny access via checkApiKey - **/ -if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) { - // User is admin and tries to access an ID that is not their own - header("HTTP/1.1 401 Unauthorized"); - die("Access denied"); -} else if ($user->isAdmin($user_id)) { - // Admin, so allow any ID passed in request - $id = $_REQUEST['id']; - // Is it a username or a user ID - ctype_digit($_REQUEST['id']) ? $username = $user->getUserName($_REQUEST['id']) : $username = $_REQUEST['id']; - ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']); -} else { - // Not admin, only allow own user ID - $id = $user_id; - $username = $user->getUserName($id); -} +// Fetch settings +if ( ! $interval = $setting->getValue('statistics_ajax_data_interval')) $interval = 300; // Gather un-cached data $statistics->setGetCache(false); -$start = microtime(true); -$sharerate = $statistics->getUserSharerate($id, 60); -$end = microtime(true); -$runtime = ($end - $start)* 1000; +$sharerate = $statistics->getUserSharerate($user_id, $interval); +$statistics->setGetCache(true); // Output JSON format -echo json_encode(array('getusersharerate' => array( - 'username' => $username, - 'runtime' => $runtime, - 'sharerate' => $sharerate -))); -$statistics->setGetCache(true); +echo $api->get_json($sharerate); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getuserstatus.inc.php b/public/include/pages/api/getuserstatus.inc.php index 219be390..e7abf7c5 100644 --- a/public/include/pages/api/getuserstatus.inc.php +++ b/public/include/pages/api/getuserstatus.inc.php @@ -7,37 +7,15 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$user_id = $user->checkApiKey($_REQUEST['api_key']); - -/** - * This check will ensure the user can do the following: - * Admin: Check any user via request id - * Regular: Check your own status - * Other: Deny access via checkApiKey - **/ -if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) { - // User is admin and tries to access an ID that is not their own - header("HTTP/1.1 401 Unauthorized"); - die("Access denied"); -} else if ($user->isAdmin($user_id)) { - // Admin, so allow any ID passed in request - $id = $_REQUEST['id']; - // Is it a username or a user ID - ctype_digit($_REQUEST['id']) ? $username = $user->getUserName($_REQUEST['id']) : $username = $_REQUEST['id']; - ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']); -} else { - // Not admin, only allow own user ID - $id = $user_id; - $username = $user->getUserName($id); -} +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Output JSON format -echo json_encode(array('getuserstatus' => array( - 'username' => $username, - 'shares' => $statistics->getUserShares($id), - 'hashrate' => $statistics->getUserHashrate($id), - 'sharerate' => $statistics->getUserSharerate($id) -))); +$data = array( + 'shares' => $statistics->getUserShares($user_id), + 'hashrate' => $statistics->getUserHashrate($user_id), + 'sharerate' => $statistics->getUserSharerate($user_id) +); +echo $api->get_json($data); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/getuserworkers.inc.php b/public/include/pages/api/getuserworkers.inc.php index 06eb3411..a1f19605 100644 --- a/public/include/pages/api/getuserworkers.inc.php +++ b/public/include/pages/api/getuserworkers.inc.php @@ -7,21 +7,10 @@ if (!defined('SECURITY')) die('Hacking attempt'); $api->isActive(); // Check user token -$user_id = $user->checkApiKey($_REQUEST['api_key']); - -// We have to check if that user is admin too -if ( ! $user->isAdmin($user_id) && ($_REQUEST['id'] != $user_id && !empty($_REQUEST['id']))) { - header("HTTP/1.1 401 Unauthorized"); - die("Access denied"); -} else if ($user->isAdmin($user_id)) { - $id = $_REQUEST['id']; - ctype_digit($_REQUEST['id']) ? $id = $_REQUEST['id'] : $id = $user->getUserId($_REQUEST['id']); -} else { - $id = $user_id; -} +$user_id = $api->checkAccess($user->checkApiKey($_REQUEST['api_key']), @$_REQUEST['id']); // Output JSON format -echo json_encode(array('getuserworkers' => $worker->getWorkers($id))); +echo $api->get_json($worker->getWorkers($user_id)); // Supress master template $supress_master = 1; diff --git a/public/include/pages/api/public.inc.php b/public/include/pages/api/public.inc.php index e8be4181..f465d1a8 100644 --- a/public/include/pages/api/public.inc.php +++ b/public/include/pages/api/public.inc.php @@ -13,6 +13,7 @@ $aShares = $statistics->getRoundShares(); // RPC Calls $bitcoin->can_connect() === true ? $dNetworkHashrate = $bitcoin->getnetworkhashps() : $dNetworkHashrate = 0; +// Backwards compatible with the existing services echo json_encode( array( 'pool_name' => $setting->getValue('website_name'), diff --git a/public/index.php b/public/index.php index 1933bf8d..a5a3fd72 100644 --- a/public/index.php +++ b/public/index.php @@ -19,7 +19,7 @@ limitations under the License. */ // Used for performance calculations -$dTimeStart = microtime(true); +$dStartTime = microtime(true); // This should be okay define("BASEPATH", "./"); @@ -84,7 +84,7 @@ require_once(INCLUDE_DIR . '/smarty_globals.inc.php'); // Load debug information into template $debug->append("Loading debug information into template", 4); $smarty->assign('DebuggerInfo', $debug->getDebugInfo()); -$smarty->assign('RUNTIME', (microtime(true) - $dTimeStart) * 1000); +$smarty->assign('RUNTIME', (microtime(true) - $dStartTime) * 1000); // Display our page if (!@$supress_master) $smarty->display("master.tpl", $smarty_cache_key); diff --git a/public/templates/test/dashboard/js.tpl b/public/templates/test/dashboard/js.tpl index f53c944b..b4270759 100644 --- a/public/templates/test/dashboard/js.tpl +++ b/public/templates/test/dashboard/js.tpl @@ -88,30 +88,30 @@ $(document).ready(function(){ // Helper to initilize gauges function initGauges(data) { - g1 = new JustGage({id: "nethashrate", value: parseFloat(data.getdashboarddata.network.hashrate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.network.hashrate * 2), title: "Net Hashrate", label: "{/literal}{$GLOBAL.hashunits.network}{literal}"}); - g2 = new JustGage({id: "poolhashrate", value: parseFloat(data.getdashboarddata.pool.hashrate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.pool.hashrate * 2), title: "Pool Hashrate", label: "{/literal}{$GLOBAL.hashunits.pool}{literal}"}); - g3 = new JustGage({id: "hashrate", value: parseFloat(data.getdashboarddata.personal.hashrate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.personal.hashrate * 2), title: "Hashrate", label: "{/literal}{$GLOBAL.hashunits.personal}{literal}"}); - g4 = new JustGage({id: "sharerate", value: parseFloat(data.getdashboarddata.personal.sharerate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.personal.sharerate * 2), title: "Sharerate", label: "shares/s"}); + g1 = new JustGage({id: "nethashrate", value: parseFloat(data.getdashboarddata.data.network.hashrate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.data.network.hashrate * 2), title: "Net Hashrate", label: "{/literal}{$GLOBAL.hashunits.network}{literal}"}); + g2 = new JustGage({id: "poolhashrate", value: parseFloat(data.getdashboarddata.data.pool.hashrate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.data.pool.hashrate * 2), title: "Pool Hashrate", label: "{/literal}{$GLOBAL.hashunits.pool}{literal}"}); + g3 = new JustGage({id: "hashrate", value: parseFloat(data.getdashboarddata.data.personal.hashrate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.data.personal.hashrate * 2), title: "Hashrate", label: "{/literal}{$GLOBAL.hashunits.personal}{literal}"}); + g4 = new JustGage({id: "sharerate", value: parseFloat(data.getdashboarddata.data.personal.sharerate).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.data.personal.sharerate * 2), title: "Sharerate", label: "shares/s"}); g5 = new JustGage({id: "querytime", value: parseFloat(data.getdashboarddata.runtime).toFixed(2), min: 0, max: Math.round(data.getdashboarddata.runtime * 3), title: "Querytime", label: "ms"}); } // Helper to refresh graphs function refreshInformation(data) { - g1.refresh(parseFloat(data.getdashboarddata.network.hashrate).toFixed(2)); - g2.refresh(parseFloat(data.getdashboarddata.pool.hashrate).toFixed(2)); - g3.refresh(parseFloat(data.getdashboarddata.personal.hashrate).toFixed(2)); - g4.refresh(parseFloat(data.getdashboarddata.personal.sharerate).toFixed(2)); + g1.refresh(parseFloat(data.getdashboarddata.data.network.hashrate).toFixed(2)); + g2.refresh(parseFloat(data.getdashboarddata.data.pool.hashrate).toFixed(2)); + g3.refresh(parseFloat(data.getdashboarddata.data.personal.hashrate).toFixed(2)); + g4.refresh(parseFloat(data.getdashboarddata.data.personal.sharerate).toFixed(2)); g5.refresh(parseFloat(data.getdashboarddata.runtime).toFixed(2)); if (storedPersonalHashrate.length > 20) { storedPersonalHashrate.shift(); } if (storedPoolHashrate.length > 20) { storedPoolHashrate.shift(); } if (storedPersonalSharerate.length > 20) { storedPersonalSharerate.shift(); } timeNow = new Date().getTime(); - storedPersonalHashrate[storedPersonalHashrate.length] = [timeNow, data.getdashboarddata.raw.personal.hashrate]; - storedPersonalSharerate[storedPersonalSharerate.length] = [timeNow, parseFloat(data.getdashboarddata.personal.sharerate)]; - storedPoolHashrate[storedPoolHashrate.length] = [timeNow, data.getdashboarddata.raw.pool.hashrate]; + storedPersonalHashrate[storedPersonalHashrate.length] = [timeNow, data.getdashboarddata.data.raw.personal.hashrate]; + storedPersonalSharerate[storedPersonalSharerate.length] = [timeNow, parseFloat(data.getdashboarddata.data.personal.sharerate)]; + storedPoolHashrate[storedPoolHashrate.length] = [timeNow, data.getdashboarddata.data.raw.pool.hashrate]; tempShareinfoData = [ - [parseInt(data.getdashboarddata.personal.shares.valid), parseInt(data.getdashboarddata.personal.shares.invalid)], - [parseInt(data.getdashboarddata.pool.shares.valid), parseInt(data.getdashboarddata.pool.shares.invalid)] + [parseInt(data.getdashboarddata.data.personal.shares.valid), parseInt(data.getdashboarddata.data.personal.shares.invalid)], + [parseInt(data.getdashboarddata.data.pool.shares.valid), parseInt(data.getdashboarddata.data.pool.shares.invalid)] ]; replotOverviewOptions = { data: [storedPersonalHashrate, storedPoolHashrate, storedPersonalSharerate],