Disable API endpoints.

2025-02-25 18:45:27 -06:00 · 2023-12-29 08:42:03 +01:00 · 2023-12-29 08:42:03 +01:00 · e4d91aa337
commit e4d91aa337
parent 4e6fc8e2a2
7 changed files with 64 additions and 0 deletions
--- a/app/Api/V1/Controllers/Webhook/AttemptController.php
+++ b/app/Api/V1/Controllers/Webhook/AttemptController.php
@ -36,6 +36,7 @@ use Illuminate\Support\Facades\Log;
 use League\Fractal\Pagination\IlluminatePaginatorAdapter;
 use League\Fractal\Resource\Collection as FractalCollection;
 use League\Fractal\Resource\Item;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

 /**
 * Class AttemptController
@ -69,7 +70,12 @@ class AttemptController extends Controller
        if ($message->webhook_id !== $webhook->id) {
            throw new FireflyException('200040: Webhook and webhook message are no match');
        }
+        if(false === config('firefly.allow_webhooks')) {
+            throw new NotFoundHttpException('Webhooks are not enabled.');
+        }
        Log::channel('audit')->info(sprintf('User lists webhook attempts of webhook #%d and message #%d.', $webhook->id, $message->id));
+
+
        $manager    = $this->getManager();
        $pageSize   = $this->parameters->get('limit');
        $collection = $this->repository->getAttempts($message);
@ -107,6 +113,12 @@ class AttemptController extends Controller
            throw new FireflyException('200041: Webhook message and webhook attempt are no match');
        }

+        if(false === config('firefly.allow_webhooks')) {
+            throw new NotFoundHttpException('Webhooks are not enabled.');
+        }
+
+        Log::channel('audit')->info(sprintf('User views single webhook attempt #%d of webhook #%d and message #%d.', $attempt->id, $webhook->id, $message->id));
+
        $manager = $this->getManager();

        /** @var WebhookAttemptTransformer $transformer */
--- a/app/Api/V1/Controllers/Webhook/DestroyController.php
+++ b/app/Api/V1/Controllers/Webhook/DestroyController.php
@ -32,6 +32,7 @@ use FireflyIII\Models\WebhookMessage;
 use FireflyIII\Repositories\Webhook\WebhookRepositoryInterface;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Support\Facades\Log;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

 /**
 * Class DestroyController
@ -61,6 +62,10 @@ class DestroyController extends Controller
     */
    public function destroy(Webhook $webhook): JsonResponse
    {
+        if(false === config('firefly.allow_webhooks')) {
+            throw new NotFoundHttpException('Webhooks are not enabled.');
+        }
+
        Log::channel('audit')->info(sprintf('User destroys webhook #%d.', $webhook->id));
        $this->repository->destroy($webhook);
        app('preferences')->mark();
@ -84,8 +89,14 @@ class DestroyController extends Controller
        if ($attempt->webhook_message_id !== $message->id) {
            throw new FireflyException('200041: Webhook message and webhook attempt are no match');
        }
+
+        if (false === config('firefly.allow_webhooks')) {
+            throw new NotFoundHttpException('Webhooks are not enabled.');
+        }
+
        Log::channel('audit')->info(sprintf('User destroys webhook #%d, message #%d, attempt #%d.', $webhook->id, $message->id, $attempt->id));

+
        $this->repository->destroyAttempt($attempt);
        app('preferences')->mark();

@ -106,6 +117,11 @@ class DestroyController extends Controller
        if ($message->webhook_id !== $webhook->id) {
            throw new FireflyException('200040: Webhook and webhook message are no match');
        }
+
+        if(false === config('firefly.allow_webhooks')) {
+            throw new NotFoundHttpException('Webhooks are not enabled.');
+        }
+
        $this->repository->destroyMessage($message);
        app('preferences')->mark();

--- a/app/Api/V1/Controllers/Webhook/MessageController.php
+++ b/app/Api/V1/Controllers/Webhook/MessageController.php
@ -35,6 +35,7 @@ use Illuminate\Support\Facades\Log;
 use League\Fractal\Pagination\IlluminatePaginatorAdapter;
 use League\Fractal\Resource\Collection as FractalCollection;
 use League\Fractal\Resource\Item;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

 /**
 * Class MessageController
@ -65,6 +66,9 @@ class MessageController extends Controller
     */
    public function index(Webhook $webhook): JsonResponse
    {
+        if(false === config('firefly.allow_webhooks')) {
+            throw new NotFoundHttpException('Webhooks are not enabled.');
+        }
        Log::channel('audit')->info(sprintf('User views messages of webhook #%d.', $webhook->id));
        $manager    = $this->getManager();
        $pageSize   = $this->parameters->get('limit');
@ -100,6 +104,10 @@ class MessageController extends Controller
        if ($message->webhook_id !== $webhook->id) {
            throw new FireflyException('200040: Webhook and webhook message are no match');
        }
+        if(false === config('firefly.allow_webhooks')) {
+            throw new NotFoundHttpException('Webhooks are not enabled.');
+        }
+
        Log::channel('audit')->info(sprintf('User views message #%d of webhook #%d.', $message->id, $webhook->id));

        $manager = $this->getManager();
--- a/app/Api/V1/Controllers/Webhook/ShowController.php
+++ b/app/Api/V1/Controllers/Webhook/ShowController.php
@ -38,6 +38,7 @@ use Illuminate\Support\Facades\Log;
 use League\Fractal\Pagination\IlluminatePaginatorAdapter;
 use League\Fractal\Resource\Collection as FractalCollection;
 use League\Fractal\Resource\Item;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

 /**
 * Class ShowController
@ -70,6 +71,10 @@ class ShowController extends Controller
     */
    public function index(): JsonResponse
    {
+        if(false === config('firefly.allow_webhooks')) {
+            throw new NotFoundHttpException('Webhooks are not enabled.');
+        }
+
        Log::channel('audit')->info('User views all webhooks.');
        $manager    = $this->getManager();
        $collection = $this->repository->all();
@ -99,6 +104,10 @@ class ShowController extends Controller
     */
    public function show(Webhook $webhook): JsonResponse
    {
+        if(false === config('firefly.allow_webhooks')) {
+            throw new NotFoundHttpException('Webhooks are not enabled.');
+        }
+
        Log::channel('audit')->info(sprintf('User views webhook #%d.', $webhook->id));
        $manager = $this->getManager();

@ -118,6 +127,10 @@ class ShowController extends Controller
     */
    public function triggerTransaction(Webhook $webhook, TransactionGroup $group): JsonResponse
    {
+        if(false === config('firefly.allow_webhooks')) {
+            throw new NotFoundHttpException('Webhooks are not enabled.');
+        }
+
        app('log')->debug(sprintf('Now in triggerTransaction(%d, %d)', $webhook->id, $group->id));
        Log::channel('audit')->info(sprintf('User triggers webhook #%d on transaction group #%d.', $webhook->id, $group->id));

--- a/app/Api/V1/Controllers/Webhook/StoreController.php
+++ b/app/Api/V1/Controllers/Webhook/StoreController.php
@ -30,6 +30,7 @@ use FireflyIII\Transformers\WebhookTransformer;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Support\Facades\Log;
 use League\Fractal\Resource\Item;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

 /**
 * Class StoreController
@ -58,6 +59,10 @@ class StoreController extends Controller
     */
    public function store(CreateRequest $request): JsonResponse
    {
+        if(false === config('firefly.allow_webhooks')) {
+            throw new NotFoundHttpException('Webhooks are not enabled.');
+        }
+
        $data    = $request->getData();
        $webhook = $this->repository->store($data);
        $manager = $this->getManager();
--- a/app/Api/V1/Controllers/Webhook/SubmitController.php
+++ b/app/Api/V1/Controllers/Webhook/SubmitController.php
@ -29,6 +29,7 @@ use FireflyIII\Models\Webhook;
 use FireflyIII\Repositories\Webhook\WebhookRepositoryInterface;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Support\Facades\Log;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

 /**
 * Class SubmitController
@ -56,6 +57,10 @@ class SubmitController extends Controller
     */
    public function submit(Webhook $webhook): JsonResponse
    {
+        if(false === config('firefly.allow_webhooks')) {
+            throw new NotFoundHttpException('Webhooks are not enabled.');
+        }
+
        Log::channel('audit')->info(sprintf('User submits webhook #%d', $webhook->id));
        // count messages that can be sent.
        $messages = $this->repository->getReadyMessages($webhook);
--- a/app/Api/V1/Controllers/Webhook/UpdateController.php
+++ b/app/Api/V1/Controllers/Webhook/UpdateController.php
@ -31,6 +31,7 @@ use FireflyIII\Transformers\WebhookTransformer;
 use Illuminate\Http\JsonResponse;
 use Illuminate\Support\Facades\Log;
 use League\Fractal\Resource\Item;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

 /**
 * Class UpdateController
@ -58,6 +59,10 @@ class UpdateController extends Controller
     */
    public function update(Webhook $webhook, UpdateRequest $request): JsonResponse
    {
+        if(false === config('firefly.allow_webhooks')) {
+            throw new NotFoundHttpException('Webhooks are not enabled.');
+        }
+        
        $data    = $request->getData();
        $webhook = $this->repository->update($webhook, $data);
        $manager = $this->getManager();