Skip to content

Commit ab8bfdd

Browse files
jaapmarcusjaapmarcus
authored
Return an exit code instead of text (hestiacp#3235)
When requested
1 parent eefa08b commit ab8bfdd

File tree

1 file changed

+12
-13
lines changed

1 file changed

+12
-13
lines changed

web/api/index.php

Lines changed: 12 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -40,7 +40,11 @@ function api_error($exit_code, $message, bool $add_log = false, $user = "system"
4040
$http_code = $exit_code >= 100 ? $exit_code : exit_code_to_http_code($exit_code);
4141
header("Hestia-Exit-Code: $exit_code");
4242
http_response_code($http_code);
43-
echo !preg_match("/^Error:/", $message) ? "Error: $message" : $message;
43+
if ($hst_return == "code") {
44+
echo $exit_code;
45+
} else {
46+
echo !preg_match("/^Error:/", $message) ? "Error: $message" : $message;
47+
}
4448
exit();
4549
}
4650

@@ -58,29 +62,26 @@ function api_legacy(array $request_data) {
5862

5963
if ($settings["config"]["API"] != "yes") {
6064
echo "Error: API has been disabled";
61-
exit();
65+
api_error(E_DISABLED, "Error: API Disabled");
6266
}
6367

6468
if ($settings["config"]["API_ALLOWED_IP"] != "allow-all") {
6569
$ip_list = explode(",", $settings["config"]["API_ALLOWED_IP"]);
6670
$ip_list[] = "";
6771
if (!in_array(get_real_user_ip(), $ip_list)) {
68-
echo "Error: IP is not allowed to connect with API";
69-
exit();
72+
api_error(E_FORBIDDEN, "Error: IP is not allowed to connect with API");
7073
}
7174
}
7275

7376
//This exists, so native JSON can be used without the repeating the code twice, so future code changes are easier and don't need to be replicated twice
7477
// Authentication
7578
if (empty($request_data["hash"])) {
7679
if ($request_data["user"] != "admin") {
77-
echo "Error: authentication failed";
78-
exit();
80+
api_error(E_FORBIDDEN, "Error: authentication failed");
7981
}
8082
$password = $request_data["password"];
8183
if (!isset($password)) {
82-
echo "Error: missing authentication";
83-
exit();
84+
api_error(E_PASSWORD, "Error: authentication failed");
8485
}
8586
$v_ip = quoteshellarg(get_real_user_ip());
8687
unset($output);
@@ -134,8 +135,7 @@ function api_legacy(array $request_data) {
134135

135136
// Check API answer
136137
if ($return_var > 0) {
137-
echo "Error: authentication failed";
138-
exit();
138+
api_error(E_PASSWORD, "Error: authentication failed");
139139
}
140140
} else {
141141
$key = "/usr/local/hestia/data/keys/" . basename($request_data["hash"]);
@@ -148,8 +148,7 @@ function api_legacy(array $request_data) {
148148
unset($output);
149149
// Check API answer
150150
if ($return_var > 0) {
151-
echo "Error: authentication failed";
152-
exit();
151+
api_error(E_PASSWORD, "Error: authentication failed");
153152
}
154153
}
155154

@@ -285,7 +284,7 @@ function api_connection(array $request_data) {
285284

286285
# Check if API access is enabled for nonadmin users
287286
if ($key_user != "admin" && $api_status < 2) {
288-
api_error(E_DISABLED, "API has been disabled");
287+
api_error(E_API_DISABLED, "API has been disabled");
289288
}
290289

291290
// Checks if the value entered in the "user" argument matches the user of the key

0 commit comments

Comments
 (0)