From cfb95478f9d9390d2383de2d3b0bdd3118490a77 Mon Sep 17 00:00:00 2001
From: unknown <13521043@std.stei.itb.ac.id>
Date: Tue, 31 Oct 2023 09:42:53 +0700
Subject: [PATCH] Implement Api Key
---
src/admin/add/index.php | 3 +++
src/admin/city/add/index.php | 3 +++
src/admin/city/edit/index.php | 3 +++
src/admin/city/index.php | 3 +++
src/admin/edit/index.php | 3 +++
src/admin/edit/media/index.php | 3 +++
src/admin/gym/index.php | 3 +++
src/admin/index.php | 1 +
src/home/gym/index.php | 3 +++
src/home/index.php | 1 +
src/login/index.php | 3 +++
src/public/css/style.css | 2 +-
src/public/javascript/admin.js | 1 +
src/public/javascript/city.js | 3 +++
src/public/javascript/gym/filter.js | 1 +
src/public/javascript/gym/gym.js | 6 +++---
src/public/javascript/gym/rating.js | 5 +++++
src/public/javascript/gym/search.js | 1 +
src/public/javascript/user.js | 5 +++++
src/setting/account/edit/index.php | 3 +++
src/setting/index.php | 3 +++
src/signup/index.php | 3 +++
22 files changed, 58 insertions(+), 4 deletions(-)
diff --git a/src/admin/add/index.php b/src/admin/add/index.php
index e193829..867e12b 100644
--- a/src/admin/add/index.php
+++ b/src/admin/add/index.php
@@ -37,6 +37,9 @@ AuthMiddleware::getInstance()->secureRoute(true);
</div>
<div class="app">
+ <script>
+ const apikey = <?php echo json_encode($_ENV['API_KEY']) ?>;
+ </script>
<?= NavbarAdmin() ?>
<div class="authentication-form-wrapper">
diff --git a/src/admin/city/add/index.php b/src/admin/city/add/index.php
index 3ad65de..af6bf68 100644
--- a/src/admin/city/add/index.php
+++ b/src/admin/city/add/index.php
@@ -40,6 +40,9 @@ AuthMiddleware::getInstance()->secureRoute(true);
</div>
<div class="app">
+ <script>
+ const apikey = <?php echo json_encode($_ENV['API_KEY']) ?>;
+ </script>
<?php
echo NavbarAdmin();
?>
diff --git a/src/admin/city/edit/index.php b/src/admin/city/edit/index.php
index 450f599..294d0f4 100644
--- a/src/admin/city/edit/index.php
+++ b/src/admin/city/edit/index.php
@@ -22,6 +22,9 @@ AuthMiddleware::getInstance()->secureRoute(true);
<body>
<div class="app">
+ <script>
+ const apikey = <?php echo json_encode($_ENV['API_KEY']) ?>;
+ </script>
<?php
echo NavbarAdmin();
?>
diff --git a/src/admin/city/index.php b/src/admin/city/index.php
index faf6b8f..7829f64 100644
--- a/src/admin/city/index.php
+++ b/src/admin/city/index.php
@@ -21,6 +21,9 @@ AuthMiddleware::getInstance()->secureRoute(true);
<body>
<div class="app">
+ <script>
+ const apikey = <?php echo json_encode($_ENV['API_KEY']) ?>;
+ </script>
<?php
echo NavbarAdmin();
?>
diff --git a/src/admin/edit/index.php b/src/admin/edit/index.php
index f38e796..dda46c5 100644
--- a/src/admin/edit/index.php
+++ b/src/admin/edit/index.php
@@ -36,6 +36,9 @@ AuthMiddleware::getInstance()->secureRoute(true);
</div>
<div class="app">
+ <script>
+ const apikey = <?php echo json_encode($_ENV['API_KEY']) ?>;
+ </script>
<?php
echo NavbarAdmin();
?>
diff --git a/src/admin/edit/media/index.php b/src/admin/edit/media/index.php
index 16d152b..6a72c6c 100644
--- a/src/admin/edit/media/index.php
+++ b/src/admin/edit/media/index.php
@@ -22,6 +22,9 @@ AuthMiddleware::getInstance()->secureRoute(true);
<body>
<div class="app">
+ <script>
+ const apikey = <?php echo json_encode($_ENV['API_KEY']) ?>;
+ </script>
<?php
echo NavbarAdmin();
?>
diff --git a/src/admin/gym/index.php b/src/admin/gym/index.php
index 1a07ca6..9373c45 100644
--- a/src/admin/gym/index.php
+++ b/src/admin/gym/index.php
@@ -25,6 +25,9 @@ AuthMiddleware::getInstance()->secureRoute(true);
<body>
<div class="app">
+ <script>
+ const apikey = <?php echo json_encode($_ENV['API_KEY']) ?>;
+ </script>
<?php
echo NavbarAdmin();
?>
diff --git a/src/admin/index.php b/src/admin/index.php
index 3683995..1d58757 100644
--- a/src/admin/index.php
+++ b/src/admin/index.php
@@ -46,6 +46,7 @@ $selectedSorting = $_GET["sorting"] ?? null;
const priceRangeOption = <?php echo json_encode($priceRangeOption) ?>;
const itemInPage = <?php echo json_encode($itemInPage) ?>;
const searching = <?php echo json_encode($searching) ?>;
+ const apikey = <?php echo json_encode($_ENV['API_KEY']) ?>;
</script>
<?php
echo NavbarAdmin();
diff --git a/src/home/gym/index.php b/src/home/gym/index.php
index 93c1d11..c9e32d0 100644
--- a/src/home/gym/index.php
+++ b/src/home/gym/index.php
@@ -35,6 +35,9 @@ $gym = GymService::getInstance()->getById($gym_id);
<body>
<div class="app">
+ <script>
+ const apikey = <?php echo json_encode($_ENV['API_KEY']) ?>;
+ </script>
<?php
echo Navbar();
?>
diff --git a/src/home/index.php b/src/home/index.php
index 0b58f84..0c0bc46 100644
--- a/src/home/index.php
+++ b/src/home/index.php
@@ -46,6 +46,7 @@ $selectedSorting = $_GET["sorting"] ?? null;
const priceRangeOption = <?php echo json_encode($priceRangeOption) ?>;
const itemInPage = <?php echo json_encode($itemInPage) ?>;
const searching = <?php echo json_encode($searching) ?>;
+ const apikey = <?php echo json_encode($_ENV['API_KEY']) ?>;
</script>
<?php
echo Navbar();
diff --git a/src/login/index.php b/src/login/index.php
index eff88c3..c7659cc 100644
--- a/src/login/index.php
+++ b/src/login/index.php
@@ -23,6 +23,9 @@ AuthMiddleware::getInstance()->unsecureRouteLogin();
</head>
<body>
+ <script>
+ const apikey = <?php echo json_encode($_ENV['API_KEY']) ?>;
+ </script>
<div class="authentication-form-wrapper">
<div>
<button class="authentication-pages-button" id="login-button-on-login">LOGIN</button>
diff --git a/src/public/css/style.css b/src/public/css/style.css
index 021cea1..836d0eb 100644
--- a/src/public/css/style.css
+++ b/src/public/css/style.css
@@ -261,7 +261,7 @@ input.input-search {
justify-content: center;
align-items: center;
flex-shrink: 0;
- border: 1px solid var(--border-standard);
+ /* border: 1px solid var(--border-standard); */
background: var(--navbar-color);
color: var(--text-light);
text-align: center;
diff --git a/src/public/javascript/admin.js b/src/public/javascript/admin.js
index 11861d1..f016e1c 100644
--- a/src/public/javascript/admin.js
+++ b/src/public/javascript/admin.js
@@ -25,5 +25,6 @@ function deleteGymCall(gymId) {
};
xhr.open("DELETE", `/api/gym?gym_id=${gymId}`, true);
+ xhr.setRequestHeader("X-API-KEY", apikey);
xhr.send();
}
diff --git a/src/public/javascript/city.js b/src/public/javascript/city.js
index 1843d65..d745324 100644
--- a/src/public/javascript/city.js
+++ b/src/public/javascript/city.js
@@ -13,6 +13,7 @@ function addCityCall() {
};
xhr.open("POST", `/api/city/`, true);
+ xhr.setRequestHeader("X-API-KEY", apikey);
xhr.send(
JSON.stringify({
name: document.getElementById("city-name-field").value,
@@ -34,6 +35,7 @@ function editCityCall(cityId, newName) {
};
xhr.open("PUT", `/api/city/`, true);
+ xhr.setRequestHeader("X-API-KEY", apikey);
xhr.send(
JSON.stringify({
city_id: cityId,
@@ -56,5 +58,6 @@ function deleteCityCall(cityId) {
};
xhr.open("DELETE", `/api/city?city_id=${cityId}`, true);
+ xhr.setRequestHeader("X-API-KEY", apikey);
xhr.send();
}
diff --git a/src/public/javascript/gym/filter.js b/src/public/javascript/gym/filter.js
index 5486e4c..bd07588 100644
--- a/src/public/javascript/gym/filter.js
+++ b/src/public/javascript/gym/filter.js
@@ -30,6 +30,7 @@ function getFilteredGyms(){
};
xhr.open("PUT", `/api/gym/filter`, true);
+ xhr.setRequestHeader("X-API-KEY", apikey);
xhr.send(jsonParams);
}
// check if the params has a gym_name
diff --git a/src/public/javascript/gym/gym.js b/src/public/javascript/gym/gym.js
index b9d7f3b..caa004c 100644
--- a/src/public/javascript/gym/gym.js
+++ b/src/public/javascript/gym/gym.js
@@ -35,7 +35,7 @@ function addGymCall() {
"monthly-price",
document.getElementById("monthly-price-field").value
);
-
+ xhr.setRequestHeader("X-API-KEY", apikey);
xhr.send(formData);
}
@@ -71,7 +71,7 @@ function editGymCall() {
"monthly-price",
document.getElementById("monthly-price-field").value
);
-
+ xhr.setRequestHeader("X-API-KEY", apikey);
xhr.send(
JSON.stringify({
gym_id: document.getElementById("gym-id-field").value,
@@ -112,6 +112,6 @@ function editGymMediaCall() {
if (videoInput.files.length > 0) {
formData.append("gym-video", videoInput.files[0]);
}
-
+ xhr.setRequestHeader("X-API-KEY", apikey);
xhr.send(formData);
}
diff --git a/src/public/javascript/gym/rating.js b/src/public/javascript/gym/rating.js
index 09e07d5..a0ef8bc 100644
--- a/src/public/javascript/gym/rating.js
+++ b/src/public/javascript/gym/rating.js
@@ -44,6 +44,7 @@ function getRatings(gymId, username) {
};
xhr.open("GET", `/api/gym/rating?gym_id=${gymId}`, true);
+ xhr.setRequestHeader("X-API-KEY", apikey);
xhr.send();
}
@@ -65,6 +66,7 @@ function updateAvgRatingCall(gymId) {
}
};
xhr.open("PATCH", `/api/gym/`, true);
+ xhr.setRequestHeader("X-API-KEY", apikey);
xhr.send(JSON.stringify({ gym_id: gymId, update_rating: 'true' }));
}
@@ -85,6 +87,7 @@ function newRatingCall(gymId) {
xhr.open("POST", `/api/gym/rating/`, true);
xhr.setRequestHeader("Content-type", "application/json");
+ xhr.setRequestHeader("X-API-KEY", apikey);
xhr.send(JSON.stringify({ gym_id: gymId, new_rating: getRating() }));
}
@@ -104,6 +107,7 @@ function updateRatingCall(gymId) {
};
xhr.open("PUT", `/api/gym/rating/`, true);
+ xhr.setRequestHeader("X-API-KEY", apikey);
xhr.send(JSON.stringify({ gym_id: gymId, new_rating: getRating() }));
}
@@ -124,6 +128,7 @@ function deleteRatingCall(gymId) {
};
xhr.open("DELETE", `/api/gym/rating?gym_id=${gymId}`, true);
+ xhr.setRequestHeader("X-API-KEY", apikey);
xhr.send();
}
diff --git a/src/public/javascript/gym/search.js b/src/public/javascript/gym/search.js
index cdcf1af..dc079d2 100644
--- a/src/public/javascript/gym/search.js
+++ b/src/public/javascript/gym/search.js
@@ -43,6 +43,7 @@ function callSearchGym(gym_name) {
};
xhr.open("GET", `/api/gym/`, true);
+ xhr.setRequestHeader("X-API-KEY", apikey);
xhr.send();
}
diff --git a/src/public/javascript/user.js b/src/public/javascript/user.js
index 775e3ec..40f10e0 100644
--- a/src/public/javascript/user.js
+++ b/src/public/javascript/user.js
@@ -18,6 +18,7 @@ function editUserCall() {
const cityId = document.getElementById("city-change").value;
const password = document.getElementById("password-field").value;
+ xhr.setRequestHeader("X-API-KEY", apikey);
xhr.send(
JSON.stringify({
username: username,
@@ -43,6 +44,7 @@ function logoutCall() {
};
xhr.open("POST", `/api/logout/`, true);
+ xhr.setRequestHeader("X-API-KEY", apikey);
xhr.send();
}
@@ -65,6 +67,7 @@ function loginCall() {
};
xhr.open("POST", `/api/login/`, true);
+ xhr.setRequestHeader("X-API-KEY", apikey);
xhr.send(
JSON.stringify({
username: document.getElementById("username-field").value,
@@ -92,6 +95,7 @@ function signupCall() {
};
xhr.open("POST", `/api/signup/`, true);
+ xhr.setRequestHeader("X-API-KEY", apikey);
xhr.send(
JSON.stringify({
username: document.getElementById("username-field").value,
@@ -120,5 +124,6 @@ function deleteAccountCall() {
};
xhr.open("DELETE", `/api/user/`, true);
+ xhr.setRequestHeader("X-API-KEY", apikey);
xhr.send();
}
diff --git a/src/setting/account/edit/index.php b/src/setting/account/edit/index.php
index a192899..0507cab 100644
--- a/src/setting/account/edit/index.php
+++ b/src/setting/account/edit/index.php
@@ -28,6 +28,9 @@ AuthMiddleware::getInstance()->unsecureRoute();
<?php
echo Navbar();
?>
+ <script>
+ const apikey = <?php echo json_encode($_ENV['API_KEY']) ?>;
+ </script>
<?php
$user = UserService::getInstance()->getUser();
?>
diff --git a/src/setting/index.php b/src/setting/index.php
index e65ce6a..0cf22b3 100644
--- a/src/setting/index.php
+++ b/src/setting/index.php
@@ -25,6 +25,9 @@ AuthMiddleware::getInstance()->unsecureRoute();
<?php
echo Navbar();
?>
+ <script>
+ const apikey = <?php echo json_encode($_ENV['API_KEY']) ?>;
+ </script>
<h1 class="first-line-title">
<img class="setting-icon" src="/public/icon/setting.svg" alt="icon" style="width: 38px;height: 38px;">
Setting
diff --git a/src/signup/index.php b/src/signup/index.php
index 39a33a3..ce65c82 100644
--- a/src/signup/index.php
+++ b/src/signup/index.php
@@ -26,6 +26,9 @@ session_start();
</head>
<body>
+ <script>
+ const apikey = <?php echo json_encode($_ENV['API_KEY']) ?>;
+ </script>
<div class="authentication-form-wrapper">
<div>
<button onclick="location.href = '../login'" class="authentication-pages-button"
--
GitLab