From 0ea15ae4b201331a160748abdcfa1c41f6f84bcf Mon Sep 17 00:00:00 2001 From: Ro Date: Sun, 28 Mar 2021 15:22:00 -0700 Subject: [PATCH] added custom session manager, moved index to safe directory --- brain/controller/APIControl.inc.php | 10 +++-- brain/controller/DashControl.inc.php | 8 ++-- brain/controller/IndexControl.inc.php | 3 +- brain/controller/RouteControl.inc.php | 6 +-- brain/data/Auth.inc.php | 37 ++++++++++++--- brain/data/Session.inc.php | 65 +++++++++++++++++++++++++++ brain/data/Settings.inc.php | 18 +++++--- brain/utility/StringTools.inc.php | 22 +++++++++ brain/views/dash/_frame.twig | 8 ++-- brain/views/dash/start.twig | 6 ++- composer.json | 3 +- composer.lock | 60 ++++++++++++++++++++++++- config/folks.json | 27 +++++------ index.php | 21 --------- 14 files changed, 228 insertions(+), 66 deletions(-) create mode 100644 brain/data/Session.inc.php create mode 100644 brain/utility/StringTools.inc.php delete mode 100644 index.php diff --git a/brain/controller/APIControl.inc.php b/brain/controller/APIControl.inc.php index c1d0847..caad565 100644 --- a/brain/controller/APIControl.inc.php +++ b/brain/controller/APIControl.inc.php @@ -1,5 +1,4 @@ getHeaderLine("Content-Type"); switch ($contentType) { case "application/json": @@ -24,7 +23,11 @@ class APIControl //there's only one verion of the api for now switch (isset($args["third"]) ? $args["third"] : "none") { case "login": - $result = (new Auth())->login($body); + $result = Auth::login($body); + + break; + case "logout": + $result = Auth::logout($body); break; default: $result = [ @@ -35,6 +38,7 @@ class APIControl } $response->getBody()->write(json_encode($result)); + return $response->withHeader("Content-Type", "application/json"); } } diff --git a/brain/controller/DashControl.inc.php b/brain/controller/DashControl.inc.php index 869c736..10a6b00 100644 --- a/brain/controller/DashControl.inc.php +++ b/brain/controller/DashControl.inc.php @@ -1,10 +1,9 @@ "Fipamo Dashboard", - "status" => (new Auth())->sessionStatus(), + "status" => Session::active(), "pages" => (new Book("content/pages"))->getContents(), ]; break; } - return $view->render($response, "dash/start.twig", $pageOptions); } } diff --git a/brain/controller/IndexControl.inc.php b/brain/controller/IndexControl.inc.php index 039f72a..d9ad0f1 100644 --- a/brain/controller/IndexControl.inc.php +++ b/brain/controller/IndexControl.inc.php @@ -1,5 +1,4 @@ render($response, "front/start.twig", [ "title" => "Fipamo Dash", "status" => false, diff --git a/brain/controller/RouteControl.inc.php b/brain/controller/RouteControl.inc.php index fc24e25..8b80ec8 100644 --- a/brain/controller/RouteControl.inc.php +++ b/brain/controller/RouteControl.inc.php @@ -2,9 +2,9 @@ use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ServerRequestInterface; -include "brain/controller/IndexControl.inc.php"; -include "brain/controller/DashControl.inc.php"; -include "brain/controller/APIControl.inc.php"; +include "../brain/controller/IndexControl.inc.php"; +include "../brain/controller/DashControl.inc.php"; +include "../brain/controller/APIControl.inc.php"; class RouteControl { diff --git a/brain/data/Auth.inc.php b/brain/data/Auth.inc.php index b365777..38c4851 100644 --- a/brain/data/Auth.inc.php +++ b/brain/data/Auth.inc.php @@ -1,17 +1,15 @@ secret; } - public function login($who) + public static function login($who) { //grab member list $folks = (new Settings())->getFolks(); @@ -30,6 +28,23 @@ class Auth if ($found) { //name is found, verify password if (password_verify($who["password"], $found["password"])) { + $member = [ + "handle" => $found["handle"], + "email" => $found["email"], + "role" => $found["role"], + "avatar" => $found["avi"], + ]; + + $token = Token::create( + $found["id"], + $found["secret"], + time() + 3600, + "localhost" + ); //expires in an hour + Session::start(); + Session::set("member", $member); + Session::set("token", $token); + $result = [ "message" => "Welcome back", "type" => "TASK_LOGIN", @@ -49,4 +64,14 @@ class Auth } return $result; } + + public static function logout() + { + Session::kill(); + $result = [ + "message" => "Till next time, g.", + "type" => "TASK_LOGOUT", + ]; + return $result; + } } diff --git a/brain/data/Session.inc.php b/brain/data/Session.inc.php new file mode 100644 index 0000000..c3a2266 --- /dev/null +++ b/brain/data/Session.inc.php @@ -0,0 +1,65 @@ + "", + "token" => "", + ]; + public static function start() + { + if (!is_file(self::$file)) { + file_put_contents(self::$file, json_encode(self::$data)); + } else { + ($new = fopen(self::$file, "w")) or die("Unable to open file!"); + fwrite($new, json_encode(self::$data)); + fclose($new); + } + } + + public static function active() + { + $data = json_decode(file_get_contents(self::$file), true); + if ($data["member"] != null) { + $secret = (new Settings())->getFolks("secret"); + if ( + Token::validate($data["token"], $secret) && + Token::validateExpiration($data["token"], $secret) + ) { + true; + } else { + false; + } + + return true; + } else { + return false; + } + } + + public static function set($key, $value) + { + $data = json_decode(file_get_contents(self::$file), true); + $data[$key] = $value; + ($fresh = fopen(self::$file, "w")) or die("Unable to open file!"); + fwrite($fresh, json_encode($data)); + fclose($fresh); + } + + public static function get($key) + { + $data = json_decode(file_get_contents(self::$file), true); + + return $data[$key]; + } + + public static function kill() + { + ($fresh = fopen(self::$file, "w")) or die("Unable to open file!"); + fwrite($fresh, json_encode(self::$data)); + fclose($fresh); + } +} diff --git a/brain/data/Settings.inc.php b/brain/data/Settings.inc.php index adf3fce..d540bce 100644 --- a/brain/data/Settings.inc.php +++ b/brain/data/Settings.inc.php @@ -1,5 +1,5 @@ folks = json_decode(file_get_contents("config/folks.json"), true); - $this->tags = json_decode(file_get_contents("config/tags.json"), true); + $this->folks = json_decode(file_get_contents("../config/folks.json"), true); + $this->tags = json_decode(file_get_contents("../config/tags.json"), true); $this->settings = json_decode( - file_get_contents("config/settings.json"), + file_get_contents("../config/settings.json"), true ); } - public function getFolks() + public function getFolks($key) { - return $this->folks; + if (isset($key)) { + $member = Session::get("member"); + $found = find($this->folks, ["handle" => $member["handle"]]); + return $found[$key]; + } else { + return $this->folks; + } } } diff --git a/brain/utility/StringTools.inc.php b/brain/utility/StringTools.inc.php new file mode 100644 index 0000000..2f1fb17 --- /dev/null +++ b/brain/utility/StringTools.inc.php @@ -0,0 +1,22 @@ +
- +
- +
- +
@@ -28,7 +28,7 @@