• Welcome to the Chevereto user community!

    Here users from all over the world gather around to learn the latest about Chevereto and contribute with ideas to improve the software.

    Please keep in mind:

    • 😌 This community is user driven. Be polite with other users.
    • 👉 Is required to purchase a Chevereto license to participate in this community (doesn't apply to Pre-sales).
    • 💸 Purchase a Pro Subscription to get access to active software support and faster ticket response times.
  • Chevereto Support CLST

    Support response

    Support checklist

User-based API

coke

Chevereto Member
I've actually created (modified) my friends Chevereto 3.11.1 script (I think it was a nulled version unfortunately; discovered this when the ‘check for updates’ asked the website ‘meolrin.cn’(?) or some .cn link that doesn’t exist anymore, for updates which I know just by browsing the forums isn’t the right URL) to add two new columns to the <installation>_users table as well as adding to the API section of the Dashboard. TL;DR, it’s per user API uploading that does work with ShareX.

The only thing different is A) instead of creating a route.api override, I instead just copied the current v1 API file into the same routes folder, made some surprisingly minor modifications, and simply renamed it to route.apix.php, and such the API v1 would still be functional, as well as the new API, B ) each user in the database now has two extra columns, is_api_tester (reason being a ‘tester’ is because it is still kinda kinky and not optimized fully as it could be) and api_key (as v1 is based off a single predefined key not tied to any particular user); is_api_tester is either 0 or 1, defaulting to 0 ie upon signup, and C) the API page under Dashboard has a full list of each user that has is_api_tester set to 1, along with the ability to generate a new key in one click if the user doesn’t have a key or a new one was to be generated.

Each key is 32 characters long, as such is the v1 key, and consists of a randomly generated [hashed] string: substr(md5(rand()), 0, 32); . Currently, as to why I wrote it as ‘tester’ is because you have to manually go into the database, go to the user’s table and update the is_api_tester column to 1 for each user you want to have “APIX” access.

The url syntax is the exact same for obvious reasons, except instead of /api/1/upload/... you type out or enter into ShareX /apix/1/upload/... ~~ and instead of entering the v1 key in ShareX, you enter the key assigned to your user profile instead.

I’ve also yet to do anything with informing the users that do have a key what their key is, ie on their user settings or smth page. Files I had to edit were the views page for the Peafowl theme dashboard.php file under the “key” == api section (iirc; can’t check atm), adding a new routes file in app/routes (again, iirc), and iirc (again again, away from my work computer) that’s it. Plans to better optimize it and make it usable by others rather than just me (ie as a customization feature posted here on the forums). I just bought myself TMD Hosting with a domain name in order to try some of these things out myself as well as assure that I'm supporting the creator with a legitimately purchased copy of the software; as there seems to be a bunch of 3.11.1 nulled versions floating around on Google and elsewhere.

Here’s the Stackoverflow thread I got the random string generation idea from
And attached below is a quick screenshot I took of what the modified API page looks like. (Seems my account is still an administrator for some reason)
 

Attachments

  • BA8FD305-7027-48D8-A3D7-2429F18DA28D.jpeg
    BA8FD305-7027-48D8-A3D7-2429F18DA28D.jpeg
    216.3 KB · Views: 28
I've basically made a separate API that allows for multiple different users, using their own different key, to upload images using programs like ShareX to their specific user account. Currently, you’d either have to make an override for each user that wanted to upload images to his or her profile using the API or something other like that; idk.

TL;DR Upload images using API to different user accounts depending on what api key you provide during upload.
 
Rodolfo if you’re reading this, you need to make sure this is in v4 ;)

Edit: Glad you got it sorted out tho! lol can’t wait for my license so I can get to tampering.
 
Last edited by a moderator:
One thing I thought about for the API @Rodolfo for v1; is I noticed you allow username routing. But this can let scripts inject to anyone without confirming the username. What about making the encrypted ID an acceptable username key right now? We can use user_id or username, but what about the encrypted_id can we use that?
 
If you have a POC about that post it in bugs, thing about V1 API is that it shouldn't be used by untrusted clients at all.
 
Back
Top