From 512c67b1a67b4c6fa2ece7f52b6d243aa4c3f678 Mon Sep 17 00:00:00 2001
From: jo <ljonas@riseup.net>
Date: Wed, 15 Sep 2021 14:56:14 +0200
Subject: [PATCH] Auth to API v1 using Authorization: Api-Key header

---
 .../application/controllers/ApiController.php      | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/airtime_mvc/application/controllers/ApiController.php b/airtime_mvc/application/controllers/ApiController.php
index a47296e59..5af7a430b 100644
--- a/airtime_mvc/application/controllers/ApiController.php
+++ b/airtime_mvc/application/controllers/ApiController.php
@@ -83,9 +83,19 @@ class ApiController extends Zend_Controller_Action
     public function checkAuth()
     {
         $CC_CONFIG = Config::getConfig();
-        $api_key = $this->_getParam('api_key');
+        $apiKey = $this->_getParam('api_key');
 
-        if (in_array($api_key, $CC_CONFIG["apiKey"])) {
+        if (in_array($apiKey, $CC_CONFIG['apiKey'])) {
+            return true;
+        }
+
+        $authHeader = $this->getRequest()->getHeader('Authorization');
+        $authHeaderArray = explode(' ', $authHeader);
+        if (
+            count($authHeaderArray) >= 2
+            && $authHeaderArray[0] == 'Api-Key'
+            && in_array($authHeaderArray[1], $CC_CONFIG['apiKey'])
+        ) {
             return true;
         }