added custom session manager, moved index to safe directory
This commit is contained in:
parent
b1cc12673c
commit
0ea15ae4b2
14 changed files with 228 additions and 66 deletions
|
@ -1,5 +1,4 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
use Psr\Http\Message\ResponseInterface;
|
use Psr\Http\Message\ResponseInterface;
|
||||||
use Psr\Http\Message\ServerRequestInterface;
|
use Psr\Http\Message\ServerRequestInterface;
|
||||||
|
|
||||||
|
@ -11,7 +10,7 @@ class APIControl
|
||||||
ServerRequestInterface $request,
|
ServerRequestInterface $request,
|
||||||
ResponseInterface $response,
|
ResponseInterface $response,
|
||||||
array $args
|
array $args
|
||||||
) {
|
): ResponseInterface {
|
||||||
$contentType = $request->getHeaderLine("Content-Type");
|
$contentType = $request->getHeaderLine("Content-Type");
|
||||||
switch ($contentType) {
|
switch ($contentType) {
|
||||||
case "application/json":
|
case "application/json":
|
||||||
|
@ -24,7 +23,11 @@ class APIControl
|
||||||
//there's only one verion of the api for now
|
//there's only one verion of the api for now
|
||||||
switch (isset($args["third"]) ? $args["third"] : "none") {
|
switch (isset($args["third"]) ? $args["third"] : "none") {
|
||||||
case "login":
|
case "login":
|
||||||
$result = (new Auth())->login($body);
|
$result = Auth::login($body);
|
||||||
|
|
||||||
|
break;
|
||||||
|
case "logout":
|
||||||
|
$result = Auth::logout($body);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
$result = [
|
$result = [
|
||||||
|
@ -35,6 +38,7 @@ class APIControl
|
||||||
}
|
}
|
||||||
|
|
||||||
$response->getBody()->write(json_encode($result));
|
$response->getBody()->write(json_encode($result));
|
||||||
|
|
||||||
return $response->withHeader("Content-Type", "application/json");
|
return $response->withHeader("Content-Type", "application/json");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +1,9 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
use Psr\Http\Message\ResponseInterface;
|
use Psr\Http\Message\ResponseInterface;
|
||||||
use Psr\Http\Message\ServerRequestInterface;
|
use Psr\Http\Message\ServerRequestInterface;
|
||||||
use Slim\Views\Twig;
|
use Slim\Views\Twig;
|
||||||
|
|
||||||
include "brain/data/Book.inc.php";
|
include "../brain/data/Book.inc.php";
|
||||||
|
|
||||||
class DashControl
|
class DashControl
|
||||||
{
|
{
|
||||||
|
@ -20,14 +19,15 @@ class DashControl
|
||||||
$content = [];
|
$content = [];
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
|
//$_SESSION["TEST"] = "TESTERZ";
|
||||||
|
//session_unset();
|
||||||
$pageOptions = [
|
$pageOptions = [
|
||||||
"title" => "Fipamo Dashboard",
|
"title" => "Fipamo Dashboard",
|
||||||
"status" => (new Auth())->sessionStatus(),
|
"status" => Session::active(),
|
||||||
"pages" => (new Book("content/pages"))->getContents(),
|
"pages" => (new Book("content/pages"))->getContents(),
|
||||||
];
|
];
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
return $view->render($response, "dash/start.twig", $pageOptions);
|
return $view->render($response, "dash/start.twig", $pageOptions);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
use Psr\Http\Message\ResponseInterface;
|
use Psr\Http\Message\ResponseInterface;
|
||||||
use Psr\Http\Message\ServerRequestInterface;
|
use Psr\Http\Message\ServerRequestInterface;
|
||||||
use Slim\Views\Twig;
|
use Slim\Views\Twig;
|
||||||
|
@ -11,8 +10,8 @@ class IndexControl
|
||||||
ResponseInterface $response,
|
ResponseInterface $response,
|
||||||
array $args
|
array $args
|
||||||
): ResponseInterface {
|
): ResponseInterface {
|
||||||
|
//unset($_SESSION);
|
||||||
$view = Twig::fromRequest($request);
|
$view = Twig::fromRequest($request);
|
||||||
|
|
||||||
return $view->render($response, "front/start.twig", [
|
return $view->render($response, "front/start.twig", [
|
||||||
"title" => "Fipamo Dash",
|
"title" => "Fipamo Dash",
|
||||||
"status" => false,
|
"status" => false,
|
||||||
|
|
|
@ -2,9 +2,9 @@
|
||||||
use Psr\Http\Message\ResponseInterface;
|
use Psr\Http\Message\ResponseInterface;
|
||||||
use Psr\Http\Message\ServerRequestInterface;
|
use Psr\Http\Message\ServerRequestInterface;
|
||||||
|
|
||||||
include "brain/controller/IndexControl.inc.php";
|
include "../brain/controller/IndexControl.inc.php";
|
||||||
include "brain/controller/DashControl.inc.php";
|
include "../brain/controller/DashControl.inc.php";
|
||||||
include "brain/controller/APIControl.inc.php";
|
include "../brain/controller/APIControl.inc.php";
|
||||||
|
|
||||||
class RouteControl
|
class RouteControl
|
||||||
{
|
{
|
||||||
|
|
|
@ -1,17 +1,15 @@
|
||||||
<?php
|
<?php
|
||||||
|
include "../brain/data/Settings.inc.php";
|
||||||
use function _\find;
|
use function _\find;
|
||||||
|
use ReallySimpleJWT\Token;
|
||||||
include "brain/data/Settings.inc.php";
|
|
||||||
|
|
||||||
class Auth
|
class Auth
|
||||||
{
|
{
|
||||||
private $configs;
|
|
||||||
|
|
||||||
public function __construct()
|
public function __construct()
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
public function sessionStatus()
|
public static function sessionStatus()
|
||||||
{
|
{
|
||||||
if (isset($_SESSION["member"])) {
|
if (isset($_SESSION["member"])) {
|
||||||
return true;
|
return true;
|
||||||
|
@ -21,7 +19,7 @@ class Auth
|
||||||
//return $this->secret;
|
//return $this->secret;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function login($who)
|
public static function login($who)
|
||||||
{
|
{
|
||||||
//grab member list
|
//grab member list
|
||||||
$folks = (new Settings())->getFolks();
|
$folks = (new Settings())->getFolks();
|
||||||
|
@ -30,6 +28,23 @@ class Auth
|
||||||
if ($found) {
|
if ($found) {
|
||||||
//name is found, verify password
|
//name is found, verify password
|
||||||
if (password_verify($who["password"], $found["password"])) {
|
if (password_verify($who["password"], $found["password"])) {
|
||||||
|
$member = [
|
||||||
|
"handle" => $found["handle"],
|
||||||
|
"email" => $found["email"],
|
||||||
|
"role" => $found["role"],
|
||||||
|
"avatar" => $found["avi"],
|
||||||
|
];
|
||||||
|
|
||||||
|
$token = Token::create(
|
||||||
|
$found["id"],
|
||||||
|
$found["secret"],
|
||||||
|
time() + 3600,
|
||||||
|
"localhost"
|
||||||
|
); //expires in an hour
|
||||||
|
Session::start();
|
||||||
|
Session::set("member", $member);
|
||||||
|
Session::set("token", $token);
|
||||||
|
|
||||||
$result = [
|
$result = [
|
||||||
"message" => "Welcome back",
|
"message" => "Welcome back",
|
||||||
"type" => "TASK_LOGIN",
|
"type" => "TASK_LOGIN",
|
||||||
|
@ -49,4 +64,14 @@ class Auth
|
||||||
}
|
}
|
||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static function logout()
|
||||||
|
{
|
||||||
|
Session::kill();
|
||||||
|
$result = [
|
||||||
|
"message" => "Till next time, g.",
|
||||||
|
"type" => "TASK_LOGOUT",
|
||||||
|
];
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
65
brain/data/Session.inc.php
Normal file
65
brain/data/Session.inc.php
Normal file
|
@ -0,0 +1,65 @@
|
||||||
|
<?php
|
||||||
|
use function _\find;
|
||||||
|
use ReallySimpleJWT\Token;
|
||||||
|
|
||||||
|
class Session
|
||||||
|
{
|
||||||
|
private static $file = "../content/.session";
|
||||||
|
private static $data = [
|
||||||
|
"member" => "",
|
||||||
|
"token" => "",
|
||||||
|
];
|
||||||
|
public static function start()
|
||||||
|
{
|
||||||
|
if (!is_file(self::$file)) {
|
||||||
|
file_put_contents(self::$file, json_encode(self::$data));
|
||||||
|
} else {
|
||||||
|
($new = fopen(self::$file, "w")) or die("Unable to open file!");
|
||||||
|
fwrite($new, json_encode(self::$data));
|
||||||
|
fclose($new);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function active()
|
||||||
|
{
|
||||||
|
$data = json_decode(file_get_contents(self::$file), true);
|
||||||
|
if ($data["member"] != null) {
|
||||||
|
$secret = (new Settings())->getFolks("secret");
|
||||||
|
if (
|
||||||
|
Token::validate($data["token"], $secret) &&
|
||||||
|
Token::validateExpiration($data["token"], $secret)
|
||||||
|
) {
|
||||||
|
true;
|
||||||
|
} else {
|
||||||
|
false;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
} else {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function set($key, $value)
|
||||||
|
{
|
||||||
|
$data = json_decode(file_get_contents(self::$file), true);
|
||||||
|
$data[$key] = $value;
|
||||||
|
($fresh = fopen(self::$file, "w")) or die("Unable to open file!");
|
||||||
|
fwrite($fresh, json_encode($data));
|
||||||
|
fclose($fresh);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function get($key)
|
||||||
|
{
|
||||||
|
$data = json_decode(file_get_contents(self::$file), true);
|
||||||
|
|
||||||
|
return $data[$key];
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function kill()
|
||||||
|
{
|
||||||
|
($fresh = fopen(self::$file, "w")) or die("Unable to open file!");
|
||||||
|
fwrite($fresh, json_encode(self::$data));
|
||||||
|
fclose($fresh);
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,5 +1,5 @@
|
||||||
<?php
|
<?php
|
||||||
|
use function _\find;
|
||||||
class Settings
|
class Settings
|
||||||
{
|
{
|
||||||
private $folks;
|
private $folks;
|
||||||
|
@ -9,16 +9,22 @@ class Settings
|
||||||
public function __construct()
|
public function __construct()
|
||||||
{
|
{
|
||||||
//gets all settings files and converts to php objects
|
//gets all settings files and converts to php objects
|
||||||
$this->folks = json_decode(file_get_contents("config/folks.json"), true);
|
$this->folks = json_decode(file_get_contents("../config/folks.json"), true);
|
||||||
$this->tags = json_decode(file_get_contents("config/tags.json"), true);
|
$this->tags = json_decode(file_get_contents("../config/tags.json"), true);
|
||||||
$this->settings = json_decode(
|
$this->settings = json_decode(
|
||||||
file_get_contents("config/settings.json"),
|
file_get_contents("../config/settings.json"),
|
||||||
true
|
true
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getFolks()
|
public function getFolks($key)
|
||||||
{
|
{
|
||||||
|
if (isset($key)) {
|
||||||
|
$member = Session::get("member");
|
||||||
|
$found = find($this->folks, ["handle" => $member["handle"]]);
|
||||||
|
return $found[$key];
|
||||||
|
} else {
|
||||||
return $this->folks;
|
return $this->folks;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
22
brain/utility/StringTools.inc.php
Normal file
22
brain/utility/StringTools.inc.php
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
//include "brain/data/Auth.inc.php";
|
||||||
|
|
||||||
|
class StringTools
|
||||||
|
{
|
||||||
|
public static function randomString(int $length)
|
||||||
|
{
|
||||||
|
$alphanum =
|
||||||
|
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
|
||||||
|
$special = '*&!@%^#$';
|
||||||
|
$alphabet = $alphanum . $special;
|
||||||
|
$random = openssl_random_pseudo_bytes($length);
|
||||||
|
$alphabet_length = strlen($alphabet);
|
||||||
|
$string = "";
|
||||||
|
for ($i = 0; $i < $length; ++$i) {
|
||||||
|
$string .= $alphabet[ord($random[$i]) % $alphabet_length];
|
||||||
|
}
|
||||||
|
|
||||||
|
return $string;
|
||||||
|
}
|
||||||
|
}
|
|
@ -13,13 +13,13 @@
|
||||||
<div id="notifications" class="notifications">
|
<div id="notifications" class="notifications">
|
||||||
<div id="notifyMessage" class="notifyMessage">
|
<div id="notifyMessage" class="notifyMessage">
|
||||||
<div id="notify-good" class="notify-icon">
|
<div id="notify-good" class="notify-icon">
|
||||||
<svg class="menu-icon"><use xlink:href="/assets/images/global/sprite.svg#entypo-emoji-flirt"/></svg>
|
<svg class="menu-icon"><use xlink:href="/images/global/sprite.svg#entypo-emoji-flirt"/></svg>
|
||||||
</div>
|
</div>
|
||||||
<div id="notify-lame" class="notify-icon">
|
<div id="notify-lame" class="notify-icon">
|
||||||
<svg class="menu-icon"><use xlink:href="/assets/images/global/sprite.svg#entypo-emoji-sad"/></svg>
|
<svg class="menu-icon"><use xlink:href="/images/global/sprite.svg#entypo-emoji-sad"/></svg>
|
||||||
</div>
|
</div>
|
||||||
<div id="notify-working" class="notify-icon">
|
<div id="notify-working" class="notify-icon">
|
||||||
<svg class="menu-icon"><use xlink:href="/assets/images/global/sprite.svg#entypo-cog"/></svg>
|
<svg class="menu-icon"><use xlink:href="/images/global/sprite.svg#entypo-cog"/></svg>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
@ -28,7 +28,7 @@
|
||||||
<header id="header">
|
<header id="header">
|
||||||
<div id="wrapper">
|
<div id="wrapper">
|
||||||
<div id="left">
|
<div id="left">
|
||||||
<a href="/dashboard"><img id="the-logo" src="/public/assets/images/global/the-logo.svg"/></a>
|
<a href="/dashboard"><img id="the-logo" src="/assets/images/global/the-logo.svg"/></a>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<div id="right"></div>
|
<div id="right"></div>
|
||||||
|
|
|
@ -5,12 +5,14 @@
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block stylesheets %}
|
{% block stylesheets %}
|
||||||
<link rel="stylesheet" type="text/css" href="/public/assets/css/dash.css">
|
<link rel="stylesheet" type="text/css" href="/assets/css/dash.css">
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block mainContent %}
|
{% block mainContent %}
|
||||||
<div id="dash-index">
|
<div id="dash-index">
|
||||||
<div id="dash-index-wrapper">
|
<div id="dash-index-wrapper">
|
||||||
|
STATUS:
|
||||||
|
{{ you }}
|
||||||
{% if status %}
|
{% if status %}
|
||||||
DASH INDEX
|
DASH INDEX
|
||||||
{% else %}
|
{% else %}
|
||||||
|
@ -21,5 +23,5 @@
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block javascripts %}
|
{% block javascripts %}
|
||||||
<script src="/public/assets/scripts/dash.min.js" type="text/javascript"></script>
|
<script src="/assets/scripts/dash.min.js" type="text/javascript"></script>
|
||||||
{% endblock %}
|
{% endblock %}
|
|
@ -5,6 +5,7 @@
|
||||||
"twig/twig": "^3.0",
|
"twig/twig": "^3.0",
|
||||||
"slim/twig-view": "^3.0",
|
"slim/twig-view": "^3.0",
|
||||||
"mnapoli/front-yaml": "^1.8",
|
"mnapoli/front-yaml": "^1.8",
|
||||||
"lodash-php/lodash-php": "^0.0.7"
|
"lodash-php/lodash-php": "^0.0.7",
|
||||||
|
"rbdwllr/reallysimplejwt": "^4.0"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
60
composer.lock
generated
60
composer.lock
generated
|
@ -4,7 +4,7 @@
|
||||||
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
|
||||||
"This file is @generated automatically"
|
"This file is @generated automatically"
|
||||||
],
|
],
|
||||||
"content-hash": "0dea05f2df1df2495deae70b57c9afd1",
|
"content-hash": "0e243f32e05cb4ef6265ce19f141fdae",
|
||||||
"packages": [
|
"packages": [
|
||||||
{
|
{
|
||||||
"name": "erusev/parsedown",
|
"name": "erusev/parsedown",
|
||||||
|
@ -620,6 +620,64 @@
|
||||||
},
|
},
|
||||||
"time": "2019-03-08T08:55:37+00:00"
|
"time": "2019-03-08T08:55:37+00:00"
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
"name": "rbdwllr/reallysimplejwt",
|
||||||
|
"version": "4.0.1",
|
||||||
|
"source": {
|
||||||
|
"type": "git",
|
||||||
|
"url": "https://github.com/RobDWaller/ReallySimpleJWT.git",
|
||||||
|
"reference": "eba7970ab2e010157ec507d408ce5b94e84f31c2"
|
||||||
|
},
|
||||||
|
"dist": {
|
||||||
|
"type": "zip",
|
||||||
|
"url": "https://api.github.com/repos/RobDWaller/ReallySimpleJWT/zipball/eba7970ab2e010157ec507d408ce5b94e84f31c2",
|
||||||
|
"reference": "eba7970ab2e010157ec507d408ce5b94e84f31c2",
|
||||||
|
"shasum": ""
|
||||||
|
},
|
||||||
|
"require": {
|
||||||
|
"php": ">=7.4.0"
|
||||||
|
},
|
||||||
|
"require-dev": {
|
||||||
|
"infection/infection": "^0.20",
|
||||||
|
"phpbench/phpbench": "^0.17",
|
||||||
|
"phploc/phploc": "^7.0",
|
||||||
|
"phpmd/phpmd": "^2.9",
|
||||||
|
"phpstan/phpstan": "^0.12",
|
||||||
|
"phpunit/phpunit": "^9.5",
|
||||||
|
"sebastian/phpcpd": "^6.0",
|
||||||
|
"squizlabs/php_codesniffer": "^3.5"
|
||||||
|
},
|
||||||
|
"type": "library",
|
||||||
|
"autoload": {
|
||||||
|
"psr-4": {
|
||||||
|
"ReallySimpleJWT\\": "src/"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"notification-url": "https://packagist.org/downloads/",
|
||||||
|
"license": [
|
||||||
|
"MIT"
|
||||||
|
],
|
||||||
|
"authors": [
|
||||||
|
{
|
||||||
|
"name": "Rob Waller",
|
||||||
|
"email": "rdwaller1984@gmail.com"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"description": "A really simple library to generate user authentication JSON Web Tokens.",
|
||||||
|
"keywords": [
|
||||||
|
"Authentication",
|
||||||
|
"json",
|
||||||
|
"json web tokens",
|
||||||
|
"jwt",
|
||||||
|
"php",
|
||||||
|
"tokens"
|
||||||
|
],
|
||||||
|
"support": {
|
||||||
|
"issues": "https://github.com/RobDWaller/ReallySimpleJWT/issues",
|
||||||
|
"source": "https://github.com/RobDWaller/ReallySimpleJWT/tree/4.0.1"
|
||||||
|
},
|
||||||
|
"time": "2021-03-11T12:57:20+00:00"
|
||||||
|
},
|
||||||
{
|
{
|
||||||
"name": "sebastian/comparator",
|
"name": "sebastian/comparator",
|
||||||
"version": "4.0.6",
|
"version": "4.0.6",
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
"email": "are0h@protonmail.com",
|
"email": "are0h@protonmail.com",
|
||||||
"password": "$2b$10$77PMC2W6aZ3gJP7TOA7OpeqQaz..SrRSO74WEa7cn61ehHI55.zKq",
|
"password": "$2b$10$77PMC2W6aZ3gJP7TOA7OpeqQaz..SrRSO74WEa7cn61ehHI55.zKq",
|
||||||
"key": "fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a",
|
"key": "fe79df250470815bf32dcea70221384c89163cad3a827a9c3da25d87159ed55a",
|
||||||
|
"secret": "&eIWQ8E&@vh*",
|
||||||
"role": "hnic",
|
"role": "hnic",
|
||||||
"created": "2020-09-01T22:46:47+02:00",
|
"created": "2020-09-01T22:46:47+02:00",
|
||||||
"updated": "2020-09-01T22:46:47+02:00",
|
"updated": "2020-09-01T22:46:47+02:00",
|
||||||
|
|
21
index.php
21
index.php
|
@ -1,21 +0,0 @@
|
||||||
<?php
|
|
||||||
require __DIR__ . "/vendor/autoload.php";
|
|
||||||
|
|
||||||
use Psr\Http\Message\ResponseInterface as Response;
|
|
||||||
use Psr\Http\Message\ServerRequestInterface as Request;
|
|
||||||
use Slim\Factory\AppFactory;
|
|
||||||
use Slim\Views\Twig;
|
|
||||||
use Slim\Views\TwigMiddleware;
|
|
||||||
|
|
||||||
include "brain/controller/RouteControl.inc.php";
|
|
||||||
include "brain/data/Auth.inc.php";
|
|
||||||
|
|
||||||
$app = AppFactory::create();
|
|
||||||
$twig = Twig::create("brain/views/");
|
|
||||||
$app->add(TwigMiddleware::create($app, $twig));
|
|
||||||
session_start();
|
|
||||||
//set up routing
|
|
||||||
$app->get("/[{first}[/{second}[/{third}[/{fourth}]]]]", "\RouteControl:get");
|
|
||||||
$app->post("/[{first}[/{second}[/{third}[/{fourt}]]]]", "\RouteControl:post");
|
|
||||||
//start the app
|
|
||||||
$app->run();
|
|
Loading…
Reference in a new issue