Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'main' into feature/inactive-subscriptions
Browse files Browse the repository at this point in the history
ellite authored Feb 23, 2024
2 parents 0a2aeee + d2671b0 commit ffe816a
Showing 56 changed files with 1,262 additions and 173 deletions.
76 changes: 0 additions & 76 deletions .github/workflows/build-images.yml

This file was deleted.

78 changes: 78 additions & 0 deletions .github/workflows/build-release.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
name: Build & Release
on:
push:
branches:
- "*"
pull_request:
branches:
- main
permissions:
contents: write
pull-requests: write
packages: write
env:
# login to docker hub with provided secrets
REGISTRY: docker.io
REGISTRY_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
REGISTRY_PASSWORD: ${{ secrets.DOCKERHUB_TOKEN }}
IMAGE_NAME: ${{ vars.DOCKERHUB_TAG }}
# For release-please, see available types at https://github.com/google-github-actions/release-please-action/tree/v4/?tab=readme-ov-file#release-types-supported
PROJECT_TYPE: simple
jobs:
release:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- id: rp
if: github.event_name != 'pull_request' && github.ref_name == 'main'
uses: google-github-actions/release-please-action@v4
with:
release-type: ${{ env.PROJECT_TYPE }}
- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ env.REGISTRY_USERNAME }}
password: ${{ env.REGISTRY_PASSWORD }}
- name: Prepare tags for Docker meta
id: tags
env:
# When release please is skipped, these values will be empty
is_release: ${{ steps.rp.outputs.release_created }}
version: v${{ steps.rp.outputs.major }}.${{ steps.rp.outputs.minor }}.${{ steps.rp.outputs.patch }}
run: |
tags=""
if [[ "$is_release" = 'true' ]]; then
tags="type=semver,pattern={{version}},value=$version
type=ref,event=branch,value=main"
else
tags="type=ref,event=branch
type=ref,event=pr"
fi
{
echo 'tags<<EOF'
echo "$tags"
echo EOF
} >> "$GITHUB_OUTPUT"
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
tags: ${{ steps.tags.outputs.tags }}
# necessary for multi-platform images
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
# necessary for multi-platform images
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push
uses: docker/build-push-action@v5
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: linux/amd64,linux/arm64,linux/arm/v7
cache-from: type=gha
cache-to: type=gha,mode=max
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -4,3 +4,4 @@
!/images/uploads/logos/wallos.png
.DS_Store
.idea/
.vscode/
67 changes: 67 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,67 @@
# Changelog

## [1.4.1](https://github.com/ellite/Wallos/compare/v1.4.0...v1.4.1) (2024-02-22)


### Bug Fixes

* bug on saving fixer api key ([#142](https://github.com/ellite/Wallos/issues/142)) ([866eb28](https://github.com/ellite/Wallos/commit/866eb28e88495e851336b5e224274a823ff4173d))

## [1.4.0](https://github.com/ellite/Wallos/compare/v1.3.1...v1.4.0) (2024-02-21)


### Features

* persist display and experimental settings on the db ([f0a6f1a](https://github.com/ellite/Wallos/commit/f0a6f1a2f18b329c9f784a9f1953cd0e7616e1c6))
* small styles changed ([f0a6f1a](https://github.com/ellite/Wallos/commit/f0a6f1a2f18b329c9f784a9f1953cd0e7616e1c6))

## [1.3.1](https://github.com/ellite/Wallos/compare/v1.3.0...v1.3.1) (2024-02-20)


### Bug Fixes

* missing authentication check ([#133](https://github.com/ellite/Wallos/issues/133)) ([b887d3a](https://github.com/ellite/Wallos/commit/b887d3a0503585dadde4b1b59b023c981b0f7f66))

## [1.3.0](https://github.com/ellite/Wallos/compare/v1.2.0...v1.3.0) (2024-02-19)


### Features

* add apilayer as provider for fixer api ([0f19dd6](https://github.com/ellite/Wallos/commit/0f19dd688fe3a2156e7d26d1bf1e1f8b30ce79ad))
* add apilayer as provider for fixer api ([#127](https://github.com/ellite/Wallos/issues/127)) ([0f19dd6](https://github.com/ellite/Wallos/commit/0f19dd688fe3a2156e7d26d1bf1e1f8b30ce79ad))
* update exchange rate when saving api key ([0f19dd6](https://github.com/ellite/Wallos/commit/0f19dd688fe3a2156e7d26d1bf1e1f8b30ce79ad))

## [1.2.0](https://github.com/ellite/Wallos/compare/v1.1.0...v1.2.0) (2024-02-19)


### Features

* enable deployment in subdirectory ([e2af9af](https://github.com/ellite/Wallos/commit/e2af9afc32bfc248f594336c50d44ad6f36f197e))

## [1.1.0](https://github.com/ellite/Wallos/compare/v1.0.1...v1.1.0) (2024-02-18)


### Features

* new statistics per payment method ([#124](https://github.com/ellite/Wallos/issues/124)) ([6200fa5](https://github.com/ellite/Wallos/commit/6200fa5e87d3f60853c3d8b95f5d676e39b378f4))

## [1.0.1](https://github.com/ellite/Wallos/compare/v1.0.0...v1.0.1) (2024-02-18)


### Bug Fixes

* show translated no category when sorting by category ([#122](https://github.com/ellite/Wallos/issues/122)) ([330c061](https://github.com/ellite/Wallos/commit/330c061b74ad1580173f3d3bc7b14048492e22d2))

## 1.0.0 (2024-02-15)


### Features

* add workflow for building and publishing docker images ([970c96a](https://github.com/ellite/Wallos/commit/970c96a8c904809544c944071986be2a684daf50))
* specify image stability type when triggering build ([5b22cfd](https://github.com/ellite/Wallos/commit/5b22cfd87a94a865f53b282964961862bbea1861))


### Bug Fixes

* Currency not preselected on registration ([fc56cf6](https://github.com/ellite/Wallos/commit/fc56cf69ef22a07978022265b2e8344dc293eb14))
* Language sort order ([884a8e5](https://github.com/ellite/Wallos/commit/884a8e569339ddbcb89af4634c0c845b053affbb))
10 changes: 0 additions & 10 deletions README.md
Original file line number Diff line number Diff line change
@@ -93,16 +93,6 @@ docker run -d --name wallos -v /path/to/config/wallos/db:/var/www/html/db \
bellamy/wallos:latest
```

For ARM processors you need to use the tag main

```bash
docker run -d --name wallos -v /path/to/config/wallos/db:/var/www/html/db \
-v /path/to/config/wallos/logos:/var/www/html/images/uploads/logos \
-e TZ=Europe/Berlin -p 8282:80 --restart unless-stopped \
bellamy/wallos:main
```


### Docker Compose

```
28 changes: 28 additions & 0 deletions SECURITY.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
# Security Policy

## Reporting a Vulnerability

If you discover any security vulnerabilities in this project, please report them to the developer by emailing [[email protected]](mailto:[email protected]). I appreciate your help in keeping the project secure.

## Supported Versions

This project is currently supported with security updates for the following versions:

| Version | Supported |
| ------- | ------------------ |
| latest | :white_check_mark: |
| main | :white_check_mark: |
| 1.x.x | :x: |

## Security Measures

I take security seriously and am working on ways to implement security measures to protect the project.

## Reporting a Security Concern

If you have any security concerns or questions regarding the security of this project, please contact the developer at [[email protected]](mailto:[email protected]).

## Responsible Disclosure

I kindly request that you follow responsible disclosure practices and give me reasonable time to address any reported vulnerabilities before making them public.

22 changes: 19 additions & 3 deletions endpoints/currency/fixer_api_key.php
Original file line number Diff line number Diff line change
@@ -5,16 +5,32 @@
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] === true) {
if ($_SERVER["REQUEST_METHOD"] === "POST") {
$newApiKey = isset($_POST["api_key"]) ? $_POST["api_key"] : "";
$provider = isset($_POST["provider"]) ? $_POST["provider"] : 0;

$removeOldKey = "DELETE FROM fixer";
$db->exec($removeOldKey);
$testKeyUrl = "http://data.fixer.io/api/latest?access_key=$newApiKey";
$response = file_get_contents($testKeyUrl);

if ($provider == 1) {
$testKeyUrl = "https://api.apilayer.com/fixer/latest?base=USD&symbols=EUR";
$context = stream_context_create([
'http' => [
'method' => 'GET',
'header' => 'apikey: ' . $newApiKey,
]
]);
$response = file_get_contents($testKeyUrl, false, $context);
} else {
$testKeyUrl = "http://data.fixer.io/api/latest?access_key=$newApiKey";
$response = file_get_contents($testKeyUrl);
}

$apiData = json_decode($response, true);
if ($apiData['success'] && $apiData['success'] == 1) {
if (!empty($newApiKey)) {
$insertNewKey = "INSERT INTO fixer (api_key) VALUES (:api_key)";
$insertNewKey = "INSERT INTO fixer (api_key, provider) VALUES (:api_key, :provider)";
$stmt = $db->prepare($insertNewKey);
$stmt->bindParam(":api_key", $newApiKey, SQLITE3_TEXT);
$stmt->bindParam(":provider", $provider, SQLITE3_INTEGER);
$result = $stmt->execute();
if ($result) {
echo json_encode(["success" => true, "message" => translate('api_key_saved', $i18n)]);
48 changes: 33 additions & 15 deletions endpoints/currency/update_exchange.php
Original file line number Diff line number Diff line change
@@ -2,30 +2,36 @@
require_once '../../includes/connect_endpoint.php';

$shouldUpdate = true;
$query = "SELECT date FROM last_exchange_update";
$result = $db->querySingle($query);

if ($result) {
$lastUpdateDate = new DateTime($result);
$currentDate = new DateTime();
$lastUpdateDateString = $lastUpdateDate->format('Y-m-d');
$currentDateString = $currentDate->format('Y-m-d');
$shouldUpdate = $lastUpdateDateString < $currentDateString;
}
if (isset($_GET['force']) && $_GET['force'] === "true") {
$shouldUpdate = true;
} else {
$query = "SELECT date FROM last_exchange_update";
$result = $db->querySingle($query);

if (!$shouldUpdate) {
echo "Rates are current, no need to update.";
exit;
if ($result) {
$lastUpdateDate = new DateTime($result);
$currentDate = new DateTime();
$lastUpdateDateString = $lastUpdateDate->format('Y-m-d');
$currentDateString = $currentDate->format('Y-m-d');
$shouldUpdate = $lastUpdateDateString < $currentDateString;
}

if (!$shouldUpdate) {
echo "Rates are current, no need to update.";
exit;
}
}

$query = "SELECT api_key FROM fixer";
$query = "SELECT api_key, provider FROM fixer";
$result = $db->query($query);

if ($result) {
$row = $result->fetchArray(SQLITE3_ASSOC);

if ($row) {
$apiKey = $row['api_key'];
$provider = $row['provider'];

$codes = "";
$query = "SELECT id, name, symbol, code FROM currencies";
@@ -41,8 +47,20 @@
$mainCurrencyCode = $row['code'];
$mainCurrencyId = $row['main_currency'];

$api_url = "http://data.fixer.io/api/latest?access_key=". $apiKey . "&base=EUR&symbols=" . $codes;
$response = file_get_contents($api_url);
if ($provider === 1) {
$api_url = "https://api.apilayer.com/fixer/latest?base=EUR&symbols=" . $codes;
$context = stream_context_create([
'http' => [
'method' => 'GET',
'header' => 'apikey: ' . $apiKey,
]
]);
$response = file_get_contents($api_url, false, $context);
} else {
$api_url = "http://data.fixer.io/api/latest?access_key=". $apiKey . "&base=EUR&symbols=" . $codes;
$response = file_get_contents($api_url);
}

$apiData = json_decode($response, true);

$mainCurrencyToEUR = $apiData['rates'][$mainCurrencyCode];
7 changes: 6 additions & 1 deletion endpoints/payments/payment.php
Original file line number Diff line number Diff line change
@@ -17,7 +17,12 @@

$paymentId = $_GET['paymentId'];

$inUse = $db->querySingle('SELECT COUNT(*) as count FROM subscriptions WHERE payment_method_id=' . $paymentId) === 1;
$stmt = $db->prepare('SELECT COUNT(*) as count FROM subscriptions WHERE payment_method_id=:paymentId');
$stmt->bindValue(':paymentId', $paymentId, SQLITE3_INTEGER);
$result = $stmt->execute();
$row = $result->fetchArray();
$inUse = $row['count'] === 1;

if ($inUse) {
die(json_encode([
"success" => false,
Loading

0 comments on commit ffe816a

Please sign in to comment.