appify API token validation

app/API.php

@@ -0,0 +1,24 @@
+<?php
+
+namespace Gazelle;
+
+class API extends Base {
+    public function validateToken(int $appId, string $token): bool {
+        $key = "api_applications_{$appId}";
+        $app = self::$cache->get_value($key);
+        if ($app === false) {
+            $app = self::$db->rowAssoc("
+                SELECT Token, Name
+                FROM api_applications
+                WHERE ID = ?
+                LIMIT 1
+                ", $appId
+            );
+            if (is_null($app)) {
+                return false;
+            }
+            self::$cache->cache_value($key, $app, 0);
+        }
+        return $app['Token'] === $token;
+    }
+}

sections/api/index.php

@@ -1,40 +1,25 @@
 <?php
 
+if (empty($_GET['aid']) || empty($_GET['token'])) {
+    json_error('invalid parameters');
+}
+if (!(new Gazelle\API)->validateToken((int)($_GET['aid'] ?? 0), $_GET['token'] ?? '')) {
+    json_error('invalid token');
+}
 $className = "Gazelle\\API\\" . str_replace("_", "", ucwords($_GET['action'], "_"));
 if (!class_exists($className)) {
     json_error('invalid action');
 }
-if (empty($_GET['aid']) || empty($_GET['token'])) {
-    json_error('invalid parameters');
-}
 
 $api = new $className([
     'ReleaseTypes' => (new \Gazelle\ReleaseType)->list(),
-    'Debug' => $Debug,
+    'Debug'        => $Debug,
 ]);
 
-$appId = (int)$_GET['aid'];
-$token = $_GET['token'];
-$key = "api_applications_{$appId}";
-
-$app = $Cache->get_value($key);
-if (!is_array($app)) {
-    $app = $DB->rowAssoc("
-        SELECT Token, Name
-        FROM api_applications
-        WHERE ID = ?
-        LIMIT 1
-        ", $appId
-    );
-    if (is_null($app)) {
-        json_error('invalid app');
-    }
-    $Cache->cache_value($key, $app, 0);
-}
-
-if ($app['Token'] !== $token) {
-    json_error('invalid token');
-}
-
-$response = $api->run();
-print(json_encode(['status' => 200, 'response' => $response], JSON_UNESCAPED_SLASHES));
+print(json_encode(
+    [
+        'status'   => 200,
+        'response' => $api->run(),
+    ],
+    JSON_UNESCAPED_SLASHES
+));