From 07262f448610d44143e8aa4d31acdb8446e7b8d3 Mon Sep 17 00:00:00 2001
From: ghost <localhost>
Date: Sun, 15 Oct 2023 04:30:19 +0300
Subject: [PATCH] require app key on crontab/tool http requests

---
 .env                                 |  1 +
 README.md                            |  2 +-
 config/services.yaml                 |  1 +
 src/Controller/TorrentController.php | 12 +++++++++---
 4 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/.env b/.env
index b8b6d8a..063fdfd 100644
--- a/.env
+++ b/.env
@@ -17,6 +17,7 @@
 ###> symfony/framework-bundle ###
 APP_ENV=dev
 APP_SECRET=EDITME
+APP_KEY=EDITME
 ###< symfony/framework-bundle ###
 
 ###> doctrine/doctrine-bundle ###
diff --git a/README.md b/README.md
index 6a3ee30..a12ecee 100644
--- a/README.md
+++ b/README.md
@@ -50,7 +50,7 @@ php bin/console doctrine:migrations:migrate
 
 ##### Crontab
 
-* `* * * * * /crontab/torrent/scrape` - update seeding stats
+* `* * * * * /crontab/torrent/scrape/{%app.key%}` - update seeding stats
 
 ##### App settings
 
diff --git a/config/services.yaml b/config/services.yaml
index 4831621..c1ed9ce 100644
--- a/config/services.yaml
+++ b/config/services.yaml
@@ -6,6 +6,7 @@
 parameters:
     app.version: '%env(APP_VERSION)%'
     app.name: '%env(APP_NAME)%'
+    app.key: '%env(APP_KEY)%'
     app.pagination: '%env(APP_PAGINATION)%'
     app.trackers: '%env(APP_TRACKERS)%'
     app.locales: '%env(APP_LOCALES)%'
diff --git a/src/Controller/TorrentController.php b/src/Controller/TorrentController.php
index 065aca9..5bf5dec 100644
--- a/src/Controller/TorrentController.php
+++ b/src/Controller/TorrentController.php
@@ -322,7 +322,7 @@ class TorrentController extends AbstractController
         }
 
         return $this->render('default/torrent/list.html.twig', [
-            'query'    => urldecode($request->get('query')),
+            'query'    => $request->get('query') ? urldecode($request->get('query')) : '',
             'torrents' => $torrents,
             'pagination' =>
             [
@@ -1752,7 +1752,10 @@ class TorrentController extends AbstractController
 
     // Tools
     #[Route(
-        '/crontab/torrent/scrape',
+        '/crontab/torrent/scrape/{key}',
+        requirements: [
+            'key' => '%app.key%'
+        ],
         methods:
         [
             'GET'
@@ -1773,7 +1776,10 @@ class TorrentController extends AbstractController
     }
 
     #[Route(
-        '/tool/torrent/reindex',
+        '/tool/torrent/reindex/{key}',
+        requirements: [
+            'key' => '%app.key%'
+        ],
         methods:
         [
             'GET'