diff --git a/src/FederationServer/Classes/RequestHandler.php b/src/FederationServer/Classes/RequestHandler.php index 0c2f082..cbf896e 100644 --- a/src/FederationServer/Classes/RequestHandler.php +++ b/src/FederationServer/Classes/RequestHandler.php @@ -196,16 +196,16 @@ * This method retrieves the API key from the request headers or query parameters, * validates it, and returns the corresponding OperatorRecord object if found and enabled. * - * @return OperatorRecord Returns the authenticated OperatorRecord object or null if not found or disabled. + * @return OperatorRecord|null Returns the authenticated OperatorRecord object or null if not found or disabled. * @throws RequestException If the API key is missing, invalid, or the operator is disabled. */ - protected static function getAuthenticatedOperator(): OperatorRecord + protected static function getAuthenticatedOperator(): ?OperatorRecord { // First obtain the API key from the request headers or query parameters. - $apiKey = $_SERVER['HTTP_API_KEY'] ?? $_GET['api_key'] ?? null; + $apiKey = $_SERVER['HTTP_API_KEY'] ?? $_GET['api_key'] ?? $_POST['api_key'] ?? null; if (empty($apiKey)) { - throw new RequestException('API key is required', 401); + return null; } if(strlen($apiKey) > 32) diff --git a/src/FederationServer/FederationServer.php b/src/FederationServer/FederationServer.php index 0e279d6..8da9578 100644 --- a/src/FederationServer/FederationServer.php +++ b/src/FederationServer/FederationServer.php @@ -119,8 +119,14 @@ /** * @inheritDoc */ - public static function getAuthenticatedOperator(): OperatorRecord + public static function getAuthenticatedOperator(bool $requireAuthentication=true): ?OperatorRecord { - return parent::getAuthenticatedOperator(); + $authenticatedOperator = parent::getAuthenticatedOperator(); + if($requireAuthentication && $authenticatedOperator === null) + { + throw new RequestException('Unauthorized: No authenticated operator found', 401); + } + + return $authenticatedOperator; } } diff --git a/src/FederationServer/Methods/Operators/GetOperator.php b/src/FederationServer/Methods/Operators/GetOperator.php index faa53ef..e79acf6 100644 --- a/src/FederationServer/Methods/Operators/GetOperator.php +++ b/src/FederationServer/Methods/Operators/GetOperator.php @@ -17,13 +17,7 @@ */ public static function handleRequest(): void { - $authenticatedOperator = FederationServer::getAuthenticatedOperator(); - - // Ensure the authenticated operator has permission to delete operators. - if(!$authenticatedOperator->canManageOperators()) - { - throw new RequestException('Unauthorized: Insufficient permissions to get operators', 403); - } + $authenticatedOperator = FederationServer::getAuthenticatedOperator(false); if(!preg_match('#^/operators/([a-fA-F0-9\-]{36,})$#', FederationServer::getPath(), $matches)) { @@ -50,7 +44,14 @@ throw new RequestException('Internal Server Error: Unable to get operator', 500, $e); } - // Respond with the UUID of the newly created operator. - self::successResponse($existingOperator->toArray()); + if($authenticatedOperator?->canManageOperators()) + { + // If the authenticated operator can manage operators, return the full record + self::successResponse($existingOperator->toArray()); + return; + } + + // Respond with public record if the authenticated operator cannot manage operators + self::successResponse($existingOperator->toPublicRecord()->toArray()); } } \ No newline at end of file