Fix FLEXIAPI-264 Add -k|api_key_ip parameter to accounts:create-admin-account...

2026-01-17 10:08:05 +00:00 · 2025-02-03 16:20:49 +00:00 · 2025-02-03 16:20:49 +00:00 · 82fc56b203
commit 82fc56b203
parent b8bc5d5b58
7 changed files with 13 additions and 12 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -18,6 +18,7 @@ v1.6
 - Fix FLEXIAPI-252 Update the hCaptcha Laravel library, use file instead of cookies to store the session to prevent empty errors bags
 - Fix FLEXIAPI-254 Allow no data on POST requests to not trigger the ValidateJSON middleware
 - Fix FLEXIAPI-262 Bypass the JWT auth if we have an API Key
+- Fix FLEXIAPI-264 Add -k|api_key_ip parameter to accounts:create-admin-account to set/clear the related API Key restriction

 v1.5
 ---
--- a/README.md
+++ b/README.md
@ -156,11 +156,11 @@ Create or update a SIP Domain, required to then create accounts afterward. The `

 ### Create an admin account

-Create an admin account, an API Key will also be generated along the way, it might expire after a while.
+Create an admin account, an API Key will also be generated along the way, it might expire after a while (regarding the API Key expiration policy). An empty `api_key_ip` will remove the IP restriction on the key.

 If no parameters are put, a default admin account will be created.

-    php artisan accounts:create-admin-account {-u|username=} {-p|password=} {-d|domain=}
+    php artisan accounts:create-admin-account {-u|username=} {-p|password=} {-d|domain=} {-k|api_key_ip=}

 ### Clear the expired API Keys

--- a/flexiapi/app/Account.php
+++ b/flexiapi/app/Account.php
@ -347,7 +347,7 @@ class Account extends Authenticatable
        return ($this->activationExpiration && $this->activationExpiration->isExpired());
    }

-    public function generateApiKey(?Request $request = null): ApiKey
+    public function generateApiKey(?string $ip = null): ApiKey
    {
        $this->apiKey()->delete();

@ -355,7 +355,7 @@ class Account extends Authenticatable
        $apiKey->account_id = $this->id;
        $apiKey->last_used_at = Carbon::now();
        $apiKey->key = Str::random(40);
-        $apiKey->ip = $request ? $request->ip() : '127.0.0.1';
+        $apiKey->ip = $ip;
        $apiKey->save();

        return $apiKey;
--- a/flexiapi/app/Console/Commands/Accounts/CreateAdminAccount.php
+++ b/flexiapi/app/Console/Commands/Accounts/CreateAdminAccount.php
@ -27,8 +27,8 @@ use App\SipDomain;

 class CreateAdminAccount extends Command
 {
-    protected $signature = 'accounts:create-admin-account {--u|username=} {--p|password=} {--d|domain=}';
-    protected $description = 'Create an admin account';
+    protected $signature = 'accounts:create-admin-account {--u|username=} {--p|password=} {--d|domain=} {--k|api_key_ip=}';
+    protected $description = 'Create an admin account and generate an API Key';

    public function __construct()
    {
@ -90,10 +90,10 @@ class CreateAdminAccount extends Command
        $account->created_at = Carbon::now()->subYears(3);
        $account->save();

-        $account->generateApiKey();
+        $account->generateApiKey(ip: $this->option('api_key_ip') ?? null);
        $account->updatePassword($password);

-        $this->info('Admin test account created: "' . $username . '@' . $domain . '" | Password: "' . $password . '" | API Key: "' . $account->apiKey->key . '"');
+        $this->info('Admin test account created: "' . $username . '@' . $domain . '" | Password: "' . $password . '" | API Key: "' . $account->apiKey->key . '" (valid on ' . ($account->apiKey->ip ?? 'any') . ' ip)');

        return 0;
    }
--- a/flexiapi/app/Http/Controllers/Account/ApiKeyController.php
+++ b/flexiapi/app/Http/Controllers/Account/ApiKeyController.php
@ -34,7 +34,7 @@ class ApiKeyController extends Controller
    public function update(Request $request)
    {
        $account = $request->user();
-        $account->generateApiKey($request);
+        $account->generateApiKey($request->ip());

        return redirect()->back();
    }
--- a/flexiapi/app/Http/Controllers/Api/Account/ApiKeyController.php
+++ b/flexiapi/app/Http/Controllers/Api/Account/ApiKeyController.php
@ -29,7 +29,7 @@ class ApiKeyController extends Controller
    public function generate(Request $request)
    {
        $account = $request->user();
-        $account->generateApiKey($request);
+        $account->generateApiKey($request->ip());

        $account->refresh();
        Cookie::queue('x-api-key', $account->apiKey->key, config('app.api_key_expiration_minutes'));
@ -42,7 +42,7 @@ class ApiKeyController extends Controller
        $authToken = AuthToken::where('token', $token)->valid()->firstOrFail();

        if ($authToken->account) {
-            $authToken->account->generateApiKey($request);
+            $authToken->account->generateApiKey($request->ip());

            $authToken->account->refresh();
            Cookie::queue('x-api-key', $authToken->account->apiKey->key, config('app.api_key_expiration_minutes'));
--- a/flexiapi/resources/views/admin/account/activity/index.blade.php
+++ b/flexiapi/resources/views/admin/account/activity/index.blade.php
@ -38,7 +38,7 @@
                    {{ $account->apiKey->last_used_at }}
                </td>
                <td>
-                    {{ $account->apiKey->ip ?? '-' }}
+                    {{ $account->apiKey->ip ?? '*' }}
                </td>
                <td>
                    {{ $account->apiKey->requests }}